From patchwork Tue Jun 18 19:40:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1949454 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=RyV3GpEJ; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4W3cZV23l6z20Ws for ; Wed, 19 Jun 2024 05:41:38 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8773C3884503 for ; Tue, 18 Jun 2024 19:41:36 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by sourceware.org (Postfix) with ESMTPS id E39A93882AF8 for ; Tue, 18 Jun 2024 19:41:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E39A93882AF8 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E39A93882AF8 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102e ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718739675; cv=none; b=GCAjDjvNHed9WxKzGYwd6LWS7Q81BRisoWTM/5O0hMucaYCHlBRVrq6phcpMY5BDszl8tHGn3s8kYiBbzG8f1wo+v5lcs66h6fIs//Z6VjLcHYJQNBsC25YbxEfRLYHTg92U4/2QMubtAKBvcO8UpoLRFjZWFmIwoWt3rwUr0UY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718739675; c=relaxed/simple; bh=s8Vci8rh4HMnzTunCwI2Ou2uUT81ktVnYuYdClg0ks4=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=BsYBY5uKivt+XJoFuGId3De7Uk3yKCbs7pHtlRIRHTRV3KNjnUUMoUfttezfhvqEeFf0TyPkQYqWq4HXEFZv0QOgd0kfzRPXmvv2hd/w48lITnvulbinlD19WpCb/v39qjQkYUUAbooaY93fPFW7yAE5yfwO94ccftEOcEO54Hk= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x102e.google.com with SMTP id 98e67ed59e1d1-2c7a51e21ebso634800a91.2 for ; Tue, 18 Jun 2024 12:41:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1718739671; x=1719344471; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dArv3wuRvZH7fw63TR/dWY4jNZE7C3+N7F2wQrelluc=; b=RyV3GpEJIXZdKXg1oU0rxrkii/KKbd6+NCsVJVHl7P7u/7M1pDDT+UKDag5paHxyXA b14BAKIEAXRQ1eLhI/KIZuIID9cV7ZMAPaAfP+X6hQf97Lc3kIizuJAnFAoG1dxCMoaK mdazYfbtxL1NlVvVEUiXEhQaNzVKzqnaMJwa3Flner1rKUcJoUlZZ8SVs5wQd2jtSQ4a 6NUuM2YfA3fjyE3kYNFq7fn6xoecacu/tXNR0hno9QLdXTyoLJtwQqhNbLQlUJnIO37i TQmTEJ4WvnL43LLan90IcvqslAm8YIGP3LAJgGrURYtpvvvvQNhHzAWudlO7QUqarN6u zGww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718739671; x=1719344471; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dArv3wuRvZH7fw63TR/dWY4jNZE7C3+N7F2wQrelluc=; b=bKs6I6BoWGLaimOeKdY1i1q86hk1UkXS/WacgNqBeEnDbifNT9vfNSyhi/htE9zXWL JsM8e7C9wzxLHwjd4Asi7a9Roq1vePJgTUxReTr8i1unTk2Q8PlSvPe2vC7d8UqpOhVe 6olm4CXUa5+UPADMUsAP1BUuLojKAOkdgiy9Ti9pfj38Dp7oK/a3N38008q3GHa7bdcg /KtWI13ruM34AThNdJSOFR3YQhjdxeXMGUfIWRZHhI/1giAkrD1CZEhraRwjurnToJ2v L/1SroeARjmBb5zrNzyC2liKeaefLOJcBzDUNqJa8zZnPhsOWjQlZ8PHw8Y++YYv0xhb L9ew== X-Gm-Message-State: AOJu0YxMeWzST5BNS9vitw0auF8zD/oWRSZgyY9yEnvgcCeiZ0QYPPm0 77t/G5ciCDQoNj795klxMK5wrR0uebl5tmQNo7JuHKvnMfRLy1YdlrI14U1QlOFxe6KAnXtr/Ea s X-Google-Smtp-Source: AGHT+IHh6O3DaLRdw2cofzPQozUS644L85+AeshVOp9y0Zjs17WPBM6xqXs+HmsifGgPlsc1y6XV9A== X-Received: by 2002:a17:90a:6fe3:b0:2c7:b164:3ce6 with SMTP id 98e67ed59e1d1-2c7b5cc9652mr697659a91.28.1718739671040; Tue, 18 Jun 2024 12:41:11 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:5c0d:de56:b6f3:eeae:13e7]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2c50c4ce173sm6209093a91.23.2024.06.18.12.41.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Jun 2024 12:41:10 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: "H . J . Lu" , Florian Weimer , Zack Weinberg Subject: [PATCH v3 1/4] elf: Consolidate stackinfo.h Date: Tue, 18 Jun 2024 16:40:19 -0300 Message-ID: <20240618194102.2059389-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240618194102.2059389-1-adhemerval.zanella@linaro.org> References: <20240618194102.2059389-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_ASCII_DIVIDERS, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org And use sane default the generic implementation. --- sysdeps/aarch64/stackinfo.h | 33 --------------------- sysdeps/arc/stackinfo.h | 33 --------------------- sysdeps/csky/stackinfo.h | 29 ------------------ sysdeps/generic/stackinfo.h | 15 ++++++++-- sysdeps/loongarch/stackinfo.h | 33 --------------------- sysdeps/nios2/stackinfo.h | 33 --------------------- sysdeps/powerpc/{ => powerpc32}/stackinfo.h | 8 +---- sysdeps/riscv/stackinfo.h | 33 --------------------- 8 files changed, 13 insertions(+), 204 deletions(-) delete mode 100644 sysdeps/aarch64/stackinfo.h delete mode 100644 sysdeps/arc/stackinfo.h delete mode 100644 sysdeps/csky/stackinfo.h delete mode 100644 sysdeps/loongarch/stackinfo.h delete mode 100644 sysdeps/nios2/stackinfo.h rename sysdeps/powerpc/{ => powerpc32}/stackinfo.h (82%) delete mode 100644 sysdeps/riscv/stackinfo.h diff --git a/sysdeps/aarch64/stackinfo.h b/sysdeps/aarch64/stackinfo.h deleted file mode 100644 index 5a4dce7309..0000000000 --- a/sysdeps/aarch64/stackinfo.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Copyright (C) 2001-2024 Free Software Foundation, Inc. - - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation; either version 2.1 of the - License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - . */ - -/* This file contains a bit of information about the stack allocation - of the processor. */ - -#ifndef _STACKINFO_H -#define _STACKINFO_H 1 - -#include - -/* On AArch64 the stack grows down. */ -#define _STACK_GROWS_DOWN 1 - -/* Default to a non-executable stack. */ -#define DEFAULT_STACK_PERMS (PF_R|PF_W) - -#endif /* stackinfo.h */ diff --git a/sysdeps/arc/stackinfo.h b/sysdeps/arc/stackinfo.h deleted file mode 100644 index 99a7f56ea0..0000000000 --- a/sysdeps/arc/stackinfo.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Stack environment definitions for ARC. - Copyright (C) 2020-2024 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library. If not, see - . */ - -/* This file contains a bit of information about the stack allocation - of the processor. */ - -#ifndef _STACKINFO_H -#define _STACKINFO_H 1 - -#include - -/* On ARC the stack grows down. */ -#define _STACK_GROWS_DOWN 1 - -/* Default to a non-executable stack. */ -#define DEFAULT_STACK_PERMS (PF_R|PF_W) - -#endif /* stackinfo.h */ diff --git a/sysdeps/csky/stackinfo.h b/sysdeps/csky/stackinfo.h deleted file mode 100644 index ef22fa3249..0000000000 --- a/sysdeps/csky/stackinfo.h +++ /dev/null @@ -1,29 +0,0 @@ -/* Stack environment definitions. C-SKY version. - Copyright (C) 2018-2024 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library. If not, see - . */ - -#ifndef _STACKINFO_H -#define _STACKINFO_H 1 - -#include - -/* On C-SKY the stack grows down. */ -#define _STACK_GROWS_DOWN 1 - -#define DEFAULT_STACK_PERMS (PF_R|PF_W) - -#endif /* stackinfo.h */ diff --git a/sysdeps/generic/stackinfo.h b/sysdeps/generic/stackinfo.h index bf752ce94d..51e5f92055 100644 --- a/sysdeps/generic/stackinfo.h +++ b/sysdeps/generic/stackinfo.h @@ -15,6 +15,15 @@ License along with the GNU C Library; if not, see . */ -/* This file contains a bit of information about the stack allocation - of the processor. Since there is no general truth we can't say - anything here. */ +/* This file contains a bit of information about the stack allocation of the + processor. Default to a non executable stack that grows downwards. */ + +#ifndef _STACKINFO_H +#define _STACKINFO_H 1 + +#include + +#define _STACK_GROWS_DOWN 1 +#define DEFAULT_STACK_PERMS (PF_R|PF_W) + +#endif diff --git a/sysdeps/loongarch/stackinfo.h b/sysdeps/loongarch/stackinfo.h deleted file mode 100644 index 6ee50552b7..0000000000 --- a/sysdeps/loongarch/stackinfo.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Stack environment definitions for LoongArch. - Copyright (C) 2022-2024 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library. If not, see - . */ - -/* This file contains a bit of information about the stack allocation - of the processor. */ - -#ifndef _STACKINFO_H -#define _STACKINFO_H 1 - -#include - -/* On LoongArch the stack grows down. */ -#define _STACK_GROWS_DOWN 1 - -/* Default to a non-executable stack. */ -#define DEFAULT_STACK_PERMS (PF_R | PF_W) - -#endif /* stackinfo.h */ diff --git a/sysdeps/nios2/stackinfo.h b/sysdeps/nios2/stackinfo.h deleted file mode 100644 index e67d53ee87..0000000000 --- a/sysdeps/nios2/stackinfo.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Stack environment definitions for Nios II. - Copyright (C) 2012-2024 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library. If not, see - . */ - -/* This file contains a bit of information about the stack allocation - of the processor. */ - -#ifndef _STACKINFO_H -#define _STACKINFO_H 1 - -#include - -/* On Nios II the stack grows down. */ -#define _STACK_GROWS_DOWN 1 - -/* Default to a non-executable stack. */ -#define DEFAULT_STACK_PERMS (PF_R|PF_W) - -#endif /* stackinfo.h */ diff --git a/sysdeps/powerpc/stackinfo.h b/sysdeps/powerpc/powerpc32/stackinfo.h similarity index 82% rename from sysdeps/powerpc/stackinfo.h rename to sysdeps/powerpc/powerpc32/stackinfo.h index 410689bc27..2ca360068a 100644 --- a/sysdeps/powerpc/stackinfo.h +++ b/sysdeps/powerpc/powerpc32/stackinfo.h @@ -26,13 +26,7 @@ /* On PPC the stack grows down. */ #define _STACK_GROWS_DOWN 1 -#if __WORDSIZE == 64 -/* PPC64 doesn't need an executable stack and doesn't need PT_GNU_STACK - * to make the stack nonexecutable. */ -# define DEFAULT_STACK_PERMS (PF_R|PF_W) -#else /* PF_X can be overridden if PT_GNU_STACK is present but is presumed absent. */ -# define DEFAULT_STACK_PERMS (PF_R|PF_W|PF_X) -#endif +#define DEFAULT_STACK_PERMS (PF_R|PF_W|PF_X) #endif /* stackinfo.h */ diff --git a/sysdeps/riscv/stackinfo.h b/sysdeps/riscv/stackinfo.h deleted file mode 100644 index a786d4f9b0..0000000000 --- a/sysdeps/riscv/stackinfo.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Stack environment definitions for RISC-V. - Copyright (C) 2011-2024 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library. If not, see - . */ - -/* This file contains a bit of information about the stack allocation - of the processor. */ - -#ifndef _STACKINFO_H -#define _STACKINFO_H 1 - -#include - -/* On RISC-V the stack grows down. */ -#define _STACK_GROWS_DOWN 1 - -/* Default to a non-executable stack. */ -#define DEFAULT_STACK_PERMS (PF_R | PF_W) - -#endif /* stackinfo.h */ From patchwork Tue Jun 18 19:40:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1949455 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=Wj3zmw96; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4W3cZd6G32z20Ws for ; Wed, 19 Jun 2024 05:41:45 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 29A3A3883033 for ; Tue, 18 Jun 2024 19:41:44 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by sourceware.org (Postfix) with ESMTPS id 91120388301C for ; Tue, 18 Jun 2024 19:41:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 91120388301C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 91120388301C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::530 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718739680; cv=none; b=eU5V6IItxLnYios+oR2vor4vZN8yivRujciCFeXjj7lAPCSXBscwBjS5sE3e+sM739TG6a5G/byRF3x5ukBcqjHJEECxiIfMg6w3iCdFiEkj1TlicOCP2cTQlxRyc8ghD8176geGhpkMrPo0kcaPZe1P5aUmH5owIbrLPekTHHI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718739680; c=relaxed/simple; bh=8qLSOugBWNRV3JKMmCY1bz/LK620l/Nek6hKL/BzNNo=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=ebpGsc0eE7OYyCQgDaUM1ePNrvMPx3lv+ZS/g7WGs43bijnB6EwZjS934j+q8G+XAGT4rgHOMcOv0tUKOnFlTpzW1Lu0FymcIcxntbh6lhyvFn1Do5duPqKR88my7QrY0BlERESfLA0T5FtVkkyyoviRAFiPCsBoX1Jp3cagwc4= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pg1-x530.google.com with SMTP id 41be03b00d2f7-70b2421471aso1742867a12.0 for ; Tue, 18 Jun 2024 12:41:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1718739674; x=1719344474; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KauE5RJ342qe/WB39CELC+AddylRRSbMIFezWKpjw7o=; b=Wj3zmw96tgKZ+0du8lS92adK4TtYl3CmGR5KH7/CevNB4MKic/rzY+B4oIqY1rLG/g PTXVjGMU8isNeeIoFzSEe0mUhTFFQNdJ1MF4WeJlDc6GDEzCTw2BoEW0UXe8XyEfPl3O KBRPfjxLgtVeZTOyR2jYxp7F3qT/cpmo/NqVL0sMz9mwil5YbrAzv+Awxtt1kEfJPvHL V54l7t/jRrilANC2WiQ2HGpy7C1WVL7slkCqQJ/UOBE/d8extdXYv9NvOObkJ1kgdvBh Ln+VcmXtwKzigN1L7Xvdc5td90Sz+T3E4iqkbCcVFbRwNhgw6P6AiFMT2fpDSp9aAch7 Cfgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718739674; x=1719344474; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KauE5RJ342qe/WB39CELC+AddylRRSbMIFezWKpjw7o=; b=nMXCbXQt65uI34UdMKETo7J+A2wyXmBkFGKcL7RrTeh9RnnOnTFfYwG3PQmISP/do1 S4mGvgyk0FytwGa5RrFhxw5L3oEDsHcUYXVjPxSGTb9LciDPdmPFn9VH9u3aNagvF001 4ZMcf9AkKFvtyqzQ7XKpAovj3FP709eErB4DAROvTSLkJi1EuF1SucydT+G3BGu738D6 Wvgv0OvRS83baa2VTYP1WzONTHjB++84+r4eA1hMfcQpjsqlMJQh8uImW66+ZwsWs59P MAdyLOv4yiWUPAfQmdiQmE3p9cCCPfE1rvpbmKaWxXy2rtcb3Ryfz/8wC4ZcGs/U564N wlxQ== X-Gm-Message-State: AOJu0Yzk4keVMl+1fmWPmr3NeDnzu2YQwGySAd7D0hoIXW/hCUNPBP1D N5mGlRxZj7Hx3kb95/LqCBzaLmgzOwa522BA2SYeR5wd80vHh+diK6k3HGK2E4HuOwrd9SByPhE k X-Google-Smtp-Source: AGHT+IGAEfae01NZ7lug5YhV4TlzUIt9vC0eZGRSRdEzMjI79Fi6ndZ2kN61fTllabdGILVlwnwrgw== X-Received: by 2002:a17:90a:ce15:b0:2c4:aa69:c4bc with SMTP id 98e67ed59e1d1-2c7b5af8252mr716008a91.19.1718739673841; Tue, 18 Jun 2024 12:41:13 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:5c0d:de56:b6f3:eeae:13e7]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2c50c4ce173sm6209093a91.23.2024.06.18.12.41.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Jun 2024 12:41:13 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: "H . J . Lu" , Florian Weimer , Zack Weinberg Subject: [PATCH v3 2/4] elf: Do not change stack permission on dlopen/dlmopen Date: Tue, 18 Jun 2024 16:40:20 -0300 Message-ID: <20240618194102.2059389-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240618194102.2059389-1-adhemerval.zanella@linaro.org> References: <20240618194102.2059389-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org If some shared library loaded with dlopen/dlmopen requires an executable stack, either implicitly because of a missing GNU_STACK ELF header (where the ABI default flags implies in the executable bit) or explicitly because of the executable bit from GNU_STACK; the loader will try to set the both the main thread and all thread stacks (from the pthread cache) as executable. Besides the issue where any __nptl_change_stack_perm failure does not undo the previous executable transition (meaning that if the library fails to load, there can be thread stacks with executable stacks), this behavior was used on recent CVE [1] as a vector for RCE. This patch changes that if a shared library requires an executable stack, and the current stack is not executable, dlopen fails. The change is done only for dynamically loaded modules, if the program or any dependency requires an executable stack, the loader will still change the main thread before program execution and any thread created with default stack configuration. [1] https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt Checked on x86_64-linux-gnu and i686-linux-gnu. --- NEWS | 8 ++ elf/dl-load.c | 11 +- elf/tst-execstack.c | 142 ++++++++++--------------- nptl/allocatestack.c | 19 ---- sysdeps/nptl/pthreadP.h | 6 -- sysdeps/unix/sysv/linux/Versions | 3 - sysdeps/unix/sysv/linux/dl-execstack.c | 67 +----------- sysdeps/unix/sysv/linux/mips/Makefile | 7 ++ 8 files changed, 79 insertions(+), 184 deletions(-) diff --git a/NEWS b/NEWS index 20e263f581..43ff2ee23b 100644 --- a/NEWS +++ b/NEWS @@ -47,6 +47,14 @@ Deprecated and removed features, and other changes affecting compatibility: (except for login_tty) due to locking and session management problems. +* dlopen and dlmopen do not make the stack executable if the shared + library requires it and the stack is not already executable. If the + program requires an executable stack, either implicitly because of + a missing GNU_STACK ELF header (and default ABI permission having the + executable bit set) or explicitly because of the executable bit in + GNU_STACK, glibc will change the main thread, and any created thread + stack executable. + Changes to build and runtime requirements: [Add changes to build and runtime requirements here] diff --git a/elf/dl-load.c b/elf/dl-load.c index 8a89b71016..015595aac4 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1298,12 +1298,17 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X)) { /* The stack is presently not executable, but this module - requires that it be executable. */ + requires that it be executable. Only tries to change the + stack protection during process startup. */ + if ((mode & __RTLD_DLOPEN) == 0) #if PTHREAD_IN_LIBC - errval = _dl_make_stacks_executable (stack_endp); + errval = _dl_make_stacks_executable (stack_endp); #else - errval = (*GL(dl_make_stack_executable_hook)) (stack_endp); + errval = (*GL(dl_make_stack_executable_hook)) (stack_endp); #endif + else + errval = EINVAL; + if (errval) { errstring = N_("\ diff --git a/elf/tst-execstack.c b/elf/tst-execstack.c index 560b353918..cd758c089e 100644 --- a/elf/tst-execstack.c +++ b/elf/tst-execstack.c @@ -9,6 +9,11 @@ #include #include +#include +#include +#include +#include + static void print_maps (void) { @@ -20,11 +25,21 @@ print_maps (void) #endif } -static void deeper (void (*f) (void)); +#ifndef DEFAULT_RWX_STACK +# define DEFAULT_RWX_STACK 0 +#else +static void +deeper (void (*f) (void)) +{ + char stack[1100 * 1024]; + explicit_bzero (stack, sizeof stack); + (*f) (); + memfrob (stack, sizeof stack); +} +#endif #if USE_PTHREADS -# include - +# if DEFAULT_RWX_STACK static void * tryme_thread (void *f) { @@ -32,16 +47,21 @@ tryme_thread (void *f) return 0; } +# endif static pthread_barrier_t startup_barrier, go_barrier; static void * waiter_thread (void *arg) { - void **f = arg; - pthread_barrier_wait (&startup_barrier); - pthread_barrier_wait (&go_barrier); + xpthread_barrier_wait (&startup_barrier); + xpthread_barrier_wait (&go_barrier); +# if DEFAULT_RWX_STACK + void **f = arg; (*((void (*) (void)) *f)) (); +# else + abort (); +# endif return 0; } @@ -83,52 +103,36 @@ do_test (void) printf ("executable stacks %sallowed\n", allow_execstack ? "" : "not "); +#if USE_PTHREADS || DEFAULT_RWX_STACK static void *f; /* Address of this is used in other threads. */ +#endif #if USE_PTHREADS /* Create some threads while stacks are nonexecutable. */ #define N 5 - pthread_t thr[N]; - pthread_barrier_init (&startup_barrier, NULL, N + 1); - pthread_barrier_init (&go_barrier, NULL, N + 1); + xpthread_barrier_init (&startup_barrier, NULL, N + 1); + xpthread_barrier_init (&go_barrier, NULL, N + 1); for (int i = 0; i < N; ++i) - { - int rc = pthread_create (&thr[i], NULL, &waiter_thread, &f); - if (rc) - error (1, rc, "pthread_create"); - } + xpthread_create (NULL, &waiter_thread, &f); /* Make sure they are all there using their stacks. */ - pthread_barrier_wait (&startup_barrier); + xpthread_barrier_wait (&startup_barrier); puts ("threads waiting"); #endif print_maps (); -#if USE_PTHREADS +#if USE_PTHREADS && DEFAULT_RWX_STACK void *old_stack_addr, *new_stack_addr; size_t stack_size; pthread_t me = pthread_self (); pthread_attr_t attr; - int ret = 0; - - ret = pthread_getattr_np (me, &attr); - if (ret) - { - printf ("before execstack: pthread_getattr_np returned error: %s\n", - strerror (ret)); - return 1; - } - ret = pthread_attr_getstack (&attr, &old_stack_addr, &stack_size); - if (ret) - { - printf ("before execstack: pthread_attr_getstack returned error: %s\n", - strerror (ret)); - return 1; - } + TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0); + TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &old_stack_addr, + &stack_size) == 0); # if _STACK_GROWS_DOWN old_stack_addr += stack_size; # else @@ -143,18 +147,12 @@ do_test (void) const char *soname = "tst-execstack-mod.so"; #endif void *h = dlopen (soname, RTLD_LAZY); - if (h == NULL) - { - printf ("cannot load: %s\n", dlerror ()); - return allow_execstack; - } +#if !DEFAULT_RWX_STACK + TEST_VERIFY_EXIT (h == NULL); +#else + TEST_VERIFY_EXIT (h != NULL); - f = dlsym (h, "tryme"); - if (f == NULL) - { - printf ("symbol not found: %s\n", dlerror ()); - return 1; - } + f = xdlsym (h, "tryme"); /* Test if that really made our stack executable. The `tryme' function should crash if not. */ @@ -163,28 +161,15 @@ do_test (void) print_maps (); -#if USE_PTHREADS - ret = pthread_getattr_np (me, &attr); - if (ret) - { - printf ("after execstack: pthread_getattr_np returned error: %s\n", - strerror (ret)); - return 1; - } - - ret = pthread_attr_getstack (&attr, &new_stack_addr, &stack_size); - if (ret) - { - printf ("after execstack: pthread_attr_getstack returned error: %s\n", - strerror (ret)); - return 1; - } - -# if _STACK_GROWS_DOWN +# if USE_PTHREADS + TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0); + TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &new_stack_addr, + &stack_size) == 0); +# if _STACK_GROWS_DOWN new_stack_addr += stack_size; -# else +# else new_stack_addr -= stack_size; -# endif +# endif /* It is possible that the dlopen'd module may have been mmapped just below the stack. The stack size is taken as MIN(stack rlimit size, end of last @@ -194,48 +179,29 @@ do_test (void) stacksize and stackaddr respectively. If the size changes due to the above, then both stacksize and stackaddr can change, but the stack bottom should remain the same, which is computed as stackaddr + stacksize. */ - if (old_stack_addr != new_stack_addr) - { - printf ("Stack end changed, old: %p, new: %p\n", - old_stack_addr, new_stack_addr); - return 1; - } + TEST_VERIFY_EXIT (old_stack_addr == new_stack_addr); printf ("Stack address remains the same: %p\n", old_stack_addr); -#endif +# endif /* Test that growing the stack region gets new executable pages too. */ deeper ((void (*) (void)) f); print_maps (); -#if USE_PTHREADS +# if USE_PTHREADS /* Test that a fresh thread now gets an executable stack. */ - { - pthread_t th; - int rc = pthread_create (&th, NULL, &tryme_thread, f); - if (rc) - error (1, rc, "pthread_create"); - } + xpthread_create (NULL, &tryme_thread, f); puts ("threads go"); /* The existing threads' stacks should have been changed. Let them run to test it. */ - pthread_barrier_wait (&go_barrier); + xpthread_barrier_wait (&go_barrier); pthread_exit ((void *) (long int) (! allow_execstack)); +# endif #endif return ! allow_execstack; } -static void -deeper (void (*f) (void)) -{ - char stack[1100 * 1024]; - explicit_bzero (stack, sizeof stack); - (*f) (); - memfrob (stack, sizeof stack); -} - - #include diff --git a/nptl/allocatestack.c b/nptl/allocatestack.c index f35a8369bd..8069d3e0ae 100644 --- a/nptl/allocatestack.c +++ b/nptl/allocatestack.c @@ -446,25 +446,6 @@ allocate_stack (const struct pthread_attr *attr, struct pthread **pdp, lll_unlock (GL (dl_stack_cache_lock), LLL_PRIVATE); - - /* There might have been a race. Another thread might have - caused the stacks to get exec permission while this new - stack was prepared. Detect if this was possible and - change the permission if necessary. */ - if (__builtin_expect ((GL(dl_stack_flags) & PF_X) != 0 - && (prot & PROT_EXEC) == 0, 0)) - { - int err = __nptl_change_stack_perm (pd); - if (err != 0) - { - /* Free the stack memory we just allocated. */ - (void) __munmap (mem, size); - - return err; - } - } - - /* Note that all of the stack and the thread descriptor is zeroed. This means we do not have to initialize fields with initial value zero. This is specifically true for diff --git a/sysdeps/nptl/pthreadP.h b/sysdeps/nptl/pthreadP.h index 30e8a2d177..79af27449a 100644 --- a/sysdeps/nptl/pthreadP.h +++ b/sysdeps/nptl/pthreadP.h @@ -280,12 +280,6 @@ __do_cancel (void) extern void __nptl_free_tcb (struct pthread *pd); libc_hidden_proto (__nptl_free_tcb) -/* Change the permissions of a thread stack. Called from - _dl_make_stacks_executable and pthread_create. */ -int -__nptl_change_stack_perm (struct pthread *pd); -rtld_hidden_proto (__nptl_change_stack_perm) - /* longjmp handling. */ extern void __pthread_cleanup_upto (__jmp_buf target, char *targetframe); libc_hidden_proto (__pthread_cleanup_upto) diff --git a/sysdeps/unix/sysv/linux/Versions b/sysdeps/unix/sysv/linux/Versions index 268ba1b6ac..05297934d6 100644 --- a/sysdeps/unix/sysv/linux/Versions +++ b/sysdeps/unix/sysv/linux/Versions @@ -356,7 +356,4 @@ ld { __rseq_offset; __rseq_size; } - GLIBC_PRIVATE { - __nptl_change_stack_perm; - } } diff --git a/sysdeps/unix/sysv/linux/dl-execstack.c b/sysdeps/unix/sysv/linux/dl-execstack.c index b986898598..0b71ffca6d 100644 --- a/sysdeps/unix/sysv/linux/dl-execstack.c +++ b/sysdeps/unix/sysv/linux/dl-execstack.c @@ -16,19 +16,10 @@ License along with the GNU C Library; if not, see . */ -#include #include -#include -#include -#include -#include -#include -#include -#include -#include -static int -make_main_stack_executable (void **stack_endp) +int +_dl_make_stacks_executable (void **stack_endp) { /* This gives us the highest/lowest page that needs to be changed. */ uintptr_t page = ((uintptr_t) *stack_endp @@ -52,57 +43,3 @@ make_main_stack_executable (void **stack_endp) return 0; } - -int -_dl_make_stacks_executable (void **stack_endp) -{ - /* First the main thread's stack. */ - int err = make_main_stack_executable (stack_endp); - if (err != 0) - return err; - - lll_lock (GL (dl_stack_cache_lock), LLL_PRIVATE); - - list_t *runp; - list_for_each (runp, &GL (dl_stack_used)) - { - err = __nptl_change_stack_perm (list_entry (runp, struct pthread, list)); - if (err != 0) - break; - } - - /* Also change the permission for the currently unused stacks. This - might be wasted time but better spend it here than adding a check - in the fast path. */ - if (err == 0) - list_for_each (runp, &GL (dl_stack_cache)) - { - err = __nptl_change_stack_perm (list_entry (runp, struct pthread, - list)); - if (err != 0) - break; - } - - lll_unlock (GL (dl_stack_cache_lock), LLL_PRIVATE); - - return err; -} - -int -__nptl_change_stack_perm (struct pthread *pd) -{ -#if _STACK_GROWS_DOWN - void *stack = pd->stackblock + pd->guardsize; - size_t len = pd->stackblock_size - pd->guardsize; -#elif _STACK_GROWS_UP - void *stack = pd->stackblock; - size_t len = (uintptr_t) pd - pd->guardsize - (uintptr_t) pd->stackblock; -#else -# error "Define either _STACK_GROWS_DOWN or _STACK_GROWS_UP" -#endif - if (__mprotect (stack, len, PROT_READ | PROT_WRITE | PROT_EXEC) != 0) - return errno; - - return 0; -} -rtld_hidden_def (__nptl_change_stack_perm) diff --git a/sysdeps/unix/sysv/linux/mips/Makefile b/sysdeps/unix/sysv/linux/mips/Makefile index d5725c69d8..05ec9150b2 100644 --- a/sysdeps/unix/sysv/linux/mips/Makefile +++ b/sysdeps/unix/sysv/linux/mips/Makefile @@ -61,6 +61,7 @@ ifeq ($(subdir),elf) # this test is expected to fail. ifneq ($(mips-has-gnustack),yes) test-xfail-check-execstack = yes +CFLAGS-tst-execstack.c += -DDEFAULT_RWX_STACK=1 endif endif @@ -68,6 +69,12 @@ ifeq ($(subdir),stdlib) gen-as-const-headers += ucontext_i.sym endif +ifeq ($(subdir),nptl) +ifeq ($(mips-force-execstack),yes) +CFLAGS-tst-execstack-threads.c += -DDEFAULT_RWX_STACK=1 +endif +endif + ifeq ($(mips-force-execstack),yes) CFLAGS-.o += -Wa,-execstack CFLAGS-.os += -Wa,-execstack From patchwork Tue Jun 18 19:40:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1949457 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=RvzaFvag; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4W3cbZ3q6Yz20Ws for ; Wed, 19 Jun 2024 05:42:34 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C9957388450F for ; Tue, 18 Jun 2024 19:42:32 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by sourceware.org (Postfix) with ESMTPS id 386EA3883022 for ; Tue, 18 Jun 2024 19:41:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 386EA3883022 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 386EA3883022 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::529 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718739681; cv=none; b=uGfBrsz5ky79F4bL+dPmyn4p8R095YyE6CPKpC2VKhFLJGbe1c9H+JvOhMoQ4/wHZTTMMbCkArXhk8pX5HfzmOTLgq26fBDS+TW5wKdWu+utLASA2XfhUI4c7S6J7YHv/TvgZKMFa1Us4+ynXvU0mHz6ULsxWUVRF84leX/00bQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718739681; c=relaxed/simple; bh=qXjTLwA1GKgQ83QYUwsp0VN/aCyLjm37BBQ//IH+KS8=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=GMNX0GMcQusAKZrtbHL289SctAGGEHBqMY3RGesy7gFAIP5nAdQnRBncBHLWp37rHpkQwen7ZV2Mdz6lszoaNcUFFo0u2rBreOB1dvTUwD9K8qVfEv6puRH8pWhKWgDvD11fUYymECqa45kLyyE/vwzIu2lWhpQbkdFM76nYnWg= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-6e41550ae5bso4314533a12.3 for ; Tue, 18 Jun 2024 12:41:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1718739676; x=1719344476; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qkkHnyhbUER4+85Hxpq9m7J9UiE8+pyGgsjA6Opb4Ds=; b=RvzaFvagI32yUyx5/KOoRKHOIt+tvAipF/DCnUD6MlljCoPtBEVKoZo8aoVLv+NnqZ uMx7KI8OYjqw5h18kLUYDmVzQZU8ev501WfntnVwxB2k34RQYvjCHMFteiqKeIQ2bLHE VkP+cNKC0xoLLA2JEkDqiF5xD2y9Sv+eYTOdszqW7oHG9wSEFcoGaTYOKzBDATYCWVwP dkz38NK9yTcvl4BK3x9v9zON6NpNvy88+9UwspNWlHnOEH25KIy64pogzg1w4tgIycQp 08v135Y+k2FqTh5zgCpzy0JD5lJknL8k9NXeX+mTADsl0R5mGXjarjEghYU0kfaZSXnD QvMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718739676; x=1719344476; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qkkHnyhbUER4+85Hxpq9m7J9UiE8+pyGgsjA6Opb4Ds=; b=wJWT2NCbupaGDVbHIiKNZGM9bDhD6bGnvNPbGQHrawC/Kd/8gqD/7dyfpCdKx2JHnh 9Gv3dJVl7A682KYlTfP/Djdb9G7PgGrcEL2Sc34KcsBiEYZA6SBdTJ3bmVNElPFxYN6E jPvYgTR1QkAPSeg3N43tRO9iVkG6oFu/+sis5PYqoagC3HnyEv99s4oLjC1l7472HnyH CM0yJ+ivpRdPCCYxVAcMIZQOb0ZCvXJEm8jzZZhHyNc+OeQzUaTLojyDtrqGTeV9tHQJ JLvFYCFbVyoqHoxlQD+C0/CyqM4WBHpsHkq4+JFtzDpZeDRFQYjBWPbReMUqUOeLHe2Y 4kCA== X-Gm-Message-State: AOJu0YwLFl4DZVrYYHtkT06GA6OB5yImE/7Vjf6uH1wc5+O4tkVuwOs8 dI2sWQooiqdFEFeZ89LJW5JLUDFVxENwcnjoe77ni6nGVrZrQhmgxZnKqJacAkfCPfbH07/WR1k v X-Google-Smtp-Source: AGHT+IE1ug+nkiqDh/9MSc3308KjrH2avmv5vhZczkujxuzG7EI+Jp/qDt8NvxZpPKmnxNKeaofh5Q== X-Received: by 2002:a17:90a:be15:b0:2c7:ab29:a751 with SMTP id 98e67ed59e1d1-2c7b5cfcaedmr646015a91.29.1718739676521; Tue, 18 Jun 2024 12:41:16 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:5c0d:de56:b6f3:eeae:13e7]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2c50c4ce173sm6209093a91.23.2024.06.18.12.41.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Jun 2024 12:41:15 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: "H . J . Lu" , Florian Weimer , Zack Weinberg Subject: [PATCH v3 3/4] elf: Add tst-execstack-prog-static Date: Tue, 18 Jun 2024 16:40:21 -0300 Message-ID: <20240618194102.2059389-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240618194102.2059389-1-adhemerval.zanella@linaro.org> References: <20240618194102.2059389-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Similar to tst-execstack-prog, check if executable stacks works for statically linked programs. --- elf/Makefile | 7 +++++++ elf/tst-execstack-prog-static.c | 1 + 2 files changed, 8 insertions(+) create mode 100644 elf/tst-execstack-prog-static.c diff --git a/elf/Makefile b/elf/Makefile index bb6cd06dec..604b7df1cc 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -543,6 +543,9 @@ tests-execstack-yes = \ tst-execstack-needed \ tst-execstack-prog \ # tests-execstack-yes +tests-execstack-static-yes = \ + tst-execstack-prog-static + # tests-execstack-static-yes endif ifeq ($(have-depaudit),yes) tests += \ @@ -630,6 +633,7 @@ $(objpfx)tst-rtld-does-not-exist.out: tst-rtld-does-not-exist.sh $(objpfx)ld.so $(evaluate-test) tests += $(tests-execstack-$(have-z-execstack)) +tests-static+= $(tests-execstack-static-$(have-z-execstack)) ifeq ($(run-built-tests),yes) tests-special += \ $(objpfx)noload-mem.out \ @@ -1856,6 +1860,9 @@ LDFLAGS-tst-execstack-needed = -Wl,-z,noexecstack LDFLAGS-tst-execstack-prog = -Wl,-z,execstack CFLAGS-tst-execstack-prog.c += -Wno-trampolines CFLAGS-tst-execstack-mod.c += -Wno-trampolines + +LDFLAGS-tst-execstack-prog-static = -Wl,-z,execstack +CFLAGS-tst-execstack-prog-static.c += -Wno-trampolines endif LDFLAGS-tst-array2 = -Wl,--no-as-needed diff --git a/elf/tst-execstack-prog-static.c b/elf/tst-execstack-prog-static.c new file mode 100644 index 0000000000..328065dd9c --- /dev/null +++ b/elf/tst-execstack-prog-static.c @@ -0,0 +1 @@ +#include From patchwork Tue Jun 18 19:40:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1949456 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=nP8gDaPU; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4W3cbT109vz20Ws for ; Wed, 19 Jun 2024 05:42:29 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4EA7B3884509 for ; Tue, 18 Jun 2024 19:42:27 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) by sourceware.org (Postfix) with ESMTPS id EC0333884506 for ; Tue, 18 Jun 2024 19:41:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EC0333884506 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EC0333884506 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718739683; cv=none; b=m/slEUfDIvip4JfIc+zlRkZ2JkSfXOYpR61pVUdiZ0XREXbo4Dw2sBcphY+ne3WzHXpDU4EFaXCU4G9zMqBNuDP+XIdxtQQrWs0gUqi4M84d01YNmNFBB65Ij+pSYZFafAkcLQRpr/flvyiQqBZvwikepVghrYvGpXI0JD05is8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718739683; c=relaxed/simple; bh=AFKzKZo1EDucHVht4TnxTOev7pJpitFbdS7YPH+uRKQ=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=mVHHhwB3l6V5SC2sLIfrYsOcCpLhs5C1xrX8zepN9P8ZgnEy8WN4i33U3Cqn3/1esFeX8fJyi4TF2IIXPKQzjuhdyHNO38CUuOhqqKYdAy0T11PyNr0UVild9DbXzbH5cm+6B8WBB0uvlGulvgHR/gphL+6tUSXLsg5ii5Y1Ti0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x102a.google.com with SMTP id 98e67ed59e1d1-2c2c6277ef3so4710118a91.3 for ; Tue, 18 Jun 2024 12:41:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1718739679; x=1719344479; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=chjxx9tjsBqV4FmM3sK2j+rIarvYoFXxbD0+MwtHycw=; b=nP8gDaPUxFayqmbO1Gj3roceA5ZxkYsbugB/yAZVlhFjVBAXyuXSbhbnU5tC+0kGTC AacrYAJEJoVL/QdRfZE/pH58Ej2amy9+FXYn1PPNHqlNHMhPm7iGHCVBznra8mHD0GCg w8ZlcH9zUbnq9uTCkyovq1GASc+PrNo5kLiKhqULWohzXOs1G1Bmhi2ZwEv+RvzOHuLH 8GeNkF/uv/mxEZ0V5m/RH8/3gZUnx0oN4Fn/rA0vJyXVX8WFeGQht1Rbm+JOzzK+N/7j YAhB8aeU2XVpvGqovfQDEgl7YmWylztrMTBUT2z3qqcGTUpD7F28gd/NrWzuxfebtuTe Y8hA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718739679; x=1719344479; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=chjxx9tjsBqV4FmM3sK2j+rIarvYoFXxbD0+MwtHycw=; b=lMnClhhJ8kSwguycYMRrObOXXXC+kJWwCLGJNf3qSR2o5Z00nd+2LjdN3Q+mnqrYlA MVk73z4bLp74O4ItzcyTEuq6jV5mOPvJ8ychrrf0r/t8Qd4JSuvi78q4iTf4DF4ZYICl rYCe3Xq/VxbhPkLvbCWOUB73EfWDxhuBBEHQxWXGiWpoT+b8S8S9EmDvn1atGKdD1dd5 36TQPdxIcRMGIIWGQiOid/RV82XScfSaNKa88euYJiz0eUR+ZntmHnhx1P3bLB/k8hD9 c+DnRmUf6GcoL2uPuVH+a1QPZUAYkkVeydFjUkOKGybEjaNGqof5ccdQm7HPXELSoTD/ CwqA== X-Gm-Message-State: AOJu0YxnSJTob4LRe3vtXhvwi9E4xfnfIBqW7RNLgRXNoP7dqpMzpw21 HO7ra5quoBlwwXuzuA/Z/G3kpYY+iZWC5ga097xvmgtJLPYwp+4VdXGah3x/jqIlUkLtrUhXWTP Q X-Google-Smtp-Source: AGHT+IHB0CyhM272OxLyjQZpjq3V2pSUHc0CZ3w/OgTBevQ8gB4HaF0i0w6e7ONgvhkQWQhNCV0uNw== X-Received: by 2002:a17:90a:bd8f:b0:2c7:22d6:98e with SMTP id 98e67ed59e1d1-2c7b5c82772mr716590a91.19.1718739679166; Tue, 18 Jun 2024 12:41:19 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:5c0d:de56:b6f3:eeae:13e7]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2c50c4ce173sm6209093a91.23.2024.06.18.12.41.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Jun 2024 12:41:18 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: "H . J . Lu" , Florian Weimer , Zack Weinberg Subject: [PATCH v3 4/4] elf: Add glibc.rtld.execstack Date: Tue, 18 Jun 2024 16:40:22 -0300 Message-ID: <20240618194102.2059389-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240618194102.2059389-1-adhemerval.zanella@linaro.org> References: <20240618194102.2059389-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org The new tunable can be used to control whether executable stacks are allowed from either the main program or dependencies. The default is to allow executable stacks. The executable stacks default permission is checked agains the one provided by the PT_GNU_STACK from program headers (if present). The tunable also disables the stack permission change if any dependency requires an executable stack at loading time. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. --- NEWS | 4 ++++ elf/Makefile | 42 ++++++++++++++++++++++++++++++++++ elf/dl-load.c | 4 +++- elf/dl-support.c | 5 ++++ elf/dl-tunables.list | 6 +++++ elf/rtld.c | 4 ++++ elf/tst-rtld-list-tunables.exp | 1 + manual/tunables.texi | 19 +++++++++++++++ 8 files changed, 84 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 43ff2ee23b..a5bbf3851b 100644 --- a/NEWS +++ b/NEWS @@ -36,6 +36,10 @@ Major new features: * On Linux, update epoll header to include epoll ioctl definitions and related structure added in Linux kernel 6.9. +* A new tunable, glibc.rtld.execstack, can be used to control whether + executable stacks are allowed from either main program or dependencies. + The default is to allow executable stacks. + Deprecated and removed features, and other changes affecting compatibility: * Architectures which use a 32-bit seconds-since-epoch field in struct diff --git a/elf/Makefile b/elf/Makefile index 604b7df1cc..dba6a6ddac 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -546,6 +546,11 @@ tests-execstack-yes = \ tests-execstack-static-yes = \ tst-execstack-prog-static # tests-execstack-static-yes +tests-execstack-special-yes = \ + $(objpfx)tst-execstack-prog-noexecstack.out \ + $(objpfx)tst-execstack-needed-noexecstack.out \ + $(objpfx)tst-execstack-prog-static-noexecstack.out \ + # tests-execstack-special-yes endif ifeq ($(have-depaudit),yes) tests += \ @@ -634,6 +639,7 @@ $(objpfx)tst-rtld-does-not-exist.out: tst-rtld-does-not-exist.sh $(objpfx)ld.so tests += $(tests-execstack-$(have-z-execstack)) tests-static+= $(tests-execstack-static-$(have-z-execstack)) +tests-special += $(tests-execstack-special-$(have-z-execstack)) ifeq ($(run-built-tests),yes) tests-special += \ $(objpfx)noload-mem.out \ @@ -1863,6 +1869,42 @@ CFLAGS-tst-execstack-mod.c += -Wno-trampolines LDFLAGS-tst-execstack-prog-static = -Wl,-z,execstack CFLAGS-tst-execstack-prog-static.c += -Wno-trampolines + +ifeq (yes,$(build-hardcoded-path-in-tests)) +tst-execstack-prog-noexecstack-msg = "Fatal glibc error: executable stack is not allowed$$" +else +tst-execstack-prog-noexecstack-msg = "error while loading shared libraries:.*cannot enable executable stack as shared object requires:" +endif + +$(objpfx)tst-execstack-prog-noexecstack.out: $(objpfx)tst-execstack-prog + $(test-program-cmd-before-env) \ + $(run-program-env) \ + GLIBC_TUNABLES=glibc.rtld.execstack=0 \ + $(test-program-cmd-after-env) $< \ + > $@ 2>&1; echo "status: $$?" >> $@; \ + grep -q $(tst-execstack-prog-noexecstack-msg) $@ \ + && grep -q '^status: 127$$' $@; \ + $(evaluate-test) + +$(objpfx)tst-execstack-needed-noexecstack.out: $(objpfx)tst-execstack-needed + $(test-program-cmd-before-env) \ + $(run-program-env) \ + GLIBC_TUNABLES=glibc.rtld.execstack=0 \ + $(test-program-cmd-after-env) $< \ + > $@ 2>&1; echo "status: $$?" >> $@; \ + grep -q 'error while loading shared libraries:.*cannot enable executable stack as shared object requires:' $@ \ + && grep -q '^status: 127$$' $@; \ + $(evaluate-test) + +$(objpfx)tst-execstack-prog-static-noexecstack.out: $(objpfx)tst-execstack-prog-static + $(test-program-cmd-before-env) \ + $(run-program-env) \ + GLIBC_TUNABLES=glibc.rtld.execstack=0 \ + $< \ + > $@ 2>&1; echo "status: $$?" >> $@; \ + grep -q 'Fatal glibc error: executable stack is not allowed$$' $@ \ + && grep -q '^status: 127$$' $@; \ + $(evaluate-test) endif LDFLAGS-tst-array2 = -Wl,--no-as-needed diff --git a/elf/dl-load.c b/elf/dl-load.c index 015595aac4..75550fe089 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -32,6 +32,7 @@ #include #include #include +#include /* Type for the buffer we put the ELF header and hopefully the program header. This buffer does not really have to be too large. In most @@ -1300,7 +1301,8 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, /* The stack is presently not executable, but this module requires that it be executable. Only tries to change the stack protection during process startup. */ - if ((mode & __RTLD_DLOPEN) == 0) + if ((mode & __RTLD_DLOPEN) == 0 + && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 1) #if PTHREAD_IN_LIBC errval = _dl_make_stacks_executable (stack_endp); #else diff --git a/elf/dl-support.c b/elf/dl-support.c index 451932dd03..b674468572 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -45,6 +45,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -335,6 +336,10 @@ _dl_non_dynamic_init (void) break; } + if ((__glibc_unlikely (GL(dl_stack_flags)) & PF_X) + && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 0) + _dl_fatal_printf ("Fatal glibc error: executable stack is not allowed\n"); + call_function_static_weak (_dl_find_object_init); /* Setup relro on the binary itself. */ diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list index 1186272c81..2d6febc249 100644 --- a/elf/dl-tunables.list +++ b/elf/dl-tunables.list @@ -142,6 +142,12 @@ glibc { maxval: 1 default: 0 } + execstack { + type: INT_32 + minval: 0 + maxval: 1 + default: 1 + } } mem { diff --git a/elf/rtld.c b/elf/rtld.c index e9525ea987..5793f291e4 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1668,6 +1668,10 @@ dl_main (const ElfW(Phdr) *phdr, bool has_interp = rtld_setup_main_map (main_map); + if ((__glibc_unlikely (GL(dl_stack_flags)) & PF_X) + && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 0) + _dl_fatal_printf ("Fatal glibc error: executable stack is not allowed\n"); + /* If the current libname is different from the SONAME, add the latter as well. */ if (GL(dl_rtld_map).l_info[DT_SONAME] != NULL diff --git a/elf/tst-rtld-list-tunables.exp b/elf/tst-rtld-list-tunables.exp index db0e1c86e9..9f5990f340 100644 --- a/elf/tst-rtld-list-tunables.exp +++ b/elf/tst-rtld-list-tunables.exp @@ -13,5 +13,6 @@ glibc.malloc.top_pad: 0x20000 (min: 0x0, max: 0x[f]+) glibc.malloc.trim_threshold: 0x0 (min: 0x0, max: 0x[f]+) glibc.rtld.dynamic_sort: 2 (min: 1, max: 2) glibc.rtld.enable_secure: 0 (min: 0, max: 1) +glibc.rtld.execstack: 1 (min: 0, max: 1) glibc.rtld.nns: 0x4 (min: 0x1, max: 0x10) glibc.rtld.optional_static_tls: 0x200 (min: 0x0, max: 0x[f]+) diff --git a/manual/tunables.texi b/manual/tunables.texi index 8dd02d8149..f1674f31ea 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -356,6 +356,25 @@ tests for @code{AT_SECURE} programs and not meant to be a security feature. The default value of this tunable is @samp{0}. @end deftp +@deftp Tunable glibc.rtld.execstack +@theglibc{} will use either the default architecture flags (that might contain +the executable bit) or the value of @code{PT_GNU_STACK} (if present), and if +the program or any shared library dependency require an executable stack the +loader will change the main stack permission if kernel starts with a non +executable stack. + +The @code{glibc.rtld.execstack} tunable allows the user to control whether +to control executable stacks from the main program or dependencies. Setting +its value to @code{0} disable executable stacks, where @code{1} enables it. +The default value is @code{1}. + +When executable stacks are not allowed, and if the main program or dependencies +require an executable stack, the loader will fail with an error message. +@strong{NB:} Trying to load a dynamic shared library with @code{dlopen} or +@code{dlmopen} that requires an executable stack will always fail if the +default flags does not contain the executable bit. +@end deftp + @node Elision Tunables @section Elision Tunables @cindex elision tunables