From patchwork Tue Jun  7 23:53:08 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fangrui Song <maskray@google.com>
X-Patchwork-Id: 1640270
Return-Path: <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (1024-bit key;
 secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256
 header.s=default header.b=M9/e91WN;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org
 (client-ip=8.43.85.97; helo=sourceware.org;
 envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org;
 receiver=<UNKNOWN>)
Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LHnHZ5HVmz9sFr
	for <incoming@patchwork.ozlabs.org>; Wed,  8 Jun 2022 09:53:30 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 2D3113843852
	for <incoming@patchwork.ozlabs.org>; Tue,  7 Jun 2022 23:53:28 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2D3113843852
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1654646008;
	bh=+KHRm7V6OdsL4v0/e/KrUSlmElqk0xWcg3OA2xdhHmQ=;
	h=Date:Subject:To:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=M9/e91WNFzEDqgRn54tuZGocMT3HAKABx4csPo6LyQVKzJjFAbWyq4yJSHpXfgfyy
	 9Uk0nGDTQwULKp8hNCl3rzWmURvEDDhccewvqlmE+T4OqO0iAG+rMI7B46pVma8P4o
	 8wApPY7NPKBldfQ7W03ugK94Xv+4wXQQ15Cxb8QU=
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
 by sourceware.org (Postfix) with ESMTPS id 671DB384B0C5
 for <libc-alpha@sourceware.org>; Tue,  7 Jun 2022 23:53:13 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 671DB384B0C5
Received: by mail-yb1-xb4a.google.com with SMTP id
 q200-20020a252ad1000000b006632baa38deso9848264ybq.15
 for <libc-alpha@sourceware.org>; Tue, 07 Jun 2022 16:53:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
 bh=+KHRm7V6OdsL4v0/e/KrUSlmElqk0xWcg3OA2xdhHmQ=;
 b=3bsiUxSDYJhr3s3UqyyfR0spJLibs9GTkN9Ts1GmDWLhlqJYMMgY5ZkyvMYcgIFnMz
 2Pjh+FSmu89xQ0O1iHsuSGWQowfb1jKJJxh7V7+JD84x3RRWRB1509BasigMvN8q4CB7
 BMPab7nS2CR2ouFq/MGFEzo4EazIcp6yQ6tv4jAMu1+ddGy0YJq+eHVZKMcioW9ZzK3t
 PViLALunKvC2+98exFbTGJceAOJgcnEUDwdy9x51E5nYvyYzBokoI8vqEv7MZBC+UBJX
 giTfOEoK9dJUJ9nTNX32F3yZmGS/HSBgFMiiwks39TMLsJx5f0jMz4cuUbIQLcU7y29f
 vWEw==
X-Gm-Message-State: AOAM532h1vZODQQjU1jI2nSI8jocQKp9sQMl0WWC627t65CxSr1zuSwo
 lLs88VkY/FWA2yF3mQMxbPMv9J30jq3tb5uPpj1r+E/aWCyUDA+0E3iU9uRImHmje87rCQbzTsU
 0wzifoZVjwFP5e8i+dRqip6rYL235DyyFA25bBDQIIEjdHQfxTa2iGwj9Gl4vo1aE5xI/
X-Google-Smtp-Source: 
 ABdhPJw0lKOI9WnbcA8c1/ZpBkcsldo9H9xKDgwa2AYIJNTsqPUOWb8GfjrDgjAH4cMbBLrhUL2i2S6DPjv7
X-Received: from maskray1.svl.corp.google.com
 ([2620:15c:2ce:200:dfe:1f0f:4f14:c886])
 (user=maskray job=sendgmr) by 2002:a81:8c6:0:b0:313:6083:9665 with SMTP id
 189-20020a8108c6000000b0031360839665mr1653230ywi.391.1654645992642; Tue, 07
 Jun 2022 16:53:12 -0700 (PDT)
Date: Tue,  7 Jun 2022 16:53:08 -0700
Message-Id: <20220607235308.1190097-1-maskray@google.com>
Mime-Version: 1.0
Subject: [PATCH] elf: Refine direct extern access diagnostics to protected
 symbol
To: libc-alpha@sourceware.org
X-Spam-Status: No, score=-19.6 required=5.0 tests=BAYES_00, DKIMWL_WL_MED,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE,
 USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Fangrui Song via Libc-alpha
 <libc-alpha@sourceware.org>
From: Fangrui Song <maskray@google.com>
Reply-To: Fangrui Song <maskray@google.com>
Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>

Refine commit 349b0441dab375099b1d7f6909c1742286a67da9:

1. Copy relocations for extern protected data do not work properly,
regardless whether GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS is used.
It makes sense to produce a warning unconditionally.  When the defining
shared object has GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS, report
an error to satisfy the "no copy relocations" enforcement intended by
this GNU property.

2. Non-zero value of an undefined function symbol may break pointer
equality, but may be benign in many cases (many programs don't take the
address in the shared object then compare it with the address in the
executable).  Report a warning instead.  While here, reword the
diagnostic to be clearer.

3. Remove the unneeded condition !(undef_map->l_1_needed &
GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS). If the executable has
GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (can only occur in error
cases), the diagnostic should be emitted as well.
---
 sysdeps/generic/dl-protected.h | 46 ++++++++++++++++++----------------
 1 file changed, 25 insertions(+), 21 deletions(-)

diff --git a/sysdeps/generic/dl-protected.h b/sysdeps/generic/dl-protected.h
index 88cb8ec917..ed40d9fea9 100644
--- a/sysdeps/generic/dl-protected.h
+++ b/sysdeps/generic/dl-protected.h
@@ -26,29 +26,33 @@ _dl_check_protected_symbol (const char *undef_name,
 			    const struct link_map *map,
 			    int type_class)
 {
-  if (undef_map != NULL
-      && undef_map->l_type == lt_executable
-      && !(undef_map->l_1_needed
-	   & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS)
-      && (map->l_1_needed
-	  & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS))
+  if (undef_map == NULL || undef_map->l_type != lt_executable)
+    return;
+
+  if (type_class & ELF_RTYPE_CLASS_COPY)
     {
-      if ((type_class & ELF_RTYPE_CLASS_COPY))
-	/* Disallow copy relocations in executable against protected
-	   data symbols in a shared object which needs indirect external
-	   access.  */
-	_dl_signal_error (0, map->l_name, undef_name,
-			  N_("copy relocation against non-copyable protected symbol"));
-      else if (ref->st_value != 0
-	       && ref->st_shndx == SHN_UNDEF
-	       && (type_class & ELF_RTYPE_CLASS_PLT))
-	/* Disallow non-zero symbol values of undefined symbols in
-	   executable, which are used as the function pointer, against
-	   protected function symbols in a shared object with indirect
-	   external access.  */
-	_dl_signal_error (0, map->l_name, undef_name,
-			  N_("non-canonical reference to canonical protected function"));
+      /* Disallow copy relocations in executable against protected
+	 data symbols in a shared object which needs indirect external
+	 access.  */
+      _dl_error_printf ("warning: copy relocation against non-copyable "
+			"protected symbol `%s' in `%s'\n",
+			undef_name, map->l_name);
+
+      if (map->l_1_needed & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS)
+	_dl_signal_error (
+	    0, map->l_name, undef_name,
+	    N_ ("error due to GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS"));
     }
+  else if ((type_class & ELF_RTYPE_CLASS_PLT) && ref->st_value != 0
+	   && ref->st_shndx == SHN_UNDEF)
+    /* Disallow non-zero symbol values of undefined symbols in
+       executable, which are used as the function pointer, against
+       protected function symbols in a shared object with indirect
+       external access.  */
+    _dl_error_printf (
+	"warning: direct reference to "
+	"protected function `%s' in `%s' may break pointer equality\n",
+	undef_name, map->l_name);
 }
 
 #endif /* _DL_PROTECTED_H */