From patchwork Wed Jan 29 17:22:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860672 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp296906wrw; Wed, 29 Jan 2025 09:33:08 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWKj6h9ucTJhfQOAgf2mXiY82Toem+zTNmeN1DB2HyKbQhxWDRRE/OCOrkmnDl+lytIaAZI7w==@linaro.org X-Google-Smtp-Source: AGHT+IGsmPma8TgSWdilWRe9hdP5PzYL7AkhbBTHLQOE2vSzb8ZS92AA65n2JLAuW4WsOqNSt5WO X-Received: by 2002:a05:622a:903:b0:466:b29a:9b10 with SMTP id d75a77b69052e-46fd0b6ded8mr58736721cf.42.1738171988089; Wed, 29 Jan 2025 09:33:08 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738171988; cv=pass; d=google.com; s=arc-20240605; b=iT+RQKUN3vf7uqFQNgTH3TZp4os75Jtu7MlcQuWa4Zlx2zJ8YnpNFb1V3ONsE5ha8n vCeFrb9Mdn9tRPIX6o/x6SfYlHCtxcsTNEvWxRLIMZG5LnlzMlmG71n79DvZLxSVR+tu ahG1pxpfF3Isl8JkphV30vzuOMbclJTHB3HR84blnJPIgo9yrp7qHmhMwdD7ixUt5Mar xda0Xr2mxmgQkapyHUC/DJzMA06laesnqLEYFWAOWwSbyQSJa5Q9C1KMcMotRTnvk4Dl +ixuc4GvtPN2qXtyq0pY+Q+Idcsshwcd2aQJwZKTjGgJo83K05kkMC20/2nIsTJQ+1Wi 0gvA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=Ws4DjeIqMHlbZHhBOoG0PIN5eHQeYVKeVVpW4wgkVIk=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=bUQC00Z7bcfii/OuRMX+o+Uby+SLS6kOw4RgfXa0rlDCrPQBnVzpmWA3BMQt/sbIn2 0eON0nac/Uh8qdJss7sQlj+8Q6kIPX/fszkD06osqfF40+uX8R9jhn6mJYlwByjBnzYz /09Kbryvk3TjP3OZszCInbESx5ZWyUSYLinBS8m9jQUuxTjIlKAkIrZoGq1dQmJwTsyB aAVAsEizQAoVek/If+INHE//Og34XvLyYY37Fz+qqwJo/tN6f3LsuJpPw/hY+VvVeiBO upb59vLZPaikNN6CQMEO1fm6JuLMT4AVE4mWua62KN9qhvz55cE9vliBOO/i3EIX2vTJ lKMA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=v2FADPoO; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-46e66baa610si161023011cf.576.2025.01.29.09.33.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:33:08 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=v2FADPoO; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A6A5B3857B9E for ; Wed, 29 Jan 2025 17:33:07 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A6A5B3857B9E Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=v2FADPoO X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id 3C40F3857C5F for ; Wed, 29 Jan 2025 17:26:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3C40F3857C5F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3C40F3857C5F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::635 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171560; cv=none; b=hW++vdQlXoLbkQO4riX6dcta82iM3YyMkjZW7T6DkqMpogYLkLS6/XBpd0Baqmj9yCPhU9v2LMgVdMimJZe353t+JxtFcJs9GWlqpCvdilTh+kFM6rQkTfzR5sR8V3Vr5I/ChkJ9wpdlmfreDK1QRX2XM4y6USfnnPRwkZ2EoC0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171560; c=relaxed/simple; bh=CvbaW72dmFDl1OhoMqH9vbcwPiV1b+CnwkALlFqh1yo=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=w3xGW4fv+6tFE1HpvLvogmFg3Oy/Bn0DYxuSpm7wyt4aAVXEmeXNxKFS7LMV+u03xkrJ9hsYqC/loSwOesB8VDnJns7jDoqaGTcQZ8yAELRGnnheCigOtF0K1OE0Uj2d9wCyEYYk5pk6w84dOWPJnB1vNQV60EdUx8UtV7JcCmA= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3C40F3857C5F Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-2161eb95317so128283405ad.1 for ; Wed, 29 Jan 2025 09:26:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171559; x=1738776359; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ws4DjeIqMHlbZHhBOoG0PIN5eHQeYVKeVVpW4wgkVIk=; b=v2FADPoOi6HsZ8J04FZJ5ei8NgVdNY0Onkm9Pgy4VTzJidwRgIF6ndlFUEDD3OQuEG aRkn8CSiFSa+MRjEe+7dSryEYMVdmstRefkI3Tddcr3MmCoz4AzdfqjrcEP3jJ6AJCRf tTfRyUxaJqM8XGEp7pwq3GbF8S7DTjBOFLxj4Db5IIIsFMZJ3PseUG6Dh4GZKI6OR0bl hPZjnwe7GTI/DzlRR3TN35PJ3mZmt1QnmoBPl65x08XAjoMb+cKSiYHvJ5zO4pbQ+j5Q gIQpP8rGrGAZ8SlxMd+052pocsJYqOoMXhTfVXGvzeHFERvzpGY6bd92d2asV5ODYN3M VwkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171559; x=1738776359; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ws4DjeIqMHlbZHhBOoG0PIN5eHQeYVKeVVpW4wgkVIk=; b=Fx76fIRAOiJu9gm/+n1KZ+mq62SKAuIguToHt55oRgXGv68/8S8rYtUJ/7Uwg+TxgI Bfv0eNi2SN2iUfL58kpxPg8b124WE/RLFaGIUau2PVdmwQEkMV2amMLOSRgM4D74bgqp APfbQZYdo6SYrxkFKMPHwdMiPnHsTuQRx2sp0jTjyEKFxclFZVtgbi+zU4jVbABeBhOk nu9c49pIs5j12S2gA5bjfhb/s6raTzyBaHT6TeYIH7z6Nrk7NUp/mpBEi1xwsUR/Nl06 Jdgwgl9L2qC59cOOhcrJBvKaejyE8uY3/uP1EUEvpvNNJ5u7uhawUuQuqhaXBEap/p0L yAcQ== X-Gm-Message-State: AOJu0Yy4PixEQplF6975jxMw5TzeNwLa/WxKnUeaQR+ew4tvOFe28sdg yRXSo4osJtenzpwTE9Mn4cWhCgc+dZAsG5Vi+GAilCk/NBJKZsUI+t7bqQgQW8jxW3PkoRPsGLT m X-Gm-Gg: ASbGnct+zUBUEer2lOk+ap3xLmpTof1eeiwChaYvZgn8WPffWFqHVqZt/DLf6oRZQXc +NgzE0fVLaYPQ0SFVcumMBTln0aofQuykBUB5TYVtu3NlLaDoSY0+A6SgsA2ZP3ndZJKp0LRwpc bnMmRlopl2UjGUpw3u7JRjU0+dvSzmm2Po9Ryzrj3nzdPBZlqk5B8/c7QEP5Fw0oewJu5MEcAtc ETjHmZq/usO0w4ns1MmECdlHcxIj8In9nwDs05vcbVIMYG6F0kDID1S7q7KS6RHgb7YDkEU4hhz Nhbx8OvxI5CJ1kGi7cHEoiiTz5Nfk8vuQ0PbchY= X-Received: by 2002:a17:902:da81:b0:21d:cc37:a896 with SMTP id d9443c01a7336-21dd7deece0mr56796445ad.33.1738171556473; Wed, 29 Jan 2025 09:25:56 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.25.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:25:56 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 1/8] linux: Add mseal syscall support Date: Wed, 29 Jan 2025 14:22:35 -0300 Message-ID: <20250129172550.1119706-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org It as added on Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370) as way to block operations as unmaping, moving to another location, shrinking the size, expanding the size, or modifying to a pre-existent memory mapping. Although the systecall only work on 64 bit CPU, the entrypoint was added for all ABIs (since kernel might eventually implement it to additional ones and/or the abi can execute on a 64 bit kernel). Checked on x86_64-linux-gnu. --- NEWS | 4 +- manual/memory.texi | 66 ++++++++++++++++++ sysdeps/unix/sysv/linux/Makefile | 1 + sysdeps/unix/sysv/linux/Versions | 3 + sysdeps/unix/sysv/linux/aarch64/libc.abilist | 1 + sysdeps/unix/sysv/linux/alpha/libc.abilist | 1 + sysdeps/unix/sysv/linux/arc/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/le/libc.abilist | 1 + sysdeps/unix/sysv/linux/bits/mman-shared.h | 8 +++ sysdeps/unix/sysv/linux/csky/libc.abilist | 1 + sysdeps/unix/sysv/linux/hppa/libc.abilist | 1 + sysdeps/unix/sysv/linux/i386/libc.abilist | 1 + sysdeps/unix/sysv/linux/kernel-features.h | 8 +++ .../sysv/linux/loongarch/lp64/libc.abilist | 1 + .../sysv/linux/m68k/coldfire/libc.abilist | 1 + .../unix/sysv/linux/m68k/m680x0/libc.abilist | 1 + .../sysv/linux/microblaze/be/libc.abilist | 1 + .../sysv/linux/microblaze/le/libc.abilist | 1 + .../sysv/linux/mips/mips32/fpu/libc.abilist | 1 + .../sysv/linux/mips/mips64/n32/libc.abilist | 1 + .../sysv/linux/mips/mips64/n64/libc.abilist | 1 + sysdeps/unix/sysv/linux/or1k/libc.abilist | 1 + .../linux/powerpc/powerpc32/fpu/libc.abilist | 1 + .../powerpc/powerpc32/nofpu/libc.abilist | 1 + .../linux/powerpc/powerpc64/be/libc.abilist | 1 + .../linux/powerpc/powerpc64/le/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv32/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv64/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-32/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-64/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/le/libc.abilist | 1 + .../sysv/linux/sparc/sparc32/libc.abilist | 1 + .../sysv/linux/sparc/sparc64/libc.abilist | 1 + sysdeps/unix/sysv/linux/syscalls.list | 1 + sysdeps/unix/sysv/linux/tst-mseal.c | 67 +++++++++++++++++++ .../unix/sysv/linux/x86_64/64/libc.abilist | 1 + .../unix/sysv/linux/x86_64/x32/libc.abilist | 1 + 39 files changed, 188 insertions(+), 1 deletion(-) create mode 100644 sysdeps/unix/sysv/linux/tst-mseal.c diff --git a/NEWS b/NEWS index e2e40e141c..4732ec2522 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,9 @@ Version 2.42 Major new features: - [Add new features here] +* On Linux, the mseal function has been added. It allows to seal memory + mappings to avoid further change during process execution such as protection + permissions, unmapping, moving to another location, or shrinking the size. Deprecated and removed features, and other changes affecting compatibility: diff --git a/manual/memory.texi b/manual/memory.texi index dc4621e2c5..9e902bc67e 100644 --- a/manual/memory.texi +++ b/manual/memory.texi @@ -3072,6 +3072,72 @@ process memory, no matter how it was allocated. However, portable use of the function requires that it is only used with memory regions returned by @code{mmap} or @code{mmap64}. +@deftypefun int mseal (void *@var{address}, size_t @var{length}, unsigned long @var{flags}) +@standards{Linux, sys/mman.h} +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} + +A successful call to the @code {mseal} function seals the memory range of +@var{length} bytes, starting at @var{address}. The sealed memory is +protection against further modifictions such as: + +@itemize @bullet +@item +Unmapping, moving to another location, extending or shrinking the size, +via @code{munmap} and @code{mremap}. + +@item +Moving or expanding a different VMA into the current location, via +@code{mremap}. + +@item +Modifying the memory range with @code{mmap} along with flag @code{MAP_FIXED}. + +@item +Expanding the size with @code{mremap}. + +@item +Change the protection flags with @code{mprotect} or @code{pkey_mprotect}. + +@item +Destructive behaviors on anonymous memory, such as @code{madvice} with +@code{MADV_DONTNEED}. +@end itemize + +The @var{address} must be an allocated virtual memory done by @code{mmap} +or @code{mremap}, and it must be page aligned. The end address (@var{address} +plus @var{length}) must be within an allocated virtual memory range. There +should be no unallocated memory between the start and end of address range. + +The @var{flags} is currently ununsed. + +The @code{mseal} function returns @math{0} on sucess and @math{-1} on +failure. + +The following @code{errno} error conditions are defined for this +function: + +@table @code +@item EPERM +The system blocked the operation, and the given address is unmodified +without partion update. This error is also returned when @code{mseal} +is issued on a 32 bit CPUs (the sealing is currently supported only on +64-bit CPUs, although 32 bit binaries running on 64 bit kernel is +supported). + +@item ENOMEM +Either the @var{address} is not allocated, or the end address is not +allocation, or there is an unallocated memory between start and end address. + +@item ENOSYS +The kernel does not support the @code{mseal} syscall. + +@strong{NB:} The memory sealing changes the lifetime of a mapping, where the +sealing memory could not be unmapped until the process terminates or starts +another one through @code{execve} function. + +@end table +@end deftypefun + @subsection Memory Protection Keys @cindex memory protection key diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 395d2d6593..aa6c387462 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -213,6 +213,7 @@ tests += \ tst-misalign-clone \ tst-mlock2 \ tst-mount \ + tst-mseal \ tst-ntp_adjtime \ tst-ntp_gettime \ tst-ntp_gettimex \ diff --git a/sysdeps/unix/sysv/linux/Versions b/sysdeps/unix/sysv/linux/Versions index 55d565545a..e5d226165e 100644 --- a/sysdeps/unix/sysv/linux/Versions +++ b/sysdeps/unix/sysv/linux/Versions @@ -332,6 +332,9 @@ libc { sched_getattr; sched_setattr; } + GLIBC_2.42 { + mseal; + } GLIBC_PRIVATE { # functions used in other libraries __syscall_rt_sigqueueinfo; diff --git a/sysdeps/unix/sysv/linux/aarch64/libc.abilist b/sysdeps/unix/sysv/linux/aarch64/libc.abilist index 38db77e4f7..eab487fc76 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc.abilist +++ b/sysdeps/unix/sysv/linux/aarch64/libc.abilist @@ -2750,3 +2750,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/alpha/libc.abilist b/sysdeps/unix/sysv/linux/alpha/libc.abilist index 637bfce9fb..d6d3464c46 100644 --- a/sysdeps/unix/sysv/linux/alpha/libc.abilist +++ b/sysdeps/unix/sysv/linux/alpha/libc.abilist @@ -3097,6 +3097,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/arc/libc.abilist b/sysdeps/unix/sysv/linux/arc/libc.abilist index 4a305cf730..2c7aa2c939 100644 --- a/sysdeps/unix/sysv/linux/arc/libc.abilist +++ b/sysdeps/unix/sysv/linux/arc/libc.abilist @@ -2511,3 +2511,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/arm/be/libc.abilist b/sysdeps/unix/sysv/linux/arm/be/libc.abilist index 1d54f71b14..54fd3d3a83 100644 --- a/sysdeps/unix/sysv/linux/arm/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/be/libc.abilist @@ -2803,6 +2803,7 @@ GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/arm/le/libc.abilist b/sysdeps/unix/sysv/linux/arm/le/libc.abilist index ff7e8bc40b..4231ef1ffd 100644 --- a/sysdeps/unix/sysv/linux/arm/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/le/libc.abilist @@ -2800,6 +2800,7 @@ GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/bits/mman-shared.h b/sysdeps/unix/sysv/linux/bits/mman-shared.h index 31590979b9..b9892f62c2 100644 --- a/sysdeps/unix/sysv/linux/bits/mman-shared.h +++ b/sysdeps/unix/sysv/linux/bits/mman-shared.h @@ -81,6 +81,14 @@ int pkey_free (int __key) __THROW; range. */ int pkey_mprotect (void *__addr, size_t __len, int __prot, int __pkey) __THROW; +/* Seal the address range to avoid further modifications, such as remmap to + shrink or expand the VMA, change protection permission with mprotect, + unmap with munmap, destructive semantic such madvise with MADV_DONTNEED. + The address range must be valid VMA, withouth any gap (unallocated memory) + between start and end, and ADDR much be page aligned (LEN will be page + aligned implicitly). */ +int mseal (void *__addr, size_t __len, unsigned long flags) __THROW; + __END_DECLS #endif /* __USE_GNU */ diff --git a/sysdeps/unix/sysv/linux/csky/libc.abilist b/sysdeps/unix/sysv/linux/csky/libc.abilist index c3ed65467d..53265587ca 100644 --- a/sysdeps/unix/sysv/linux/csky/libc.abilist +++ b/sysdeps/unix/sysv/linux/csky/libc.abilist @@ -2787,3 +2787,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/hppa/libc.abilist b/sysdeps/unix/sysv/linux/hppa/libc.abilist index 991475380c..2ad9eb1286 100644 --- a/sysdeps/unix/sysv/linux/hppa/libc.abilist +++ b/sysdeps/unix/sysv/linux/hppa/libc.abilist @@ -2824,6 +2824,7 @@ GLIBC_2.4 unshare F GLIBC_2.41 cacheflush F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/i386/libc.abilist b/sysdeps/unix/sysv/linux/i386/libc.abilist index 4fedf775d4..f808d3f110 100644 --- a/sysdeps/unix/sysv/linux/i386/libc.abilist +++ b/sysdeps/unix/sysv/linux/i386/libc.abilist @@ -3007,6 +3007,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/kernel-features.h b/sysdeps/unix/sysv/linux/kernel-features.h index 86b2d3ce51..a44824991f 100644 --- a/sysdeps/unix/sysv/linux/kernel-features.h +++ b/sysdeps/unix/sysv/linux/kernel-features.h @@ -257,4 +257,12 @@ # define __ASSUME_FCHMODAT2 0 #endif +/* The mseal system call was introduced across all architectures in Linux 6.10 + (although only supported on 64-bit CPUs). */ +#if __LINUX_KERNEL_VERSION >= 0x060A00 +# define __ASSUME_MSEAL 1 +#else +# define __ASSUME_MSEAL 0 +#endif + #endif /* kernel-features.h */ diff --git a/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist b/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist index 0024282289..db7a5896ff 100644 --- a/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist +++ b/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist @@ -2271,3 +2271,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist index 142595eb3e..91250faca5 100644 --- a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist @@ -2783,6 +2783,7 @@ GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist index 85e7746c10..f5f8c2d613 100644 --- a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist @@ -2950,6 +2950,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist index 91dc1b8378..e505d338f4 100644 --- a/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist @@ -2836,3 +2836,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist index 3440e90f6f..c360b28fd1 100644 --- a/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist @@ -2833,3 +2833,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist index 5ee7b8c52f..fa09f9d9c9 100644 --- a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist @@ -2911,6 +2911,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist index ae7474c0f0..1db4a115c8 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist @@ -2917,6 +2917,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist index cdf040dec2..770fa9b042 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist @@ -2819,6 +2819,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/or1k/libc.abilist b/sysdeps/unix/sysv/linux/or1k/libc.abilist index c356a11b1c..c41f91db28 100644 --- a/sysdeps/unix/sysv/linux/or1k/libc.abilist +++ b/sysdeps/unix/sysv/linux/or1k/libc.abilist @@ -2261,3 +2261,4 @@ GLIBC_2.40 setcontext F GLIBC_2.40 swapcontext F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist index 7937f94cf0..8eccaa5c92 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist @@ -3140,6 +3140,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist index d6e35f31d2..f827f65615 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist @@ -3185,6 +3185,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist index 2268d6890d..141186553d 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist @@ -2894,6 +2894,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist index 7f61b14bc8..7786c97072 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist @@ -2970,3 +2970,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist b/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist index 4187241f50..090a8a3cc3 100644 --- a/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist +++ b/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist @@ -2514,3 +2514,4 @@ GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.40 __riscv_hwprobe F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist b/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist index 8935beccac..8f8daa10b2 100644 --- a/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist +++ b/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist @@ -2714,3 +2714,4 @@ GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.40 __riscv_hwprobe F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist index e69dc7ccf6..68ad13d4d1 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist @@ -3138,6 +3138,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist index 7d860001d8..b07e767d44 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist @@ -2931,6 +2931,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/sh/be/libc.abilist b/sysdeps/unix/sysv/linux/sh/be/libc.abilist index fcb8161841..841da24118 100644 --- a/sysdeps/unix/sysv/linux/sh/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/be/libc.abilist @@ -2830,6 +2830,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/sh/le/libc.abilist b/sysdeps/unix/sysv/linux/sh/le/libc.abilist index 3fd078d125..2a8cba719e 100644 --- a/sysdeps/unix/sysv/linux/sh/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/le/libc.abilist @@ -2827,6 +2827,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist index 1ce1fe9da7..8f9031f344 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist @@ -3159,6 +3159,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist index 07507b86f6..e5abc49fce 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist @@ -2795,6 +2795,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/syscalls.list b/sysdeps/unix/sysv/linux/syscalls.list index f1cfe8dc13..424bf43868 100644 --- a/sysdeps/unix/sysv/linux/syscalls.list +++ b/sysdeps/unix/sysv/linux/syscalls.list @@ -39,6 +39,7 @@ mlockall - mlockall i:i mlockall mount EXTRA mount i:sssUp __mount mount mount_setattr EXTRA mount_setattr i:isUpU mount_setattr move_mount EXTRA move_mount i:isisU move_mount +mseal EXTRA mseal i:bUU __mseal mseal munlock - munlock i:aU munlock munlockall - munlockall i: munlockall nfsservctl EXTRA nfsservctl i:ipp __compat_nfsservctl nfsservctl@GLIBC_2.0:GLIBC_2.28 diff --git a/sysdeps/unix/sysv/linux/tst-mseal.c b/sysdeps/unix/sysv/linux/tst-mseal.c new file mode 100644 index 0000000000..0aff1e9e4c --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-mseal.c @@ -0,0 +1,67 @@ +/* Basic tests for mseal. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +do_test (void) +{ + TEST_VERIFY_EXIT (mseal (MAP_FAILED, 0, 0) == -1); + if (errno == ENOSYS || errno == EPERM) + FAIL_UNSUPPORTED ("kernel does not support mseal"); + TEST_COMPARE (errno, EINVAL); + + size_t pagesize = getpagesize (); + void *p = xmmap (NULL, 4 * pagesize, PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE, -1); + xmunmap (p + 2 * pagesize, pagesize); + + /* Unaligned address. */ + TEST_VERIFY_EXIT (mseal (p + 1, pagesize, 0) == -1); + TEST_COMPARE (errno, EINVAL); + + /* Length too big. */ + TEST_VERIFY_EXIT (mseal (p, 3 * pagesize, 0) == -1); + TEST_COMPARE (errno, ENOMEM); + + TEST_VERIFY_EXIT (mseal (p, pagesize, 0) == 0); + /* Apply the same seal should be idempotent. */ + TEST_VERIFY_EXIT (mseal (p, pagesize, 0) == 0); + + TEST_VERIFY_EXIT (mprotect (p, pagesize, PROT_WRITE) == -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (munmap (p, pagesize) == -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (mremap (p, pagesize, 2 * pagesize, 0) == MAP_FAILED); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (madvise (p, pagesize, MADV_DONTNEED) == -1); + TEST_COMPARE (errno, EPERM); + + xmunmap (p + pagesize, pagesize); + xmunmap (p + 3 * pagesize, pagesize); + + return 0; +} + +#include diff --git a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist index 5acf49dbe8..5a22654095 100644 --- a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist @@ -2746,6 +2746,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist index 02d1bb97dc..d627f4fcce 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist @@ -2765,3 +2765,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F From patchwork Wed Jan 29 17:22:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860666 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp294042wrw; Wed, 29 Jan 2025 09:26:48 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWwAnyYEP1FC2+mvDrI8URS3SaBj/lOBB+VQxBkMFVl7VDrqk3vfW52ypM97HGUIVm671veYQ==@linaro.org X-Google-Smtp-Source: AGHT+IEs/Mz7xhzewxA1H4MNj4NNz2hr6g3X2uZfKLfHtBvvv2kotWTiBlHdeEmmHTx3aDAJ1gof X-Received: by 2002:a05:6102:4194:b0:4b2:cca8:88d0 with SMTP id ada2fe7eead31-4b9a4ec91eamr3779714137.1.1738171607853; Wed, 29 Jan 2025 09:26:47 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738171607; cv=pass; d=google.com; s=arc-20240605; b=YVsunKRKbRYKFmThb7anxSr0pMu6mr3PPNXAqV/5zfcpncDWh4gcDABOZyJyChJedt S+A1/SjrOabUzGO/Iar26/i69Ax09MbN/i1cdlfnKOsSp/JnG1+djd7vxP8DFQlb6SrQ HYDYyWGXsOsTf8YJ+PQ+MtsTTH5OYvYdfxpONjtbE+Jy0eesTdIn6sWPnh6oWz9cz11u CUM9LxxMXJ+8YNh4hDVMMCWU9QR2YRVhOzL5I1TRZ7ECOetaT61EqP9D5+Nq0o6Hspcx W2LtEEd1QtizYnBnN0LT2ehzIr03G8T1zccFwuaC/iHBbGPo3VUtDF8MtZkSZ11x26ce rksA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=528xKOwe6OEOZcsIBlv6jiz2J+X8ybY8DT38bPRnjFM=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=dIcesll4E7Cus5jNkw0zKZ1Np/DRnLQDi0PQKYmCRao3NO0LwT7OhYIYHMIXI+QFnI edWm9O4rc8SEwkGRw/1a9xVLIZTkPMlL55idznJeR2YA0uOB1Yi7peXZCv/Fi24+aUfE +eARCq9L2dXsroatWYeYNUf3uxOhgE+y8Wt6ps4/rehSb6hgG4cTXA2jlhIXkuyAdEn5 e5W2XXzPhw/cKLPhWqp/X74kaOSN5xvHlm5kimUpRPLq0e8JoG6dRsaInUz9flD7w+MA mpJKueMPGMVQMkgamvTALQrfAZpIoDj7oAMhHy8CgDTFFqzFE97M4I0x7TAzJGkG1lOD ZPDw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DGXt1cuv; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id ada2fe7eead31-4b7099abdc5si4928177137.442.2025.01.29.09.26.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:26:47 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DGXt1cuv; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5E31C3857B8C for ; Wed, 29 Jan 2025 17:26:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5E31C3857B8C Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=DGXt1cuv X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by sourceware.org (Postfix) with ESMTPS id D06373857C7A for ; Wed, 29 Jan 2025 17:25:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D06373857C7A Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D06373857C7A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::629 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171560; cv=none; b=FPueH6yYbY56WsDCTj0rJkHJKx8nw/vIJ3LtJMhLEtYjAqkmDkdPWpwiA7QPAJ1Y+nar9oaNf7imf8vBLa4bcp9Aco4bgiQvUzu9Cb9TTr7L4ae9TmtAysUA9JJUsMLyWk0AegQk013XDTj0EekQFWBoO9B63RiVvjzicHSnS2w= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171560; c=relaxed/simple; bh=cEjk1px8xgMeRK7UyJK/3h3I5C1/Vm+G2mRVKtpvfzo=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=tMO37nPY/jET1cUWN7ARVnrNzVwC3RgmqVv8ySIO0SpbmpDR4eymwX+DKtifqse9HY9FGVA613c5bn6OL6AYuURuQrB0m10qyJL+oNmq6DgLzu+C5CEXZSF8naeyVkuMjVBEOxM/tD/2DZyNCJYAoQl5oLEUc9f2tBw+cqiHj8w= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D06373857C7A Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-2166f1e589cso12097995ad.3 for ; Wed, 29 Jan 2025 09:25:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171558; x=1738776358; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=528xKOwe6OEOZcsIBlv6jiz2J+X8ybY8DT38bPRnjFM=; b=DGXt1cuvdkRp1ck/LynHUwn1jTWtLMyD10qKoHsJkdImfEEQObVHauRSM5xpFdFRSt EZP611ahyUGNOqyPn4Uue2caqCbEydLtW6OOR3kM/n8QlJrYo4KGTnmxSSrjjodpuaAj Ya23Fo/LFjJsNhbvcatzYZv7MRnRk42UVwHaxBmRScIr0cyVMy/CMYdyh5NFMuD2eP6V YPhQhpBLJMxzajLKp6XY0IstkjeB8cNavZyTKEYxVB7qO8TQCoUSknrZ58feS4QWlw3n GVCdTKNNk7Gt4QPUbsoRZbDQyvk2A8nm76ValHlKIog7UemWUZ+kUjw57JHstQT8xJoX xF8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171558; x=1738776358; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=528xKOwe6OEOZcsIBlv6jiz2J+X8ybY8DT38bPRnjFM=; b=R4OV71ZJrW/TLayFuORjoHWhYE9rMvMBzAv0DXzLu/S3a8w+Z//54F7uKIX54J11VI 3mPkLOJOv5RtTlZgruBYqwtzMOb3Kti/98UAMCrW9WmCZygY1VcKPHkAGdKQuuqobEod /sY8UC4tzYoNCeoJxPvQqO3wl7ZyjxugVqN8rU/lBtJBFuRlnvVWw9LAPTYYY1YCmH2G gYpngh4Y/JwxZhxvcopU9uPmWOqzDS1UxKS4g6BWeEYIxpJbG06bALggVnBdLAVTajjC 80o2EL98oC86QVSGwa7MnNNmhGqiijtEwqm2KBMgVYGhE8dkdO9dzSswyuTj2scz4JY8 dCiw== X-Gm-Message-State: AOJu0YwcIvuYSmW2e/u1GQGcoU6VYNsabzihOYaLYLLgb2WEtRwTYw4B a90//uAe+ohesn3C1uKZjyGX4d0Txa3kZ/X9K5R/G+wAavL+kqrHab0cfCJ8AH4ogDBIK1Mx3HK U X-Gm-Gg: ASbGnctxkDDFmhLpA8PoCJbqhuUAkxsf69knqoDVXjVR5o35LwC6TEVeNVpZaX4/pc7 UOhSS/8jfcG3ncTPCZ2oD45ixDshqTrInwfQZpOtqmVLcQn57ygNCXfymEWCh83dz3M12do+tmh GuskvLvTUSWFyiSebLsD6JjQpj2Xz6L5UMi/uboyekY2d2bpnkkbQx6KrNfdjhAUE8go7Do7hVL hGf1JUCDTU9xVOiLB6x7DZtk1BT6NvPm5XsmBqxFNtyFBdJkfkHp8ykIpMTRimPhXa3/Typ6EIt P1ItSy7Bne8v9qfd6psGvwWjqpGG X-Received: by 2002:a17:903:1c5:b0:210:f706:dc4b with SMTP id d9443c01a7336-21dd7c653b7mr56515675ad.13.1738171558378; Wed, 29 Jan 2025 09:25:58 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.25.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:25:58 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 2/8] elf: Parse gnu properties for static linked binaries Date: Wed, 29 Jan 2025 14:22:36 -0300 Message-ID: <20250129172550.1119706-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So the static binary can opt-in of memory sealing. The aarch64 already does it for GCS, so refactor it to use __libc_process_gnu_attributes instead. Checked on x86_64-linux-gnu. --- csu/libc-start.c | 4 ++ elf/dl-support.c | 13 ++++++ sysdeps/generic/libc-prop.h | 44 ++++++++++++++++++++ sysdeps/unix/sysv/linux/aarch64/libc-start.h | 11 ----- sysdeps/x86/dl-prop.h | 4 +- 5 files changed, 64 insertions(+), 12 deletions(-) create mode 100644 sysdeps/generic/libc-prop.h diff --git a/csu/libc-start.c b/csu/libc-start.c index 6f3d52e223..44fe5d5738 100644 --- a/csu/libc-start.c +++ b/csu/libc-start.c @@ -36,6 +36,7 @@ #include #include #include +#include #include @@ -276,6 +277,9 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL), /* Perform IREL{,A} relocations. */ ARCH_SETUP_IREL (); + /* Process notes: PT_NOTE / PT_GNU_PROPERTY. */ + __libc_process_gnu_attributes (); + /* The stack guard goes into the TCB, so initialize it early. */ ARCH_SETUP_TLS (); diff --git a/elf/dl-support.c b/elf/dl-support.c index a7d5a5e8ab..6daa196f12 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -46,6 +46,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -331,6 +332,18 @@ _dl_non_dynamic_init (void) _dl_main_map.l_relro_size = ph->p_memsz; break; } + /* Process program headers again, but scan them backwards so + that PT_NOTE can be skipped if PT_GNU_PROPERTY exits. */ + for (const ElfW(Phdr) *ph = &_dl_phdr[_dl_phnum]; ph != _dl_phdr; --ph) + switch (ph[-1].p_type) + { + case PT_NOTE: + _dl_process_pt_note (&_dl_main_map, -1, &ph[-1]); + break; + case PT_GNU_PROPERTY: + _dl_process_pt_gnu_property (&_dl_main_map, -1, &ph[-1]); + break; + } if ((__glibc_unlikely (GL(dl_stack_flags)) & PF_X) && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 0) diff --git a/sysdeps/generic/libc-prop.h b/sysdeps/generic/libc-prop.h new file mode 100644 index 0000000000..723575d29b --- /dev/null +++ b/sysdeps/generic/libc-prop.h @@ -0,0 +1,44 @@ +/* Support for GNU properties for static builds. Generic version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _LIBC_PROP_H +#define _LIBC_PROP_H + +#include + +/* Called at the start of program execution to handle GNU attribute from + PT_NOTE / PT_GNU_PROPERTY. Must be on a top-level stack frame that does + not return. */ +static __always_inline void +__libc_process_gnu_attributes (void) +{ +# ifndef SHARED + struct link_map *main_map = _dl_get_dl_main_map (); + const ElfW(Phdr) *phdr = GL(dl_phdr); + const ElfW(Phdr) *ph; + for (ph = phdr; ph < phdr + GL(dl_phnum); ph++) + if (ph->p_type == PT_GNU_PROPERTY) + { + _dl_process_pt_gnu_property (main_map, -1, ph); + _rtld_main_check (main_map, _dl_argv[0]); + break; + } +# endif +} + +#endif diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h index 75ae0a884a..64acbdb533 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc-start.h +++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h @@ -34,17 +34,6 @@ aarch64_libc_setup_tls (void) { __libc_setup_tls (); - struct link_map *main_map = _dl_get_dl_main_map (); - const ElfW(Phdr) *phdr = GL(dl_phdr); - const ElfW(Phdr) *ph; - for (ph = phdr; ph < phdr + GL(dl_phnum); ph++) - if (ph->p_type == PT_GNU_PROPERTY) - { - _dl_process_pt_gnu_property (main_map, -1, ph); - _rtld_main_check (main_map, _dl_argv[0]); - break; - } - if (GL(dl_aarch64_gcs) != 0) { int ret = INLINE_SYSCALL_CALL (prctl, PR_SET_SHADOW_STACK_STATUS, diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h index 8625751427..9a5e10821c 100644 --- a/sysdeps/x86/dl-prop.h +++ b/sysdeps/x86/dl-prop.h @@ -66,9 +66,11 @@ dl_isa_level_check (struct link_map *m, const char *program) static inline void __attribute__ ((always_inline)) _rtld_main_check (struct link_map *m, const char *program) { +#ifdef SAHRED dl_isa_level_check (m, program); -#if CET_ENABLED +# if CET_ENABLED _dl_cet_check (m, program); +# endif #endif } From patchwork Wed Jan 29 17:22:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860670 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp296422wrw; Wed, 29 Jan 2025 09:31:59 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW4MkvH9yem0HMhG5tHmmFmAnk/BcVPbohlYuz5XMFZS7cQSkfCgeJA99a331BpBmfbbzQ8dw==@linaro.org X-Google-Smtp-Source: AGHT+IHymMXjYmvZ5OeuFaNb0cme+aaD8Q4565vbRdadjfhMdXsm7Ahr7MGhFWL0QhrJKs+A52t8 X-Received: by 2002:a05:6214:230b:b0:6df:97c6:ccc0 with SMTP id 6a1803df08f44-6e243c66f3fmr69278026d6.28.1738171919059; Wed, 29 Jan 2025 09:31:59 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738171919; cv=pass; d=google.com; s=arc-20240605; b=kfvy7DQTOtpBcpdn04tm29v59yft3b/w9zhGMd8Gg6S5PbuJ6Q8qBrtjNkK5wXo9EW u6oQ+jAWkRcSAGGLGlLnXSFn/1N8WB4Meg4pHd63VH8cTlFZlgkdY2mn7fX6xeYHBArn BRx9Cq5BfZYVcIejT0+idyD9C6CnHsEGDCprT/7D9PkcyUhGhbxBDPRwzjHWWfwVDY4i SZHZDWkAtParShISPSNlbEvsaD1tOQN0N6u9sRAr+6ZvZdZh4qaVOtOjfQx2sUoRp5g7 vY5uDEusAeeUYvK6YtOtxxFBkz245ndbIBS0FLKoWTd6NO8MRZLiMfPguTytzj8SNeaL BDfQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=FXH77ud1zCZabPvbm1g7i7atbn5dLSHN0wzc/frv+6U=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=YK4BZ4BtT9gxiXJ+DuZhz5auuJWvYih/1KERdAYdSCnooQwYvWDlZqcLgQX363itCG D3c3fDOnrp3K8kT8MSFhlZvdqdhCvERnf8+uvtZhIjZdCqEvJaziuFhoCXw0f2Go8w9x vLN1YH0gDW6w0ZNNvBKnYGbIQwS63ZTAgx21NwlE5/6MMgRh7PgtakL6ws5axb45lsPQ fnIXhJKDeTTyLfU01kb8gtQ131z4Ik7p37EvsdBVPnrk37wJ/zK4rjAy4tZFnm7O8+IW C3MFedsaHrvh8iriXxRnhYASP2xKRFJf4CfWa51KtJDp0xw0DwODLichRVBpGkVPQPva Y5hQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="a+UF/neE"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id 6a1803df08f44-6e205259881si173102976d6.11.2025.01.29.09.31.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:31:59 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="a+UF/neE"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A21493857C7A for ; Wed, 29 Jan 2025 17:31:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A21493857C7A Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=a+UF/neE X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by sourceware.org (Postfix) with ESMTPS id 49BC43857B90 for ; Wed, 29 Jan 2025 17:26:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 49BC43857B90 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 49BC43857B90 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::630 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171563; cv=none; b=RoU+Xjiyb32Kvuf3C5eKIQ2pdPXP5J5dHaWI5VUT7t1JOTRmUqIhwINjaAOvSlBvaew65A+QVSjd+rUR+8olQHVaPcSA1G+XvVi2VcF03mUzNHXDGGtR4Css7pT4/W35bkVkSPgoMxo9SPb3ZlzKOLFV8AjaqLyYAnQiqDdykN0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171563; c=relaxed/simple; bh=ZXB3Ug/+70nRn5HO2E+/zbPzsAK2lzI+qw8LL9TJIQM=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=WlxVfckPB+MV54WPHtW2Qlwqx7c28Dr8melNHVhSxH2oYTWRsDQRU28tfE6wBAEMPjam59T8GUT983ibIANYstNjz2bk8ZXrrWzN1BcYx/uPrddzP4McPqxeHvfHIGiDcQB/RleYFsebBDhSHu9mRZuLsjnpTYXjYPHe85xM2kA= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 49BC43857B90 Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-216634dd574so87455685ad.2 for ; Wed, 29 Jan 2025 09:26:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171562; x=1738776362; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FXH77ud1zCZabPvbm1g7i7atbn5dLSHN0wzc/frv+6U=; b=a+UF/neEb4ppGIXpnLIXcGSYcybgZlYUUHyFBfsKxJoBbV3mq2weOeAwkn3d1zSFQY xkjoVTvG4QG9+g8ipLtPNivBpzk2adECnELrr8ogHBw3fjeqEwcAR7n8fSmuTHTsONaC RdJYNBOE1dGWbdieabeupuA9JYHyXcibhgZZPien329O3tfW0ZJpVJmOufpa8/Or6Wvx WSgq0Zi5nvAOs7IUrj5AkimzNbckg6kKo5rG1pSUiOK8ZC/sYu33MN9Qfn/z1dF4Rye7 6on1YYN0jMMBIfyWV4JjmGfZ01nCCNUHgddXZcam/rNmA0DrLXpHis8VLsWzOKMIHNkl 9IEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171562; x=1738776362; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FXH77ud1zCZabPvbm1g7i7atbn5dLSHN0wzc/frv+6U=; b=wP/gybSY62gozM2eADDlIrP9IUxomeleUYNAnGGUVRzfZK9Aqw/1PoupXznc1n9M5P h6Vw3DnOF2oq7srUyruRH1fis/E34ah9kI3qlYZgXItJqbFh9sDzhDeOoABUIKlFYciG j589Qa0VTw02waKx8NYQgSYY76ofZWH3M+r/dffeR8QDPpZSgPfwEx5zrbdJmjo7+FPM WW6lJqugilEE9Xhg7ML+YJ9TueCE7ECD3WYIya3RKyAwlJRRmO4dm+mHTznrOyfNBQDz tIhCKH0HMsMkTG9AK3k0uemBANqvpdmx6Gj5OVwErd2zK7U3dq1W7aCChCBYkL3dc5P1 4pQQ== X-Gm-Message-State: AOJu0YyQdipOkveMn3xbri4kq1ZXbV9af3GBjEmu4JllAHz8ZOjZSuXx g7zpblw6mKm2fYtv4NbVSUqf35BjUmyZcGCwh+Y1habvpilR/yDz0tND65LFHndbu4/pJcjEdW3 c X-Gm-Gg: ASbGncsXhRO58YB4mDzbKQYLNNmK90MzPp+hU8JV2pj0dQT5Cx2WI4psuyfGL/Q/YuA eT4O4CZ81D0amsZARDCCVRBuEZKlaGNuGBzR+8tlP4Y28RLFaTaszYlZXOdSeKGDhDIYZ6ogBAf NI7d5cdoWRIoz7KgGmTEMuw+QWsEem1t/zTOk/N3PCRMeGzBkU0G0suHr7N03vnKyKY8Ee9va0l KFZSE46y3huDYY1oo0LYnr+eVezk6f3lJsntEWJdXg7d6x3PrIRjdX2x0vVT8dXP/fXJbgnkKEF gKv7QyJFFDy9SVYWoLOAqsqZF4BH X-Received: by 2002:a17:902:d50f:b0:21a:8716:faab with SMTP id d9443c01a7336-21dd7d78cd3mr64110845ad.16.1738171560234; Wed, 29 Jan 2025 09:26:00 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.25.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:25:59 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 3/8] elf: Parse gnu properties for the loader Date: Wed, 29 Jan 2025 14:22:37 -0300 Message-ID: <20250129172550.1119706-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So it can opt-in for memory sealing. Checked on x86_64-linux-gnu. --- elf/rtld.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/elf/rtld.c b/elf/rtld.c index 00bec15316..b1ae901053 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1731,11 +1731,15 @@ dl_main (const ElfW(Phdr) *phdr, /* PT_GNU_RELRO is usually the last phdr. */ size_t cnt = rtld_ehdr->e_phnum; while (cnt-- > 0) - if (rtld_phdr[cnt].p_type == PT_GNU_RELRO) + switch (rtld_phdr[cnt].p_type) { + case PT_GNU_RELRO: _dl_rtld_map.l_relro_addr = rtld_phdr[cnt].p_vaddr; _dl_rtld_map.l_relro_size = rtld_phdr[cnt].p_memsz; break; + case PT_GNU_PROPERTY: + _dl_process_pt_gnu_property (&_dl_rtld_map, -1, &rtld_phdr[cnt]); + break; } /* Add the dynamic linker to the TLS list if it also uses TLS. */ From patchwork Wed Jan 29 17:22:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860669 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp294388wrw; Wed, 29 Jan 2025 09:27:38 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCV2vVNawog9eHv2CzSQrJ6BWJZ5RBef4M94sWnRHN7Tww9PiUlVmdiyDqC2IHNvPxpeWQgiRw==@linaro.org X-Google-Smtp-Source: AGHT+IEtile7uyptoREFeJV9TUm37GtIvkErhVI0xdElIhIMg0YeQ5r4yn2zEutjZZUZn4g33A3A X-Received: by 2002:a05:620a:4611:b0:7b7:106a:19a8 with SMTP id af79cd13be357-7bffccdfbe0mr530625885a.22.1738171657865; Wed, 29 Jan 2025 09:27:37 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738171657; cv=pass; d=google.com; s=arc-20240605; b=SNtc3ZkGU6HfeBA/h1AJwLnv5a/jFES5C3qjt5/d5Mr1jypdPMI/n3MFI20c2k3iv0 VITZCB1PTav13uvzZssNJIKtJu5ryCGMXl2qoM38IypzNpNup4xLN2Nm1/hCKp2kGtl5 ThgIp2tE1L9n18cRq3x2Zera5PviLVxCeCic9fdd33Tu1Y57rClBTiNtFeWUzSQgdP81 kahGIASiaAYqcjJQdmD6ZjzwYrz+XmPHhlaoZ/S9qdzC1MtdsT9XBXIcbA6qVLF1PHbg p6j9oyygs+fY4XyoQrsKxRgpJnFqxarF2hTOUEhBGK8nOd9WaTGk/QVVXlqoDstI2y7c WGxQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=/sAgYI60CLUXCBh84F3FQ/yZbt+E2ynLrrBcDg5FhCk=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=L8pVLW3WyhA5s7N+yGwKz2xeqUzrQpnHGFh0ZPfLFF7PWOqVTQpEq03yjYBOHFQlCV zRPhRORBzTnVMGsunQbjNjZ3DhkgoxfKc6RpJ5iyAdog2Aw3tbd7ZSfTH32gaySfnFVO M3rzOr/4D3taP/QtmR8rWp6RmQz5bW8W0dWshb5fHHl4S+vRGz7wlhx1eC1IHy2IhlwB Ez2NVyBvTqGQCwxB1YVK1uee9CRV3ZBA6ANr/91DB0/s2igNuGfMPV+GX85AOGxlROQz ONNj0MXWYz9P0btwfuJNgJSkHmFIRLkv+B8wBKze4MquismlFPPJSa4vvEavwyKeyuYM 2NIw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="k14d//bt"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7be9aeec5d7si1541045385a.345.2025.01.29.09.27.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:27:37 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="k14d//bt"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6D5BD3857BA0 for ; Wed, 29 Jan 2025 17:27:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6D5BD3857BA0 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=k14d//bt X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) by sourceware.org (Postfix) with ESMTPS id 931AE3857B8C for ; Wed, 29 Jan 2025 17:26:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 931AE3857B8C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 931AE3857B8C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::632 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171563; cv=none; b=F9WSAukRgLgg09lFrbqzd9q4iEh+/JkS/uAHj2P5XHAHKOdih5anRXVH/R7+JroARySW5JsdWP4d6d4Y++xcIZNj8B8AgMrayWCiCJtgKZ/khZyPDrk5fQM9CZxpXBrYns9tKbFTV/vgoeljBD8qvzpctFslNxVYeGED0exx8vw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171563; c=relaxed/simple; bh=gxI415JfmS2tD0Gm4wHLlcm+AKXzSkdrGMABhsc5bXA=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=vo0US8HnarYpf+LmjX035k7lEsnXPNNaa8QTQaPM6D/Nuubj4PYLxEOjeygoOvbPS2s4LvHkGPOOmWrTBZiMnYijx76vN8yj8IwmF7Jk+kd23UHgio5ylbcKV1sSD+3jOZjxXqHkReLk14NW+iu+5xDps3gVcNA7CVL+e9bu0tY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 931AE3857B8C Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-2161eb95317so128284415ad.1 for ; Wed, 29 Jan 2025 09:26:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171562; x=1738776362; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/sAgYI60CLUXCBh84F3FQ/yZbt+E2ynLrrBcDg5FhCk=; b=k14d//btV6rycp/x1b1wpZAuw+lLTvGNxC8E9KYI2reSHbrmzn5nOOnKdhV/VfAQ+G hMP8LfidCIRkkffS4QsXGLPtjAql4+ZviTd5yUBg+YXedzweB7a5LMyyd358UiTDElYN QZ4L3wETWo3MMvguj9d8DKUMU7wsmvpoX3yG+1CGJ7NREQWuvgM1ulxWdOv3mdE9e4e0 zqhX+ibJJ5SRXdfkPZ4aVxTsjsa+ZPzpuV9IDMKKzecDJAGbQi21g9D3baZ8ZYq/TVjU /nwRklZC0/B3xOAe6BVaO3aF6Hi++n0Tt4M0v/npeOsl9yJDwOwoeoCsMZHRAs/gImsU WA+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171562; x=1738776362; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/sAgYI60CLUXCBh84F3FQ/yZbt+E2ynLrrBcDg5FhCk=; b=SKygkutKDkUgtrhIAqOP/WIqmExYdCfqgsevBwLxjTRtTv8zJBNGU59idN353Rml/t C46syVdyE9G8QBqzNqcCQKs8kh2oZWFBLAw+mWPu8ecCXQKFMPet7sXq0LreD8c6oRbk CtPkOG2lLcG68pfQnzWtINswOfLLql/2sbsD7DjyrSK3Ihwch3j5WQ+DoZ2X1O2v183X S5WSkCEHmpXoDrOCv3vVeX6tlt1GwnoQPHWiM0TvaM01EPf8+aAQN0q+jCoxNWIWl26v wGvJ481Ftl49plWLxlav1J818dTuKtaaQfR47QbX6UKirWc68vO+n8OlGIksMvS7mDqG rwig== X-Gm-Message-State: AOJu0YznplZt6n2rKJfjONTBamMEmvpEqIRBOInVBcujqeuT0m6OmFMl QDivTfJQlcgaiOizp4UDyYr2z1IBEOmahmG0Uqe8q5fREuaVJ9XlZLY6JoFJq5tOmyokaI4fQxo J X-Gm-Gg: ASbGncuaarh1JLNbV+yhu0uSloL2Rn9R3irmEBfbk/JtOC0GWy9W+DrjVROAo8XS7tG xDcXtItOFOYpQUGcD27jVpDzkIw41TCYC9q6vTFKwr3Ct/mBb9qgf+yszrFT1k/6UuNbOxMjEyg Q3TeJbPVCHa1FmL88iemJQlfybyioPjpHQr4ilfboIPj0bJH/ILD2T1z3lrVZZXSx8PK3WixIQY SNAOqzJJvMLZ8mjCsezklhxwldVyxrPl41FJRvuxJRkm5P2uGf8R4rQJPnUqtLHE086ZEiUYDnQ VUvFKgN8tUHPOzg1pg88gbxlFEhY X-Received: by 2002:a17:903:230d:b0:208:d856:dbb7 with SMTP id d9443c01a7336-21dd7deedb9mr53803475ad.39.1738171562340; Wed, 29 Jan 2025 09:26:02 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.26.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:26:01 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 4/8] rtld: Move call_init_paths after _dl_process_pt_gnu_property Date: Wed, 29 Jan 2025 14:22:38 -0300 Message-ID: <20250129172550.1119706-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org To allow the loader malloc behavior to be changed by the gnu attribute. It would allow the pages allocated to be memory sealed if the loader if built with memory sealing. Checked on x86_64-linux-gnu. --- elf/rtld.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/elf/rtld.c b/elf/rtld.c index b1ae901053..4ab285abce 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1688,10 +1688,6 @@ dl_main (const ElfW(Phdr) *phdr, /* With vDSO setup we can initialize the function pointers. */ setup_vdso_pointers (); - /* Initialize the data structures for the search paths for shared - objects. */ - call_init_paths (&state); - /* Initialize _r_debug_extended. */ struct r_debug *r = _dl_debug_initialize (_dl_rtld_map.l_addr, LM_ID_BASE); @@ -1747,6 +1743,10 @@ dl_main (const ElfW(Phdr) *phdr, /* Assign a module ID. Do this before loading any audit modules. */ _dl_assign_tls_modid (&_dl_rtld_map); + /* Initialize the data structures for the search paths for shared + objects. */ + call_init_paths (&state); + audit_list_add_dynamic_tag (&state.audit_list, main_map, DT_AUDIT); audit_list_add_dynamic_tag (&state.audit_list, main_map, DT_DEPAUDIT); From patchwork Wed Jan 29 17:22:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860668 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp294164wrw; Wed, 29 Jan 2025 09:27:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUpIhKlOazWRGTx1bLf30A1J73wWrY5OlAt2iwIMwKHdGCEwTdD3uUaqp1RBnA1LzIhHTCH+A==@linaro.org X-Google-Smtp-Source: AGHT+IH4yJ8LynAlAcAgI2Dgi5TW0tqG7KZmjRvOPzI1wF9MV00y9o595+rz5UsUw9wpKfaoM6MJ X-Received: by 2002:a05:622a:1104:b0:46c:86d8:fc5 with SMTP id d75a77b69052e-46fd0a12f8bmr61550451cf.5.1738171624877; Wed, 29 Jan 2025 09:27:04 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738171624; cv=pass; d=google.com; s=arc-20240605; b=G6mV2lW83NRUVeADnrOM/Gn4lZRdBc6dt3fY8Tg0uKwVaeHFmptAV4mwKHm67veT1Z ttd4TwALVhgt4NnEHKCy3/p2XyalGYVvPalsPyj161h7zXUK5itERjQNIKWQaxrFWjee +sfzTK1DDiyxKIuUogN4biiroGrn27V7nEGPo383byM7jibVydQ0+n5Tx5Dh/oEFgAjf dk0DIIWlWVRONc105uj1EngPrj7kB89EKwKabDBBOfcWrFfGpEZEAIyx/+Umo6bzDLRW 4HhCEakYR7QSl05QWQ8FqTuTWh3+fs6xlbdvyaWpfPAVu/h9wTimlaXOF45ZeKE82xtv qsMA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=tliGAJQe8rqXhiiXxYWx9hNOffxGU+7tilQ6nrJgUq8=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=BYBfR8GY5lLYchHhxKIz6MEkHdBwn1o3UkIxAlo6B9sVwEwpvggMmpEBFHSD21Fnye e+yp339P9ug0McSgZRn0LQ6cShH8RNfE8VCXs1Lq/XgMAN4rulDS88Ttef2v/dN3DVHn d/nsIwdybtf8VLq87jC0vCjhcvI/3ImiKz5gqqsPtLuU08J39iiZdlob8qW7d465Nd3I Vp8NHGnkl6LGGnOBr+16WusEcReOFbVZvwBjTE8P2ob75CQiOgYNWUr55tunwAxRARfK CwIyguFxIIswadQmyq7XCCzsUFcXVCvowbV+cunvoyCDc3k9rN5aQgEsoaC6adyFiCO+ +pBw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="Dmf/kxH/"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-46e66b67d8csi173144941cf.329.2025.01.29.09.27.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:27:04 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="Dmf/kxH/"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 791DB3857C7A for ; Wed, 29 Jan 2025 17:27:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 791DB3857C7A Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=Dmf/kxH/ X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by sourceware.org (Postfix) with ESMTPS id 4F6B83857B9B for ; Wed, 29 Jan 2025 17:26:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4F6B83857B9B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4F6B83857B9B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::630 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171565; cv=none; b=tuy4ZrxZj8iNPAuV4R6j1ch02M7yqHIIGfe6vmXNv6/n7NgwkLF+/p63eqCw92xjma41wd/NKeT1RZT/xViqz3wjVfiLT9/PIZEzoyOdmfDK5tZkSeq8G+SyHAGVAFKbN9+1LNL4RZpoG2vtaq0Ff0iHp1KQydAtaq4Cx0loXoM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171565; c=relaxed/simple; bh=LiA84Iq9sxCOW+AKrg1GV1UdYLH107+AN/XKdQetrhc=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=HTAnG/4VerOs6Im4LocPGi7+YL/dmvLoG+1roJlwDY0KwHgmVttPziu4XCSFGadALCQ1dGrwUOLorUnIE08eXaHRfMEmq7GYPvfcDdAvcZRiWF4DGS62F7/ccQ3Wnt+SaUnaPyWR3YGP0fGADRa7QSdNc5rPtwp/B3eP1YF2q64= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4F6B83857B9B Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-218c8aca5f1so14100345ad.0 for ; Wed, 29 Jan 2025 09:26:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171564; x=1738776364; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tliGAJQe8rqXhiiXxYWx9hNOffxGU+7tilQ6nrJgUq8=; b=Dmf/kxH/pxF49w1u6r/3y4F/3uA0SMIOj8i2SkEd9qy7RotI7Cl6yYG3mdDcbGVxQW xXXWPUtYLhKGIrJULesOcjQAF7mWzrBAlzn13EzVfjzk7zyyw9BJr60Pxw5XxpFB1sUD MEexv7tRJeNEnhL+LyvpgjDA17bY/rxD69hkNI5hhyysbhn26Eqvye1r5UohQjOZAuP4 1NzB9YkCoZ2CGMjQadNI1Awn7xgMvDs4a7LPRDXjDznoH/5R/ZKWnGSB29Dru4fgi0t3 T2tNCuR4hBbyO/KS//+iUzBDNnh8PWeOg0KU+YVUaIs66dzNSF3QjoX0KgeNN4SizDCs nQrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171564; x=1738776364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tliGAJQe8rqXhiiXxYWx9hNOffxGU+7tilQ6nrJgUq8=; b=Awjza56N/LHcKPG+V/D83Btz5WvaTTqPb9l19ZjDIWJwxKRWy6nsJDgmj1py6fkNa4 +1T0acoRTzMp/HGCeb4rdgUXKLNeq6uLcPXczzgfCJ/CzP1Rg5HrWndk7KNhgOKFqh92 izJ2yNfKIyktHyMyMxvq0BBu6TTDuU/gUndUNouH9CCvtwip4DT7mGyUvI5gXR3JyiNS hj5Byc4S3y87fzq3+TcoC+Tp/spEWl8roGCH5Ecy4YACBBo/yndCUQDKpMJbOwb010XL sI20mWtDXWPSUGeW8EGxTXGLQEXthM2COouXBkJJY8aaT/7gmfvP2mHkFBuCbFriKnZh 2+4Q== X-Gm-Message-State: AOJu0YydQYyw+rgjS4U3pAeZPEyhG83jK3zajN53/a1wdsXdU4X8lkeJ nmkB7sGo6mdH+mlpp1lUzb3/U90fo4LvLpRK4ZAYd+q5yw+WGPxNBr/MhSUVglVK0bDvad3PK4p x X-Gm-Gg: ASbGncujr48Ftux8c+pQESpBvR5jWEiPbzXlEe3WeSv803q+hY7pbcmAPJ96HNmpnKv IrrEPolbtCF/P7h0Jl27nQeebagf4jFDxXibH9Zf3w23hNsz6gmQMJ2wb2f8U4vjlH6pWJMAZh5 mPgwY49+RdV52bCPOYhERm7F+8Fvk3krp4wVg10t0OBruyG3QrqbC2+WpbPhVUSXfD2OF/mTk3H YTXvP3yS2j9Uov7HvH/YmxY+srOLvGUlfGu3LBqGD6Z0ByY6/TmPCu1tG7F9RGJZel6+mM6+8wY D18OkUo0d3sme+/6zn18j9yx4Ax5 X-Received: by 2002:a17:902:d48b:b0:215:385e:921c with SMTP id d9443c01a7336-21dd7e39d0emr58612905ad.51.1738171564228; Wed, 29 Jan 2025 09:26:04 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.26.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:26:03 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 5/8] elf: Use RTLD_NODELETE for dependencies Date: Wed, 29 Jan 2025 14:22:39 -0300 Message-ID: <20250129172550.1119706-6-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So dlopen dependencies for objects opened with RTLD_NODELETE are also marked with RTLD_NODELETE. Checked on x86_64-linux-gnu. --- elf/dl-open.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/elf/dl-open.c b/elf/dl-open.c index 4c12ddec59..1501428de2 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -604,7 +604,8 @@ dl_open_worker_begin (void *a) /* Load that object's dependencies. */ _dl_map_object_deps (new, NULL, 0, 0, - mode & (__RTLD_DLOPEN | RTLD_DEEPBIND | __RTLD_AUDIT)); + mode & (__RTLD_DLOPEN | RTLD_DEEPBIND | __RTLD_AUDIT + | RTLD_NODELETE)); /* So far, so good. Now check the versions. */ for (unsigned int i = 0; i < new->l_searchlist.r_nlist; ++i) From patchwork Wed Jan 29 17:22:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860671 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp296636wrw; Wed, 29 Jan 2025 09:32:24 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXC3VLGZ9KXsgTG159oijzZWLIEoGriGd4TAfqeBn7OYiSfUGrMgTBhrYuFCiSoC5nXOTqCqA==@linaro.org X-Google-Smtp-Source: AGHT+IH63sad0jmOJIf0/Ex7OqyxspVwU9LDWOKUl+WAyPjmUX0wbN1kHhPGkSuUhro3iVV7Dgp3 X-Received: by 2002:a05:6214:2683:b0:6d8:af2d:2a44 with SMTP id 6a1803df08f44-6e243c6392amr52174166d6.32.1738171944602; Wed, 29 Jan 2025 09:32:24 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738171944; cv=pass; d=google.com; s=arc-20240605; b=X03pAB0jdLuruNl5XW0Glg3IJH9p1wxjY1l3+hfgCkdPddqSIzw91x3JeRR8jXffai 6vO/jpGH91sUeI0HIf8vtDwjF4gvWRclYWWhtxkrHWOxq2FmiRuFSPEzv8aMZnO4xXxn 3l2bkgODfhFChlAxMj9qL2W4UZscU4fKcVi9GwKBU5XrbQS2ICCG4sXQ9Ckx7VYNgAPp hi8UMvUxVjIFfa75j/qhW8jYV4s7K/bI+tRaVsJWzAzD8vaGtGpu8QUYK/qsCfPAUalU wxFy7upV2SNcC5EhHne8DPz57Rt3U7Xp11DVrNPVLxChGC1CCmwjOgpEKwZ1iQDECbeQ njVQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=czuAzyg+2S5t+d/sIQO75SH2f9tJb0bJ2pORqPB3mRk=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=PPvxNxjC73mv/iBHgHgp2DP0gh5MTgOsTD6D/H7BPr4tIwjdjjPu/16XSG9kqxl/fL trD2GyZqURtMf3PLBHgRjxBlTjd7qTaBaduLfjLqvrKUeXPxL9VXmcFAGPMI8P6gE6eZ obZjKYHFH4Ysnc/JhmSCgEU9AM/iqEaLEqFp3qovYJYZHIzu1EkyvnQRwXQtyMRaYBPu TbcA8mZlOsndBbcVcL2TpC0iS+8n6yA76r0WYYRKQOMCtCz8TLmLcZSJ+nK1pLg6YFEg nAB5UcYa6UzUKqiqOobSqIcRcygWFo2Z9ujYWM70xasOQBEI5hXTR/pxe7vshLmwbV0y 3S5Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mVZaUPmF; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id 6a1803df08f44-6e206133ee9si160772516d6.478.2025.01.29.09.32.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:32:24 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mVZaUPmF; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2E9863857B90 for ; Wed, 29 Jan 2025 17:32:24 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2E9863857B90 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=mVZaUPmF X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) by sourceware.org (Postfix) with ESMTPS id 14A15385829B for ; Wed, 29 Jan 2025 17:26:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 14A15385829B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 14A15385829B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171568; cv=none; b=gXvsgdpcCZx7TKmnmt9xKP65audv6+/FsWqZW/WzyMIsfj5Z73KHYgSwhKLHMTVZoHgk0d+nBC2nubajoTqKGo1li90miHTfCIBVYCGQuRe6yWKmVwITBKJHsAn+hLpYtuDKL+dJPrwYe3UOicCio7ROK9dhEvJvYitJrzudUuk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171568; c=relaxed/simple; bh=8EQT8prFxHTrQAv27vgVcZ1RIrjBlCeKhQT/C1ChRtQ=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=rEvqK+P2yrwiudNEvQyYn5q9Y5jTT/Su0SCMA79caqkqdkX09qx1hPsqGXg9lz/qSWcAngSE/5LryeGAbamHIQogvEySBWeUKNJf5i1P64uHW/npGJpJdnVH56i4tM+aXVhdq78Es7DLN2eAkMcQ9nOYkbZ5gWV77/cB24WIZjQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 14A15385829B Received: by mail-pl1-x62f.google.com with SMTP id d9443c01a7336-21669fd5c7cso128659415ad.3 for ; Wed, 29 Jan 2025 09:26:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171567; x=1738776367; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=czuAzyg+2S5t+d/sIQO75SH2f9tJb0bJ2pORqPB3mRk=; b=mVZaUPmFzyfRRAGGkjZkHywx1MKKGQW8IypOMEUZ7y4yCWc3BJvFft9m1WFyhKKhHM G6i8xI5HFoUH1i0k1vNfDCaisAAyfgaWUJSgpYaScMP/DpuEC1wO3qqLRbHo00N8K/h1 kjrer8Ht7PvEeSAYkVfIkZ4vo8bm/y7JpHLaho8HUGvgNNXQbbbOEHNJq2Wda0YHzcgs cRMrUjOzC9xxLl2LkbXerwGNlgeV68LQnhjjWtD1nSJquqcK/DdkKFHZFCEoDeGX3aQR UtIAJlW3rV49bNXQGCdsvWX4pDNX0PaeI8TPgr/gektT0iMYcsFDLJ2QcQzy83angjbE Uk6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171567; x=1738776367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=czuAzyg+2S5t+d/sIQO75SH2f9tJb0bJ2pORqPB3mRk=; b=Vpv+fqCl68hqFYcesm3a4vUEN57za+uU0w8OxKNcOcXDHniW6fLDEUGIKOwlL07HBY up2bVeAbhpYi4Gx5IkJR/IyaLV1tNIQL3gOLghzY/i+vOREWV2IKqgYC4fI4rxyTI5i3 WFd+2FwP/uWLoPvVyIT7EGYckfu7aeMjHyMVPdTuLQk1qHnu2Jq9WS8yxy89BwnPQn50 Mglwpr9CcOfZB52/ZBsgi4JuNl902hNxy2JBqsHO/lES9XPfLiMZ+tGctOWRODI662vw x4girF1CjXTdlgy+Nr/79RofkBrpdHYCwBdRhXYz5O88Pkdro/pafrihEvxx130Ou2iq xh+A== X-Gm-Message-State: AOJu0Yxv2RnK08yQzIfYH139YXsMVxF1FmUc4DdTreWB6VzqSXxuxCSK oJd4THKt7kPEXHyjEJdQ06W/udTOKhwTBzj5+ud4txi1sKUjTJIxgiUr3q8oKSB6DMnyV8FosNd W X-Gm-Gg: ASbGncsL79bbnQ27U4+FpuaU9awAeKTGT0HVyypwIUGMKn8uVicZhvaHjYqo4CPkm4z HpAE01jIRgUsNDF5OysXNHaIjl1PjP8d3GbB2udq+UdgSjpXuEjaQuSxwsCO+pQrtglO7Rlj2Wr GcA/hysyAy72FZYiqh2j2kCxo/8n9HMXJZPDwJyi8Bb5YuBSTPOw5VoFVxZEf/VlTS0h+evjMZy 8J2ad+ev8DjjqMf/bLi9U2g0sbQ6LwX1ozLmf+q08UL3sGlq/7anqYDbGRzT++rhn3X0Ac6t43K ej4lmbVHcFPk7E1ofC4WANUVBACF X-Received: by 2002:a17:902:ce01:b0:216:3e9a:89e with SMTP id d9443c01a7336-21dd7db8dbfmr60171265ad.35.1738171566309; Wed, 29 Jan 2025 09:26:06 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.26.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:26:05 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 6/8] elf: Add support to memory sealing Date: Wed, 29 Jan 2025 14:22:40 -0300 Message-ID: <20250129172550.1119706-7-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The new Linux mseal syscall allows mark a memory mapping to avoid further changes (such as changng the protection flags). The memory sealing is done in multiple places where the memory is supposed to be immutable during program execution: * All shared library dependencies from the binary, including the read-only segments after PT_GNU_RELRO setup. * The binary itself, including dynamic and static linked ones. In both cases, it is up either to binary or the loader to set up the sealing. * Any preload libraries, including depedencies. * Any library loaded with dlopen with RTLD_NODELETE flag. * Audit modules. * The loader bump allocator. The memory sealing is controled by a new gnu attribute, GNU_PROPERTY_MEMORY_SEAL, added by the new static linker option '-z memory-seal'. It is set per binary, including statically linked and shared objects. The GNU_PROPERTY_MEMORY_SEAL enforcement depends on whether the kernel supports the mseal syscall and how glibc is configured. On the default configuration that aims to support older kernel releases, the memory sealing attribute is taken as a hint. If glibc is configured with a minimum kernel of 6.10, where mseal is implied to be supported, sealing is enforced. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- NEWS | 6 ++++ elf/dl-load.c | 4 +++ elf/dl-map-segments.h | 16 ++++++++-- elf/dl-minimal-malloc.c | 5 +++ elf/dl-open.c | 4 +++ elf/dl-reloc.c | 49 ++++++++++++++++++++++++++++ elf/dl-support.c | 3 ++ elf/elf.h | 2 ++ elf/rtld.c | 12 ++++++- elf/setup-vdso.h | 2 ++ include/link.h | 8 +++++ sysdeps/aarch64/dl-prop.h | 5 +++ sysdeps/generic/dl-mseal.h | 22 +++++++++++++ sysdeps/generic/dl-prop-mseal.h | 34 ++++++++++++++++++++ sysdeps/generic/dl-prop.h | 5 +++ sysdeps/generic/ldsodefs.h | 9 ++++++ sysdeps/unix/sysv/linux/Makefile | 4 +++ sysdeps/unix/sysv/linux/dl-mseal.c | 51 ++++++++++++++++++++++++++++++ sysdeps/unix/sysv/linux/dl-mseal.h | 31 ++++++++++++++++++ sysdeps/x86/dl-prop.h | 4 +++ 20 files changed, 272 insertions(+), 4 deletions(-) create mode 100644 sysdeps/generic/dl-mseal.h create mode 100644 sysdeps/generic/dl-prop-mseal.h create mode 100644 sysdeps/unix/sysv/linux/dl-mseal.c create mode 100644 sysdeps/unix/sysv/linux/dl-mseal.h diff --git a/NEWS b/NEWS index 4732ec2522..c35ac3ed28 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,12 @@ Major new features: mappings to avoid further change during process execution such as protection permissions, unmapping, moving to another location, or shrinking the size. +* The loader will memory seal all libraries that contains the new gnu + attribute GNU_PROPERTY_MEMORY_SEAL. The memory sealing uses the new Linux + mseal syscall, and it will be applied to all shared libraries dependencies, + the binary, any preload and audit modules, and aby library loaded with + RTLD_NODELETE. + Deprecated and removed features, and other changes affecting compatibility: [Add deprecations, removals and changes affecting compatibility here] diff --git a/elf/dl-load.c b/elf/dl-load.c index f905578a65..d1414f65df 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1451,6 +1451,10 @@ cannot enable executable stack as shared object requires"); /* Assign the next available module ID. */ _dl_assign_tls_modid (l); + if (l->l_seal == lt_seal_toseal + && (mode & __RTLD_DLOPEN) && !(mode & RTLD_NODELETE)) + l->l_seal = lt_seal_dont_dlopen; + #ifdef DL_AFTER_LOAD DL_AFTER_LOAD (l); #endif diff --git a/elf/dl-map-segments.h b/elf/dl-map-segments.h index 203b6c7b0b..6d14ac27e0 100644 --- a/elf/dl-map-segments.h +++ b/elf/dl-map-segments.h @@ -18,6 +18,7 @@ . */ #include +#include /* Map a segment and align it properly. */ @@ -115,11 +116,15 @@ _dl_map_segments (struct link_map *l, int fd, if (__glibc_unlikely (loadcmds[nloadcmds - 1].mapstart < c->mapend)) return N_("ELF load command address/offset not page-aligned"); + + caddr_t hole_start = (caddr_t) (l->l_addr + c->mapend); + size_t hole_size = loadcmds[nloadcmds - 1].mapstart - c->mapend; + if (__glibc_unlikely - (__mprotect ((caddr_t) (l->l_addr + c->mapend), - loadcmds[nloadcmds - 1].mapstart - c->mapend, - PROT_NONE) < 0)) + (__mprotect (hole_start, hole_size, PROT_NONE) < 0)) return DL_MAP_SEGMENTS_ERROR_MPROTECT; + if (l->l_seal) + _dl_mseal (hole_start, hole_size, l->l_name); } l->l_contiguous = 1; @@ -188,6 +193,11 @@ _dl_map_segments (struct link_map *l, int fd, -1, 0); if (__glibc_unlikely (mapat == MAP_FAILED)) return DL_MAP_SEGMENTS_ERROR_MAP_ZERO_FILL; + /* We need to seal this here because it will not be part of + the PT_LOAD segments, nor it is taken in RELRO + calculation. */ + if (l->l_seal) + _dl_mseal (mapat, zeroend - zeropage, l->l_name); } } diff --git a/elf/dl-minimal-malloc.c b/elf/dl-minimal-malloc.c index b4bd1628bc..e81152e586 100644 --- a/elf/dl-minimal-malloc.c +++ b/elf/dl-minimal-malloc.c @@ -27,6 +27,7 @@ #include #include #include +#include static void *alloc_ptr, *alloc_end, *alloc_last_block; @@ -62,6 +63,10 @@ __minimal_malloc (size_t n) if (page == MAP_FAILED) return NULL; __set_vma_name (page, nup, " glibc: loader malloc"); +#if IS_IN(rtld) + if (_dl_rtld_map.l_seal == lt_seal_toseal) + _dl_mseal (page, nup, _dl_rtld_map.l_name); +#endif if (page != alloc_end) alloc_ptr = page; alloc_end = page + nup; diff --git a/elf/dl-open.c b/elf/dl-open.c index 1501428de2..e464b22536 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -807,6 +807,10 @@ dl_open_worker (void *a) if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) _dl_debug_printf ("opening file=%s [%lu]; direct_opencount=%u\n\n", new->l_name, new->l_ns, new->l_direct_opencount); + + /* The seal flag is set only for NEW, however its dependencies could not be + unloaded and thus can also be sealed. */ + _dl_mseal_map (new, true, false); } void * diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c index 05bf54bebd..3e7d03d7b2 100644 --- a/elf/dl-reloc.c +++ b/elf/dl-reloc.c @@ -28,6 +28,7 @@ #include <_itoa.h> #include #include "dynamic-link.h" +#include /* Statistics function. */ #ifdef SHARED @@ -345,6 +346,7 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[], return; _dl_relocate_object_no_relro (l, scope, reloc_mode, consider_profiling); _dl_protect_relro (l); + _dl_mseal_map (l, false, false); } void @@ -369,6 +371,53 @@ cannot apply additional memory protection after relocation"); } } +static void +_dl_mseal_map_1 (struct link_map *l, bool force) +{ + /* The 'force' check allow to seal audit with sealing enabled after + they are loader during process startup. */ + if (l->l_seal == lt_seal_dont + || (force + ? l->l_seal != lt_seal_dont_dlopen + : l->l_seal == lt_seal_dont_dlopen)) + return; + + if (l->l_contiguous) + _dl_mseal ((void *) l->l_map_start, l->l_map_end - l->l_map_start, + l->l_name); + else + { + /* We can use the PT_LOAD segments because even if relro splits the + original RW VMA, mseal works with multiple VMAs with different + flags. */ + const ElfW(Phdr) *ph; + for (ph = l->l_phdr; ph < &l->l_phdr[l->l_phnum]; ++ph) + switch (ph->p_type) + { + case PT_LOAD: + { + ElfW(Addr) mapstart = l->l_addr + + (ph->p_vaddr & ~(GLRO(dl_pagesize) - 1)); + ElfW(Addr) allocend = l->l_addr + ph->p_vaddr + ph->p_memsz; + _dl_mseal ((void *) mapstart, allocend - mapstart, l->l_name); + } + break; + } + } + + l->l_seal = lt_seal_sealed; +} + +void +_dl_mseal_map (struct link_map *l, bool dep, bool force) +{ + if (l->l_searchlist.r_list == NULL || !dep) + _dl_mseal_map_1 (l, force); + else + for (unsigned int i = 0; i < l->l_searchlist.r_nlist; ++i) + _dl_mseal_map_1 (l->l_searchlist.r_list[i], force); +} + void __attribute_noinline__ _dl_reloc_bad_type (struct link_map *map, unsigned int type, int plt) diff --git a/elf/dl-support.c b/elf/dl-support.c index 6daa196f12..7129a82975 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -47,6 +47,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -101,6 +102,7 @@ static struct link_map _dl_main_map = .l_used = 1, .l_tls_offset = NO_TLS_OFFSET, .l_serial = 1, + .l_seal = lt_seal_dont, }; /* Namespace information. */ @@ -353,6 +355,7 @@ _dl_non_dynamic_init (void) /* Setup relro on the binary itself. */ _dl_protect_relro (&_dl_main_map); + _dl_mseal_map (&_dl_main_map, false, false); } #ifdef DL_SYSINFO_IMPLEMENTATION diff --git a/elf/elf.h b/elf/elf.h index 96df2eec01..781f8d776f 100644 --- a/elf/elf.h +++ b/elf/elf.h @@ -1359,6 +1359,8 @@ typedef struct #define GNU_PROPERTY_STACK_SIZE 1 /* No copy relocation on protected data symbol. */ #define GNU_PROPERTY_NO_COPY_ON_PROTECTED 2 +/* No memory sealing. */ +#define GNU_PROPERTY_MEMORY_SEAL 3 /* A 4-byte unsigned integer property: A bit is set if it is set in all relocatable inputs. */ diff --git a/elf/rtld.c b/elf/rtld.c index 4ab285abce..6656da329c 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -53,6 +53,7 @@ #include #include #include +#include #include @@ -479,6 +480,7 @@ _dl_start_final (void *arg, struct dl_start_final_info *info) _dl_rtld_map.l_real = &_dl_rtld_map; _dl_rtld_map.l_map_start = (ElfW(Addr)) &__ehdr_start; _dl_rtld_map.l_map_end = (ElfW(Addr)) _end; + _dl_rtld_map.l_seal = lt_seal_dont; /* Copy the TLS related data if necessary. */ #ifndef DONT_USE_BOOTSTRAP_MAP # if NO_TLS_OFFSET != 0 @@ -1024,6 +1026,11 @@ ERROR: audit interface '%s' requires version %d (maximum supported version %d); /* Mark the DSO as being used for auditing. */ dlmargs.map->l_auditing = 1; + + /* Audit modules can not be loaded with RTLD_NODELETE, so apply the sealing + again on all dependencies an and ignore any possible missing seal due + dlopen without RTLD_NODELETE. */ + _dl_mseal_map (dlmargs.map, true, true); } /* Load all audit modules. */ @@ -1106,6 +1113,7 @@ rtld_setup_main_map (struct link_map *main_map) /* And it was opened directly. */ ++main_map->l_direct_opencount; main_map->l_contiguous = 1; + main_map->l_seal = lt_seal_dont; /* A PT_LOAD segment at an unexpected address will clear the l_contiguous flag. The ELF specification says that PT_LOAD @@ -2325,8 +2333,10 @@ dl_main (const ElfW(Phdr) *phdr, __rtld_malloc_init_real (main_map); } - /* All ld.so initialization is complete. Apply RELRO. */ + /* All ld.so initialization is complete. Apply RELRO and memory + sealing. */ _dl_protect_relro (&_dl_rtld_map); + _dl_mseal_map (&_dl_rtld_map, false, false); /* Relocation is complete. Perform early libc initialization. This is the initial libc, even if audit modules have been loaded with diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h index 6564557b56..551eee658c 100644 --- a/elf/setup-vdso.h +++ b/elf/setup-vdso.h @@ -66,6 +66,8 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), /* The vDSO is always used. */ l->l_used = 1; + /* The PT_LOAD may not cover all the vdso mapping. */ + l->l_seal = lt_seal_dont; /* Initialize l_local_scope to contain just this map. This allows the use of dl_lookup_symbol_x to resolve symbols within the vdso. diff --git a/include/link.h b/include/link.h index 518bfd1670..677d82b38b 100644 --- a/include/link.h +++ b/include/link.h @@ -214,6 +214,14 @@ struct link_map lt_library map. */ unsigned int l_tls_in_slotinfo:1; /* TLS slotinfo updated in dlopen. */ + enum /* Memory sealing status. */ + { + lt_seal_dont = 0, /* Do not seal the object. */ + lt_seal_dont_dlopen, /* Do not seal from a dlopen. */ + lt_seal_toseal, /* The library is marked to be sealed. */ + lt_seal_sealed /* The library is sealed. */ + } l_seal:2; + /* NODELETE status of the map. Only valid for maps of type lt_loaded. Lazy binding sets l_nodelete_active directly, potentially from signal handlers. Initial loading of an diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h index abca2be7fa..5ffff60cf5 100644 --- a/sysdeps/aarch64/dl-prop.h +++ b/sysdeps/aarch64/dl-prop.h @@ -19,6 +19,8 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include + extern void _dl_bti_protect (struct link_map *, int) attribute_hidden; extern void _dl_bti_check (struct link_map *, const char *) @@ -50,6 +52,9 @@ static inline int _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { /* Stop if the property note is ill-formed. */ diff --git a/sysdeps/generic/dl-mseal.h b/sysdeps/generic/dl-mseal.h new file mode 100644 index 0000000000..b100a7cb2c --- /dev/null +++ b/sysdeps/generic/dl-mseal.h @@ -0,0 +1,22 @@ +/* Memory sealing. Generic version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +static inline void +_dl_mseal (void *addr, size_t len, const char *object) +{ +} diff --git a/sysdeps/generic/dl-prop-mseal.h b/sysdeps/generic/dl-prop-mseal.h new file mode 100644 index 0000000000..94ce72b4d2 --- /dev/null +++ b/sysdeps/generic/dl-prop-mseal.h @@ -0,0 +1,34 @@ +/* Support for GNU properties. Generic version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_PROP_MSEAL_H +#define _LD_PROP_MSEAL_H + +static __always_inline bool +_dl_process_gnu_property_seal (struct link_map *l, int fd, uint32_t type, + uint32_t datasz, void *data) +{ + if (type == GNU_PROPERTY_MEMORY_SEAL && datasz == 0) + { + l->l_seal = lt_seal_toseal; + return true; + } + return false; +} + +#endif diff --git a/sysdeps/generic/dl-prop.h b/sysdeps/generic/dl-prop.h index 6d4e62ea84..035bc249cf 100644 --- a/sysdeps/generic/dl-prop.h +++ b/sysdeps/generic/dl-prop.h @@ -19,6 +19,8 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include + /* The following functions are used by the dynamic loader and the dlopen machinery to process PT_NOTE and PT_GNU_PROPERTY entries in the binary or shared object. The notes can be used to change the @@ -47,6 +49,9 @@ static inline int __attribute__ ((always_inline)) _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + /* Continue until GNU_PROPERTY_1_NEEDED is found. */ if (type == GNU_PROPERTY_1_NEEDED) { diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index e871f27ff2..546fd85764 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -996,6 +996,15 @@ void _dl_relocate_object_no_relro (struct link_map *map, /* Protect PT_GNU_RELRO area. */ extern void _dl_protect_relro (struct link_map *map) attribute_hidden; +/* Issue memory sealing for the link map MAP. If MAP is contiguous the + whole region is sealed, otherwise iterate over the program headerrs and + seal each PT_LOAD segment.i + The DEP specify whether to seal the dependencies as well, while FORCE + ignores any possible missing seal due dlopen without RTLD_NODELETE. + The memory sealing should be done *after* RELRO setup. */ +extern void _dl_mseal_map (struct link_map *map, bool dep, bool force) + attribute_hidden; + /* Call _dl_signal_error with a message about an unhandled reloc type. TYPE is the result of ELFW(R_TYPE) (r_info), i.e. an R__* value. PLT is nonzero if this was a PLT reloc; it just affects the message. */ diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index aa6c387462..ac67b98406 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -651,6 +651,10 @@ sysdep-rtld-routines += \ dl-sbrk \ # sysdep-rtld-routines +dl-routines += \ + dl-mseal \ + # dl-routines + others += \ pldd \ # others diff --git a/sysdeps/unix/sysv/linux/dl-mseal.c b/sysdeps/unix/sysv/linux/dl-mseal.c new file mode 100644 index 0000000000..74ab688ef3 --- /dev/null +++ b/sysdeps/unix/sysv/linux/dl-mseal.c @@ -0,0 +1,51 @@ +/* Memory sealing. Linux version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include + +void +_dl_mseal (void *addr, size_t len, const char *object) +{ + int r = 0; + bool fail = false; +#if __ASSUME_MSEAL + r = INTERNAL_SYSCALL_CALL (mseal, addr, len, 0); + fail = r != 0; +#else + static int mseal_supported = true; + /* Avoid issuing mseal again if it is not supported by the kernel. */ + if (atomic_load_relaxed (&mseal_supported)) + { + int r = INTERNAL_SYSCALL_CALL (mseal, addr, len, 0); + if (r == -ENOSYS) + atomic_store_relaxed (&mseal_supported, false); + else + fail = r != 0; + } +#endif + if (fail) + { + static const char errstring[] = N_("\ +cannot apply memory sealing"); + _dl_signal_error (-r, DSO_FILENAME (object), NULL, errstring); + } +} diff --git a/sysdeps/unix/sysv/linux/dl-mseal.h b/sysdeps/unix/sysv/linux/dl-mseal.h new file mode 100644 index 0000000000..cfbd0e4240 --- /dev/null +++ b/sysdeps/unix/sysv/linux/dl-mseal.h @@ -0,0 +1,31 @@ +/* Memory sealing. Linux version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_MSEAL_H +#define _DL_MSEAL_H + +/* Seal the ADDR or size LEN to protect against fruthermodifications, such as + changes on the permission flags (through mprotect), remap (through + mmap and/or remap), shrink, destruction changes (madvise with + MADV_DONTNEED), or change its size. The input has the same constraints + as the mseal syscall. + + Any error than than unsupported by the kerneltriggers a _dl_signal_error. */ +void _dl_mseal (void *addr, size_t len, const char *object) attribute_hidden; + +#endif diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h index 9a5e10821c..5f5cc8f3e4 100644 --- a/sysdeps/x86/dl-prop.h +++ b/sysdeps/x86/dl-prop.h @@ -19,6 +19,7 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include #include extern void _dl_cet_check (struct link_map *, const char *) @@ -243,6 +244,9 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { /* This is called on each GNU property. */ + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + unsigned int needed_1 = 0; unsigned int feature_1_and = 0; unsigned int isa_1_needed = 0; From patchwork Wed Jan 29 17:22:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860673 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp298187wrw; Wed, 29 Jan 2025 09:36:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX+1Ki9rDWU9eZMshzkSeQ/WkKmFdKU4eGzYik+h742FNbvbAbAy8/i+dO104BEnu1Pwb+mxA==@linaro.org X-Google-Smtp-Source: AGHT+IEvBGuTc7o3XXIpUxU8lm6WmkbGvoQTy3VRMmhstvx1uqZw+HJlVk5MY84C07dYbl59nJOc X-Received: by 2002:a05:6214:124f:b0:6df:99f7:a616 with SMTP id 6a1803df08f44-6e243b96bc5mr63035686d6.2.1738172165063; Wed, 29 Jan 2025 09:36:05 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738172165; cv=pass; d=google.com; s=arc-20240605; b=gl9m0i8m76qVnvDcbZgv8ni5BUIFZERoxKwZqxXzDZNQQBPcsGUxHeQWFsoPiJcUyM Kt71OfMne9W8/bYqoKlhLvW2O8DCvSA5Tr2mRuNdq+yADjgf/7z0b/trHKzo8j4gvkRD Be/L2S35UGSEKS8mMSlbxBgrWh4gUL1Rl1FUwSL8XppEXaI6Q1PqfSQ9tVGpg0lgn+Np z3d001aFfxvlS2nv7zN55CzwRdih6NSbYxRkJeUgo6z6Wu+mjPHrzPC7LFvy4XdjEVxs zcmnUXhsQ1m1KWdWXeAG1bGk4fR2fz4rLLIstR2Em/EZS64nJIeScStvyGL+MDxdKBtf i9/w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=JLNgtq9seAcUVlZ2sz/10lyMiC5HBB72ZNtHrjtgZaE=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=bIchVU+/vKUpxVG+8EXevMGvdX2+SID5f13+7qvPZ1C0hJ7aC/YIdRWMj5LHq0QWrs ou9Dk5nA5YmbA+CQMFxBlLsae9A9qZaTdamlaVN73GjDSf0MOjCVNhF0ue71VcOTy+tn x+j3g9N1SxsRh4+yzjALYdkBIOvVwOfKAZ1s1BSvmRCT7I32wOAcIGeBOnFVgR3bVh8I fDj65edcOCk8CVqvm4ZwjbvAdycdOcX2BZbpAe4cgRhsM3+OUgNGOqwl+Wdfbmb6OEol RlhmWoQOH5k2+UuS6HYFkSwANarQxHsrHbEDUkpOfWG4uEZbattCBv/s16sbqJM6dNxp vDoQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=pTY0iAbn; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id 6a1803df08f44-6e205f01f92si154284336d6.320.2025.01.29.09.36.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:36:05 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=pTY0iAbn; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9E551385829B for ; Wed, 29 Jan 2025 17:36:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9E551385829B Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=pTY0iAbn X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id B61313857B96 for ; Wed, 29 Jan 2025 17:26:09 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B61313857B96 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B61313857B96 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::635 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171570; cv=none; b=Wid37h2T8vphrZqoSeR0l6WAWdtR0DQx4Enh2w+UrCMzVNzn1/hd0rBmgIqByRSSJkSk7Df9hqyw5XYMQKbt9AA8QO306SkHnd+RYqVkbuERVQcA7WpcnFRmlaCMIz9LdNbAZhxbbM1EcAVk4xMP0cksv6onVulcgghud3LNNHY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171570; c=relaxed/simple; bh=vehu+h6J7WewuLCBnVZUwbwmyPsJxS+e6dZajYJfazk=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=gu93ahgZVT3v+oSUnP7uTjCI/AnTYtWtksxS0aDL+BEAVDJsgnNv6OLSBcCykyXuej3D9rElacYrYjuAdofnK4hOjNZXWvpVLnsxLi1xSV/hz5cUJl+a2Url0+L15ycDiCIo1kM8zyzrSFGJDBoCmcZf8DfE5VyIYhsFez+mAek= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B61313857B96 Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-216401de828so134086565ad.3 for ; Wed, 29 Jan 2025 09:26:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171568; x=1738776368; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JLNgtq9seAcUVlZ2sz/10lyMiC5HBB72ZNtHrjtgZaE=; b=pTY0iAbn8UmsdWVGtViadt67kI77qR48GQ3sgyVJRoUCgfjhgFvI6SBTW6JqTd0q7b GozgtLq5Z/Qa32IR4T84YjxLWg6Bn7b1aluGAnoGS6hQaTDORsOsKCx27/2ToLpUkffq f76wAIr+tA84wgmCZvHe8pzN/uv9E4yLzVvi9/lFgR9TuKGST10RerwimWJzEwVWneMR kR4xlxydcmGhb9/DWliDRf0gOo1Vmyz38NtDZSoAy4QA5bJgsQQ4CTj1Kr+6kqKBAxdH iDM9ULx7+ypiPiSB4MWpVDjB0rZsZOseVAQbuGbYpQUZwjVeyA6Ibeu9Hue9iw+exphs hlKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171568; x=1738776368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JLNgtq9seAcUVlZ2sz/10lyMiC5HBB72ZNtHrjtgZaE=; b=BPql2SyxgseahwRLlS+BCUolB2W03iUx3WRoC/Xct2oqhvXeZKf5ahpS7APsGPQtkA Lcf3mANJGd1FOIAPCVLqfggO0OXGmdP09PZs1kXiYRscdjg5qFlGxcytVfHkHRNTY4V4 WIqjvCl8BPGpPJDlP6uACyO5mfskJn0bYJNYQtgKn8j94e9kdtBkTeyTBU0pQlFVSCXc jCFGC65p775WLZgeinXH1x1od5vjxSrtVmqLJRnqLI8WGzuMBzAWGw+5lOoEh0nJOGO3 B8XJlsJEH0d5z1M66+Hs8Yvn4uxdDpkrLPs7Ajx0MKG7TWkjJy+Ou6VH8WiEZE38gzf0 Tfkw== X-Gm-Message-State: AOJu0Yx6fjNOQk8rgn2oAjDJBrsCTb+B100rD9TKydKw7s97SyO2oMdO J7u/2M4ZLah8fdnqxpolohg1MdapGoI6IEQVVfgv3wfNqIvK72Iw/20oqxHdpvRHV30SWY7YM9I + X-Gm-Gg: ASbGnctPk1lrlCMamP21FATxunYPlZHV6wlww49mhDoOTYvcRG3xJ+hAfP+1z/hrqff 1Vl9XPLKKSDcW6gwUY5Ft4oFwKpAxm71qpD4dncSpxifCSYhNJ9OlOvpZTP1iZqM2/xrEu/Iwl/ Vuq2mxs5M+p67lZ6+TOYtG1hZzgBy1oSrHLMuQdPji3p5ALzR06vWI9s+CcZbhS6GhbvSiTAHbE 2QjoqffsPOuN2Cw3S1MbGFf03ddIQBTQNY+UO8CD52MACEUeoYrFE2p0ZkJ11lrF877xMEr6P/9 G15XSup86mwFJ92UVndUY8de76WkE2fxTwrJX5M= X-Received: by 2002:a17:902:ce8a:b0:215:e685:fa25 with SMTP id d9443c01a7336-21dd7d80fefmr56529225ad.20.1738171568308; Wed, 29 Jan 2025 09:26:08 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.26.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:26:07 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 7/8] Enable memory sealing automatically Date: Wed, 29 Jan 2025 14:22:41 -0300 Message-ID: <20250129172550.1119706-8-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org All libraries, programs, and the testsuite in glibc are now build with memory sealing by default if the toochain supports it. A new configure option, --disable-default-memory-seal, disables it. Checked on aarch64-linux-gnu and x86_64-linux-gnu. --- INSTALL | 5 ++++ Makeconfig | 19 ++++++++++++++- Makerules | 2 ++ NEWS | 4 ++++ configure | 58 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 20 ++++++++++++++++ elf/Makefile | 19 +++++++++++---- manual/install.texi | 5 ++++ 8 files changed, 127 insertions(+), 5 deletions(-) diff --git a/INSTALL b/INSTALL index a56179a9c9..3344bb0c6a 100644 --- a/INSTALL +++ b/INSTALL @@ -251,6 +251,11 @@ passed to 'configure'. For example: Disable using 'scv' instruction for syscalls. All syscalls will use 'sc' instead, even if the kernel supports 'scv'. PowerPC only. +'--disable-default-memory-seal' + Don't build glibc libraries, programs, and the testsuite with + memory sealing support (GNU_PROPERTY_MEMORY_SEAL). By default, + memory sealing is enabled if toolchain suports the linker option. + '--build=BUILD-SYSTEM' '--host=HOST-SYSTEM' These options are for cross-compiling. If you specify both options diff --git a/Makeconfig b/Makeconfig index d0108d2caa..2d783c2398 100644 --- a/Makeconfig +++ b/Makeconfig @@ -389,6 +389,21 @@ dt-relr-ldflag = no-dt-relr-ldflag = endif +# Linker options to enable and disable memory sealing (GNU_PROPERTY_MEMORY_SEAL), +# if --disable-default-memory-sealing is used explicit disable memory sealing for +# the case linker defaults to it. +ifeq ($(have-z-memory-seal),yes) +no-memory-seal-ldflag = -Wl,-z,nomemory-seal +ifeq ($(default-memory-seal),yes) +memory-seal-ldflag = -Wl,-z,memory-seal +else +memory-seal-ldflag = $(no-memory-seal-ldflag) +endif +else +memory-seal-ldflag = +no-memory-seal-ldflag = +endif + ifeq (no,$(build-pie-default)) pie-default = $(no-pie-ccflag) else # build-pie-default @@ -433,6 +448,7 @@ link-extra-libs-tests = $(libsupport) ifndef +link-pie +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -Wl,-O1 -nostdlib -nostartfiles \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ @@ -466,6 +482,7 @@ ifndef +link-static +link-static-before-inputs = -nostdlib -nostartfiles -static \ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(static-pie-dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \ $(+preinit) $(+prectorT) @@ -542,7 +559,7 @@ endif # +link # Command for linking test programs with crt1.o from glibc 2.0. +link-2.0-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ - $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ + $(relro-LDFLAGS) $(memory-seal-ldflag) $(hashstyle-LDFLAGS) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-name-2.0)) \ $(+preinit) $(+prector) +link-2.0-before-libc = -o $@ $(+link-2.0-before-inputs) \ diff --git a/Makerules b/Makerules index ada616891e..02ce3949cf 100644 --- a/Makerules +++ b/Makerules @@ -544,6 +544,7 @@ define build-shlib-helper $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \ $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \ -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \ @@ -560,6 +561,7 @@ define build-module-helper $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -B$(csu-objpfx) $(load-map-file) \ $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \ $(link-test-modules-rpath-link) \ diff --git a/NEWS b/NEWS index c35ac3ed28..5e0f55718c 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,10 @@ Major new features: the binary, any preload and audit modules, and aby library loaded with RTLD_NODELETE. +* All libraries, programs, and the testsuite in glibc are now build with + memory sealing by default if the toochain supports it. A new configure + option, --disable-default-memory-seal, disables it. + Deprecated and removed features, and other changes affecting compatibility: [Add deprecations, removals and changes affecting compatibility here] diff --git a/configure b/configure index eb8abd0054..8110d57bae 100755 --- a/configure +++ b/configure @@ -819,6 +819,7 @@ enable_mathvec enable_cet enable_scv enable_fortify_source +enable_default_memory_sealing with_cpu ' ac_precious_vars='build_alias @@ -1504,6 +1505,9 @@ Optional Features: Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value supported by the build compiler. + --disable-default-memory-sealing + Do not build glibc libraries, programs, and the + testsuite with memory sealing [default=no] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -4882,6 +4886,16 @@ case "$enable_fortify_source" in *) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;; esac +# Check whether --enable-default-memory-sealing was given. +if test ${enable_default_memory_sealing+y} +then : + enableval=$enable_default_memory_sealing; default_memory_sealing=$enableval +else case e in #( + e) default_memory_sealing=yes ;; +esac +fi + + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -7375,6 +7389,50 @@ printf "%s\n" "$libc_cv_fpie" >&6; } + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for linker that supports -z memory-seal" >&5 +printf %s "checking for linker that supports -z memory-seal... " >&6; } +libc_linker_feature=no +cat > conftest.c <&5 + (eval $ac_try) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then + if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -Wl,-z,memory-seal -nostdlib \ + -nostartfiles -fPIC -shared -o conftest.so conftest.c 2>&1 \ + | grep "warning: -z memory-seal ignored" > /dev/null 2>&1; then + true + else + libc_linker_feature=yes + fi +fi +rm -f conftest* +if test $libc_linker_feature = yes; then + libc_cv_z_memory_seal=yes +else + libc_cv_z_memory_seal=no +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_linker_feature" >&5 +printf "%s\n" "$libc_linker_feature" >&6; } +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +config_vars="$config_vars +have-z-memory-seal = $libc_cv_z_memory_seal" +config_vars="$config_vars +default-memory-seal = $default_memory_sealing" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GLOB_DAT reloc" >&5 printf %s "checking for GLOB_DAT reloc... " >&6; } if test ${libc_cv_has_glob_dat+y} diff --git a/configure.ac b/configure.ac index 050bfa65e3..000b8c5a7c 100644 --- a/configure.ac +++ b/configure.ac @@ -440,6 +440,12 @@ case "$enable_fortify_source" in *) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);; esac +AC_ARG_ENABLE([default-memory-sealing], + AS_HELP_STRING([--disable-default-memory-sealing], + [Do not build glibc libraries, programs, and the testsuite with memory sealing @<:@default=no@:>@]), + [default_memory_sealing=$enableval], + [default_memory_sealing=yes]) + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -1356,6 +1362,20 @@ LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpie=yes], [libc_cv_fpie=no]) AC_SUBST(libc_cv_fpie) + +LIBC_LINKER_FEATURE([-z memory-seal], + [-Wl,-z,memory-seal], + [libc_cv_z_memory_seal=yes], + [libc_cv_z_memory_seal=no]) +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +LIBC_CONFIG_VAR([have-z-memory-seal], [$libc_cv_z_memory_seal]) +LIBC_CONFIG_VAR([default-memory-seal], [$default_memory_sealing]) + + AC_CACHE_CHECK(for GLOB_DAT reloc, libc_cv_has_glob_dat, [dnl cat > conftest.c < $@ 2>&1; $(evaluate-test) diff --git a/manual/install.texi b/manual/install.texi index d001e8220b..7056768885 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -280,6 +280,11 @@ C++ libraries. Disable using @code{scv} instruction for syscalls. All syscalls will use @code{sc} instead, even if the kernel supports @code{scv}. PowerPC only. +@item --disable-default-memory-seal +Don't build glibc libraries, programs, and the testsuite with +memory sealing support (@code{GNU_PROPERTY_MEMORY_SEAL}). By default, +memory sealing is enabled if toolchain suports the linker option. + @item --build=@var{build-system} @itemx --host=@var{host-system} These options are for cross-compiling. If you specify both options and From patchwork Wed Jan 29 17:22:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860674 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp298683wrw; Wed, 29 Jan 2025 09:37:24 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWsV1u+NKiabeC51bPIaIxne603w87dP9SR/bEMlpt+34j2pLPt4y63RA3vckez7DnrJ/tCuw==@linaro.org X-Google-Smtp-Source: AGHT+IERQv1ZZe60mC442ShNlueuN/vf7DFqAYnXLayW1SjSPRRxfeC9wpT85Ok5Dx1ims52eSEs X-Received: by 2002:a05:620a:4392:b0:7b6:d4df:2890 with SMTP id af79cd13be357-7bffccbfc62mr575702785a.4.1738172244007; Wed, 29 Jan 2025 09:37:24 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738172243; cv=pass; d=google.com; s=arc-20240605; b=as8lAIYEmCMnAv4hNx6I4vjy02tdbsa2gmJB3ZOw1GF175ehfIgo7is/NHDxTqnk8Y BK7gjKfjArnq60L6uhHgB2OC4dFfyRJXntBBTIV/EOIJCddNLJhrOue4zRrB3NYvX+Xv lJAOFP1+ZcNsxMfPAMzxZfFY064vBtEq3LauvbTsmnvMfm0Sb8gfX7P67DlO+j39YgkX IAJNhibb8/W6so7I1bAdTyr6rO69JputzxNUys4rI3X8FHzvniIC/i2ow2zsDl0Erxze o21d6/3nMVImf6CwlbOk6ULD4Ijt/v1QnCeKYdrAa6SXNb7tnOCgp4GKyXQSWHEpAJ4L fnlw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=I2GcEb6xFR86rEwuPf48DdfLhy6CWCOmFYx/GU28J8U=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=CWeqSng7FO399/tUUP1g7Yo6wxH1WM01toAKtT/WKw2GWMUNnsKrTnI/YVddwdXcE5 fKAKiK3NJxTyCWhCBbXDoC7lFN0IXEBA2k/qYGd8SLocz14tigbVgx5bI2CkWvmLiFkZ mZ7y3aoEBnWUweZtPOGeKk+vEzx/LcoXGZ7QBQvECY2VPEV4MIiLGYnH52+g6VMZWT8k apgoWkECvzBgqvXcpu58ZW8fq9Ct0AyAgJ9eQE+CvKZeJUHWzFaq7SjZqetnRQeY5ibN 004hgkOeictooLBZ02XqpCvvanOLzSqS0+39D08dYsv9GKL9KRTO8NuZaxABBZXudLXK mTkA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZjIcjjrF; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7be9af2a919si1550044785a.630.2025.01.29.09.37.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:37:23 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZjIcjjrF; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8C6C63857C63 for ; Wed, 29 Jan 2025 17:37:23 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8C6C63857C63 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=ZjIcjjrF X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) by sourceware.org (Postfix) with ESMTPS id 92F833857BBA for ; Wed, 29 Jan 2025 17:26:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 92F833857BBA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 92F833857BBA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171572; cv=none; b=gIowSubckegeJpo0dElktLSGzRQYXfc57QCnwjP8Ki1AjITE/dDN/pKzmmAT93iM9Zxo5ZW/hDB9bPsouAm7MkPaWGvVSka4DNFfpKEaS8ng4GQtyawkGkCPt30g+rsOOiXuXkvWHnmv9vE3e1QsmlmXtu1rExkb+9Obph7n9Vk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171572; c=relaxed/simple; bh=fogqID4jEg4xSLTWXswYABviyi+qJayp+pVWKXI2CM4=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=HYHDcVK/XfGicWLwIzU02Tvn5ibWpoMLRcx9DwLnGXGgjrNRzqtxYA9wswNo0TT9pGpefgBsRdFUAAEf2hAWAl71crEVuo4xhqaOP56FrUVTkP9oe6JsHS3uLeQzEtwZK6RBTaRYX9OOCP5Bdx3mZa8eRJIV8/JeNDZli8sEAIk= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 92F833857BBA Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-2161eb95317so128287465ad.1 for ; Wed, 29 Jan 2025 09:26:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171571; x=1738776371; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=I2GcEb6xFR86rEwuPf48DdfLhy6CWCOmFYx/GU28J8U=; b=ZjIcjjrFjdkuqLYCwuj9Xs7HXE68nICR+RuoiN/kHSjoIlNGKfMydLOCF8XrI3zTVL DKQPDhOrl6krI2zE7Oj0BwWiykeUqAb529ov8BAJxZGR39tTtifubIe/wYJOyNXRIz// mwf15SJHN6DFMVrCw/gxsaJ95tKgfovH5hnFfrwRg2u9TnhCPSbSK7MXpKxV2xogS7Gx 4fcyMlGjmWUNh/cfLI4lnqwlDRAAuE9DoFhzqJGsu+KNOL9g8oiMAICqaRKxl14e2J1n kOg6xh6p9RgXIYMjlUx0aKzWutCBv2LEbjCEpJDzCerlspYmMFAgNFLbLLcYWGRIkMK1 ydaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171571; x=1738776371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I2GcEb6xFR86rEwuPf48DdfLhy6CWCOmFYx/GU28J8U=; b=Y8HLbMnHdI+z1bpfaYKKoMypZPhWlnlw43gH+FU4cYHXyprLsqkD+wr1FM7kItKh2T xLkv+P08fHRMhw/81uihun+zsFQ8pIqkhrYZUbxGWRSuJ6fKwLY52Lc30nNkMMBs0mLG IfNmQr6PCztHxmqXmOMHkshdilgj7MLLWhx8/R8fSyqBKNG3zgYbPKAMhSJ1buVMlrP7 Db0jm2BQOSlegP7yEs3PtpmIWzDLmXiIHmLCqpeJfDySg28nVSuetVv6cqG5ghMeVdd5 BXKK6Lwp7gB+Ic7nKEU/wyF6y02wqWfaP7gZeYpxEVIQz0q2OpJz5NbwpDAVpxB3qWny Zz9Q== X-Gm-Message-State: AOJu0YxRi54oW+tuIvWmA6meNQX7leExKzy9F5VvBXK08d0MglbRN3Mv ITvf60n6ULPNMw4VKI+nLzBcDAp3ffU09G8N5Fuq5tqWDhFv/Uf8FWZwHT63aGRUsqlrX5Td7bL 7 X-Gm-Gg: ASbGncubnpjVz7OsabVEkFszn6moylwJaF2BTbGVzhpMTMZEKovF3fMCRrlHU/0UVia toA9tGdyLwDzP5Qk4mvsr78MZy5t32ubdJQIFnJE9vr+xwjSRTO0CZPIxz6CiMGk7lZfjVyiGye frBzpBFWzhBGjia2RFLYX3i25bz/7LxW39RUKtfSkWRu1GUD9n1wym/TUdIs7TiBAopuKUncr40 LuZPMli5yiqbmNcg7WQAVushQcPkcQCs7vEzGz12nGd71t+MrQEwkjhvm0g8d5xtaIyPvr/oQuZ DDRjxhQZT5mLBMb3NlXTL//QW0v9 X-Received: by 2002:a17:903:298d:b0:216:3436:b87e with SMTP id d9443c01a7336-21dd7dff854mr74485615ad.44.1738171570451; Wed, 29 Jan 2025 09:26:10 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.26.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:26:10 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 8/8] linux: Add memory sealing tests Date: Wed, 29 Jan 2025 14:22:42 -0300 Message-ID: <20250129172550.1119706-9-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The new tests added are: 1. tst-dl_mseal: check memory sealing is applied for statically linked binaries. 2. tst-dl_mseal-static: memory sealing is not applied if there is no gnu attribute for statically linked binaries. 3. tst-dl-mseal: check memory sealing works as expected on multiples places: - On the binary itself. - On a LD_PRELOAD library. - On a depedency modules (tst-dl_mseal-mod-{1,2}.so). - On a audit modules (tst-dl_mseal-auditmod.so). - On a dlopen dependency opened with RTLD_NODELETE). - On the libgcc_s Aopened by thread unwind. 4. tst-dl-mseal-noseal: check if mixing object with and without memory sealing works as expected. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- sysdeps/unix/sysv/linux/Makefile | 97 ++++++ .../sysv/linux/tst-dl_mseal-auditmod-noseal.c | 1 + .../unix/sysv/linux/tst-dl_mseal-auditmod.c | 23 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1.c | 19 ++ .../linux/tst-dl_mseal-dlopen-2-1-noseal.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c | 19 ++ .../sysv/linux/tst-dl_mseal-dlopen-2-noseal.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2.c | 19 ++ .../sysv/linux/tst-dl_mseal-mod-1-noseal.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c | 19 ++ .../sysv/linux/tst-dl_mseal-mod-2-noseal.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c | 80 +++++ .../sysv/linux/tst-dl_mseal-preload-noseal.c | 1 + .../unix/sysv/linux/tst-dl_mseal-preload.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-skeleton.c | 276 ++++++++++++++++++ .../sysv/linux/tst-dl_mseal-static-noseal.c | 45 +++ sysdeps/unix/sysv/linux/tst-dl_mseal-static.c | 42 +++ sysdeps/unix/sysv/linux/tst-dl_mseal.c | 78 +++++ 20 files changed, 852 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal.c diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index ac67b98406..670ed45964 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -685,6 +685,103 @@ tests-special += \ $(objpfx)tst-nolink-libc-1.out \ $(objpfx)tst-nolink-libc-2.out \ # tests-special + +ifeq ($(have-z-memory-seal),yes) +tests-static += \ + tst-dl_mseal-static \ + tst-dl_mseal-static-noseal \ + # tests-static + +tests += \ + $(tests-static) \ + tst-dl_mseal \ + tst-dl_mseal-noseal \ + # tests + +modules-names += \ + tst-dl_mseal-auditmod \ + tst-dl_mseal-auditmod-noseal \ + tst-dl_mseal-dlopen-1 \ + tst-dl_mseal-dlopen-1-1 \ + tst-dl_mseal-dlopen-2 \ + tst-dl_mseal-dlopen-2-1 \ + tst-dl_mseal-dlopen-2-1-noseal \ + tst-dl_mseal-dlopen-2-noseal \ + tst-dl_mseal-mod-1 \ + tst-dl_mseal-mod-1-noseal \ + tst-dl_mseal-mod-2 \ + tst-dl_mseal-mod-2-noseal \ + tst-dl_mseal-preload \ + tst-dl_mseal-preload-noseal \ + # modules-names + +$(objpfx)tst-dl_mseal.out: \ + $(objpfx)tst-dl_mseal-auditmod.so \ + $(objpfx)tst-dl_mseal-preload.so \ + $(objpfx)tst-dl_mseal-mod-1.so \ + $(objpfx)tst-dl_mseal-mod-2.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1.so + +$(objpfx)tst-dl_mseal-noseal.out: \ + $(objpfx)tst-dl_mseal-auditmod-noseal.so \ + $(objpfx)tst-dl_mseal-preload-noseal.so \ + $(objpfx)tst-dl_mseal-mod-1-noseal.so \ + $(objpfx)tst-dl_mseal-mod-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + +ifeq ($(default-memory-seal),yes) +CFLAGS-tst-dl_mseal.c += -DDEFAULT_MEMORY_SEAL +CFLAGS-tst-dl_mseal-noseal.c += -DDEFAULT_MEMORY_SEAL +endif + +LDFLAGS-tst-dl_mseal = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-static = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-mod-1.so = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-mod-2.so = -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-dlopen-1.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-2.so = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-preload.so = -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-auditmod.so = -Wl,-z,memory-seal + +tst-dl_mseal-dlopen-1-1.so-no-memory-seal = yes +tst-dl_mseal-dlopen-2-1.so-no-memory-seal = yes + +$(objpfx)tst-dl_mseal: $(objpfx)tst-dl_mseal-mod-1.so +$(objpfx)tst-dl_mseal-mod-1.so: $(objpfx)tst-dl_mseal-mod-2.so +$(objpfx)tst-dl_mseal-dlopen-1.so: $(objpfx)tst-dl_mseal-dlopen-1-1.so +$(objpfx)tst-dl_mseal-dlopen-2.so: $(objpfx)tst-dl_mseal-dlopen-2-1.so + +tst-dl_mseal-noseal-no-memory-seal = yes +tst-dl_mseal-preload-noseal.so-no-memory-seal = yes +tst-dl_mseal-auditmod-noseal.so-no-memory-seal = yes +tst-dl_mseal-mod-2-noseal.so-no-memory-seal = yes +tst-dl_mseal-dlopen-2-noseal.so-no-memory-seal =yes + +LDFLAGS-tst-dl_mseal-noseal = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-mod-1-noseal.so = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-mod-2-noseal.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-2-noseal.so = -Wl,--no-as-needed + +tst-dl_mseal-dlopen-2-1-noseal.so-no-memory-seal = yes + +$(objpfx)tst-dl_mseal-noseal: $(objpfx)tst-dl_mseal-mod-1-noseal.so +$(objpfx)tst-dl_mseal-mod-1-noseal.so: $(objpfx)tst-dl_mseal-mod-2-noseal.so +$(objpfx)tst-dl_mseal-dlopen-2-noseal.so: $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + +tst-dl_mseal-static-noseal-no-memory-seal = yes + +tst-dl_mseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-static-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-noseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-static-noseal-ARGS = -- $(host-test-program-cmd) +endif + endif endif # $(subdir) == elf diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c new file mode 100644 index 0000000000..a5b257d05e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c @@ -0,0 +1 @@ +#include "tst-dl_mseal-auditmod.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c new file mode 100644 index 0000000000..7767620456 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c @@ -0,0 +1,23 @@ +/* Audit module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +unsigned int +la_version (unsigned int v) +{ + return v; +} diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c new file mode 100644 index 0000000000..fd116536ee --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c new file mode 100644 index 0000000000..aa7a18390e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c new file mode 100644 index 0000000000..dc3d832343 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c new file mode 100644 index 0000000000..dc3d832343 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c new file mode 100644 index 0000000000..6be7ce4d3d --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c new file mode 100644 index 0000000000..6be7ce4d3d --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c new file mode 100644 index 0000000000..e8e42de5bf --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c new file mode 100644 index 0000000000..e8e42de5bf --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c new file mode 100644 index 0000000000..05226a443d --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c new file mode 100644 index 0000000000..05226a443d --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c new file mode 100644 index 0000000000..936518f0c2 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c @@ -0,0 +1,80 @@ +/* Basic tests for sealing. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* This test checks the GNU_PROPERTY_MEMORY_SEAL handling on multiple + places: + + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency module (tst-dl_mseal-mod-2-noseal.so). + - On a audit modules (tst-dl_mseal-auditmod-noeal.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-2-noseal.so). +*/ + +#define LIB_PRELOAD "tst-dl_mseal-preload-noseal.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2-noseal.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1-noseal.so" + +#define LIB_AUDIT "tst-dl_mseal-auditmod-noseal.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ +#ifdef DEFAULT_MEMORY_SEAL + "libc.so", + "ld.so", +#endif + "tst-dl_mseal-mod-1-noseal.so", +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ +#ifndef DEFAULT_MEMORY_SEAL + "libc.so", + "ld.so", +#endif + "tst-dl_mseal-noseal", + LIB_PRELOAD, + LIB_AUDIT, + "tst-dl_mseal-mod-2-noseal.so", + LIB_DLOPEN_NODELETE, + LIB_DLOPEN_NODELETE_DEP, + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c new file mode 100644 index 0000000000..32b4153e79 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c @@ -0,0 +1 @@ +#include "tst-dl_mseal-preload.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c new file mode 100644 index 0000000000..414c8c7295 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c new file mode 100644 index 0000000000..de04f117d5 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c @@ -0,0 +1,276 @@ +/* Basic tests for sealing. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#if UINTPTR_MAX == UINT64_MAX +# define PTR_FMT "#018" PRIxPTR +#else +# define PTR_FMT "#010" PRIxPTR +#endif + +static int +new_flags (const char flags[4]) +{ + bool read_flag = flags[0] == 'r'; + bool write_flag = flags[1] == 'w'; + bool exec_flag = flags[2] == 'x'; + + write_flag = !write_flag; + + return (read_flag ? PROT_READ : 0) + | (write_flag ? PROT_WRITE : 0) + | (exec_flag ? PROT_EXEC : 0); +} + +/* Libraries/VMA that could not be sealed, and that checking for sealing + does not work (kernel does not allow changing protection). */ +static const char *non_sealed_vmas[] = +{ + ".", /* basename value for empty string anonymous + mappings. */ + "[heap]", + "[vsyscall]", + "[vvar]", + "[stack]", + "[vvar_vclock]", + "zero", /* /dev/zero */ +}; + +static int +is_in_string_list (const char *s, const char *const list[], size_t len) +{ + for (size_t i = 0; i != len; i++) + if (strcmp (s, list[i]) == 0) + return i; + return -1; +} +#define IS_IN_STRING_LIST(__s, __list) \ + is_in_string_list (__s, __list, array_length (__list)) + +static void * +tf (void *closure) +{ + pthread_exit (NULL); + return NULL; +} + +static int +handle_restart (void) +{ +#ifndef TEST_STATIC + xdlopen (LIB_DLOPEN_NODELETE, RTLD_NOW | RTLD_NODELETE); + xdlopen (LIB_DLOPEN_DEFAULT, RTLD_NOW); +#endif + + /* pthread_exit will load LIBGCC_S_SO. */ + xpthread_join (xpthread_create (NULL, tf, NULL)); + + FILE *fp = xfopen ("/proc/self/maps", "r"); + char *line = NULL; + size_t linesiz = 0; + + unsigned long pagesize = getpagesize (); + + bool found_expected[array_length(expected_sealed_vmas)] = { false }; + while (xgetline (&line, &linesiz, fp) > 0) + { + uintptr_t start; + uintptr_t end; + char flags[5] = { 0 }; + char name[256] = { 0 }; + int idx; + + /* The line is in the form: + start-end flags offset dev inode pathname */ + int r = sscanf (line, + "%" SCNxPTR "-%" SCNxPTR " %4s %*s %*s %*s %256s", + &start, + &end, + flags, + name); + TEST_VERIFY_EXIT (r == 3 || r == 4); + + int found = false; + + const char *libname = basename (name); + if ((idx = IS_IN_STRING_LIST (libname, expected_sealed_vmas)) + != -1) + { + /* Check if we can change the protection flags of the segment. */ + int new_prot = new_flags (flags); + TEST_VERIFY_EXIT (mprotect ((void *) start, end - start, + new_prot) == -1); + TEST_VERIFY_EXIT (errno == EPERM); + + /* Also checks trying to map over the sealed libraries. */ + { + char *p = mmap ((void *) start, pagesize, new_prot, + MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + TEST_VERIFY_EXIT (p == MAP_FAILED); + TEST_VERIFY_EXIT (errno == EPERM); + } + + /* And if remap is also blocked. */ + { + char *p = mremap ((void *) start, end - start, end - start, 0); + TEST_VERIFY_EXIT (p == MAP_FAILED); + TEST_VERIFY_EXIT (errno == EPERM); + } + + printf ("sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + + found_expected[idx] = true; + found = true; + } + else if ((idx = IS_IN_STRING_LIST (libname, expected_non_sealed_vmas)) + != -1) + { + /* Check if expected non-sealed segments protection can indeed be + changed. The idea is to use something that would not break + process execution, so just try to mprotect with all protection + bits. */ + int new_prot = PROT_READ | PROT_WRITE | PROT_EXEC; + TEST_VERIFY_EXIT (mprotect ((void *) start, end - start, new_prot) + == 0); + + printf ("not-sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + + found = true; + } + else if (IS_IN_STRING_LIST (libname, expected_non_sealed_special) != -1) + { + /* These pages protection can no be changed. */ + found = true; + } + + if (!found) + { + if (IS_IN_STRING_LIST (libname, non_sealed_vmas) != -1) + printf ("not-sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + else + FAIL_EXIT1 ("unexpected vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + } + } + xfclose (fp); + + printf ("\n"); + + /* Also check if all the expected sealed maps were found. */ + for (int i = 0; i < array_length (expected_sealed_vmas); i++) + if (expected_sealed_vmas[i][0] && !found_expected[i]) + FAIL_EXIT1 ("expected VMA %s not sealed\n", expected_sealed_vmas[i]); + + return 0; +} + +static int restart; +#define CMDLINE_OPTIONS \ + { "restart", no_argument, &restart, 1 }, + +static int +do_test (int argc, char *argv[]) +{ + /* We must have either: + - One or four parameters left if called initially: + + path to ld.so optional + + "--library-path" optional + + the library path optional + + the application name */ + if (restart) + return handle_restart (); + + /* Check the test requirements. */ + { + int r = mseal (NULL, 0, 0); + if (r == -1 && (errno == ENOSYS || errno == EPERM)) + FAIL_UNSUPPORTED ("mseal is not supported by the kernel"); + else + TEST_VERIFY_EXIT (r == 0); + } + support_need_proc ("Reads /proc/self/maps to get stack names."); + + char *spargv[9]; + int i = 0; + for (; i < argc - 1; i++) + spargv[i] = argv[i + 1]; + spargv[i++] = (char *) "--direct"; + spargv[i++] = (char *) "--restart"; + spargv[i] = NULL; + + char *envvarss[] = { +#ifndef TEST_STATIC + (char *) "LD_PRELOAD=" LIB_PRELOAD, + (char *) "LD_AUDIT=" LIB_AUDIT, +#endif + NULL + }; + + struct support_capture_subprocess result = + support_capture_subprogram (spargv[0], spargv, envvarss); + support_capture_subprocess_check (&result, "tst-dl_mseal", 0, + sc_allow_stdout); + + { + FILE *out = fmemopen (result.out.buffer, result.out.length, "r"); + TEST_VERIFY (out != NULL); + char *line = NULL; + size_t linesz = 0; + while (xgetline (&line, &linesz, out)) + printf ("%s", line); + fclose (out); + } + + support_capture_subprocess_free (&result); + + return 0; +} + +#define TEST_FUNCTION_ARGV do_test +#include diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c new file mode 100644 index 0000000000..9a0a0b3037 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c @@ -0,0 +1,45 @@ +/* Basic tests for sealing. Static version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks the GNU_PROPERTY_MEMORY_SEAL handling on a statically + built binary. In this case only the vDSO (if existent) will be sealed. */ + +#define TEST_STATIC 1 + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "", +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + "tst-dl_mseal-static-noseal", + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Auxiliary kernel pages where permission can not be changed. */ +static const char *expected_non_sealed_special[] = +{ + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c new file mode 100644 index 0000000000..d98ec1fa12 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c @@ -0,0 +1,42 @@ +/* Basic tests for sealing. Static version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks the memory sealing work on a statically built binary. */ + +#define TEST_STATIC 1 + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "tst-dl_mseal-static", +}; + +/* Auxiliary pages mapped by the kernel. */ +static const char *expected_non_sealed_vmas[] = +{ + "[vdso]", + "[sigpage]", +}; + +/* Auxiliary kernel pages where permission can not be changed. */ +static const char *expected_non_sealed_special[] = +{ + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal.c new file mode 100644 index 0000000000..3df28dfba7 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal.c @@ -0,0 +1,78 @@ +/* Basic tests for sealing. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* Check if memory sealing works as expected on multiples places: + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency modules (tst-dl_mseal-mod-{1,2}.so). + - On a audit modules (tst-dl_mseal-auditmod.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-{2,2-1}.so). + - On the libgcc_s opened by thread unwind. +*/ + +#define LIB_PRELOAD "tst-dl_mseal-preload.so" +#define LIB_AUDIT "tst-dl_mseal-auditmod.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ +#ifdef DEFAULT_MEMORY_SEAL + "libc.so", + "ld.so", +#endif + "tst-dl_mseal", + "tst-dl_mseal-mod-1.so", + "tst-dl_mseal-mod-2.so", + LIB_PRELOAD, + LIB_AUDIT, + LIB_DLOPEN_NODELETE, +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ +#ifndef DEFAULT_MEMORY_SEAL + "libc.so", + "ld.so", +#endif + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + LIB_DLOPEN_NODELETE_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c"