From patchwork Wed Oct 16 17:01:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 835814 Delivered-To: patch@linaro.org Received: by 2002:a5d:6804:0:b0:37d:45d0:187 with SMTP id w4csp542859wru; Wed, 16 Oct 2024 10:04:58 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX8JfCcSeFO7WIeMhMPAgsELByW8RC5kL8enfbtcStb4/aQdIr+vElkt/84ohMSlF6TPp8l/g==@linaro.org X-Google-Smtp-Source: AGHT+IFhu14If6CbROJVzns8VXAJDy3VVMAaiQWVR6twmGrllZALYaZX/5OPvkFg3844prH+08Z/ X-Received: by 2002:a05:622a:110a:b0:455:9ee:fe60 with SMTP id d75a77b69052e-4604bb943e9mr294727611cf.8.1729098298252; Wed, 16 Oct 2024 10:04:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1729098298; cv=pass; d=google.com; s=arc-20240605; b=QPcV2DOAfBjQkA5cl9UNW9jfAbB7mGvVjTJQ7wO+iHeOeerLSPg7t4afJp5dUIjbXG z1Ubvps/stHVxFS2YOmItnd8RV4KWrlnfGM6mPR4kesak8cc09lYNN0f+fCQAkGmXcu0 lU5XexJr9GPT+zTD+tw67YfH1NytIvORQ1UyElCFtO7XNVM9Peh2JiNlERxBwswivs7K LqpOOlcPhcbcmSKUmnyY/CYRuhk3IPk+8nmA6Nycd/pYutQXZ+bzYbQdL1lxXdeWKa5s FtYW+nV+YekXzH4SiLJvTl0uD9HeAOdDliuRzaMGK8phr70X7ZuRt90kBeQFHa8ziJEX EQYg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature :arc-filter:dmarc-filter:delivered-to; bh=qG08xlf9RZGBy1BjPeUkxxUbdNV/o8tyR2OHoScX/c0=; fh=rjCpEwa0NAgCAfKxc1n8YCvYLFmdHeGXz6gk9UDhPEY=; b=FzqHXI3UwwFUzjTCk5/aVYUDkjj2rFhzfZxnY3qEEZD4xhxBC8H9gJz2gGbXbu62TT 36Ry5ghEFZwPAWP7Wu2dpM+rElSe9U8qlMKKxXAEHbtYbVpf5oiSXXLrEDRXpw1EWaSg nlU0SigH6AIKycOfI7HfAfnZQYF/UiWDFs4LIgKFVoLR3whuu+PvKl1Xzd5ukqgntHIt +IJFWpkYjqcxB7pUICvXBm2TGFQBrtC/jGqTHDoNSpoilXg1i4u68tItF7A24MSBhqou GeXdqwq8ekXoyIPAtDoTTgz24J+jW3KiO191V9uK+HquAvisBmXnUCdVk75AaYe53AO9 JgMQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=i+I5P8+0; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id ada2fe7eead31-4a5acb23de5si1109480137.66.2024.10.16.10.04.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2024 10:04:58 -0700 (PDT) Received-SPF: pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=i+I5P8+0; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CCBBE385783B for ; Wed, 16 Oct 2024 17:04:57 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) by sourceware.org (Postfix) with ESMTPS id CF7363858D33 for ; Wed, 16 Oct 2024 17:04:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CF7363858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CF7363858D33 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::631 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729098282; cv=none; b=Gk10cywwLHXv1TariL7z/Aui55UdWXiCcG5pEf+HfsxgP2LpXTWL1aefCWTn6egeXEv4odvxDxWUQVBA/fHngBeAsxyPCMZVYWAKH7qp73O1syI7BfXe5iC3lAciOQCZrgID28p6kBpFbs/LFDTwCAvO/3RJ81L0ZG5Fa11OPME= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729098282; c=relaxed/simple; bh=iGvG17UJu7Qxw4f+pyRXzsSn0I7+yRxVIY+Wjsbnw/I=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=VnP8SddSeKfnoIKZgwUlZl7SSMNN6/qq30lGxI9wKMt8RjjHJUdwOe7FyfFt6U9uTRCSdulA66ubWAZsV6mp44AalG2C4qfBXs6OGkfZG+vFe8IQtXvgUkRsA5ZaHRO/b9RNDF1h/QoH1nW6quf9Kts9ejsOKs0xCihY1Tjnfi0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x631.google.com with SMTP id d9443c01a7336-20cb7088cbcso379685ad.0 for ; Wed, 16 Oct 2024 10:04:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1729098279; x=1729703079; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=qG08xlf9RZGBy1BjPeUkxxUbdNV/o8tyR2OHoScX/c0=; b=i+I5P8+0o9HgjxpK7Gvnpitp97ZSCRzj0aqcyU0OVENJJ9cDqgWd3dsT83Hp7YMzu6 nLipMaBBpmEnX+ndzjqRRp9FUInKI7HhKJ32OCQrOwLtkTwONa3T4FZqsIdIXdMphQyx jsocGTwjNGm5BU0HPXHniV+pzAxwX6+kDtshCKGEHg+0l7xKhiEQbn0YbMYW6t/wUa+X LB+JHwI4hTgu+DCMpIAHyAeShlL3g7RjKveAPFszLw15KgLAHETRPIdJxTFuAv23vRs6 BnIPI4zhWff2+jSwksSlFPhku9yYsbqqBFYL1Pqm+EwIfVH2TgraGzhjp0GRTmGhIIkj F6pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729098279; x=1729703079; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qG08xlf9RZGBy1BjPeUkxxUbdNV/o8tyR2OHoScX/c0=; b=jS3+fAvm2EYTtG51+hr2/3fUI9MFsun+7Z3X+tRZKoHAy3R/NsqLy0UPkXlmy8S/HJ Uu1JEA6l7HleMgfyYe2s3oEpkWQ9KwQmKHrwmxU1pTatXuhhco0E8y8KHF0/hGT2UqRN /LbP7vzWXxVc/a80znl8q5mTXAwd/cu/vv7SquWQaI5oNx1NPDtb72W/OyWTpFE/pzgq UqRBHkfE8HAnK3AiyhUuIOZ9AWGjy+fikny8QZtJ+BKOR0WSv9CZT51O4NLQv5N6OZKl BIPTi4IUJyb040xkzZdbV2uBkrfpsGvdtd1c7R4UBZnKMG6/R9K5r2khdL2j1H1egpS0 vXsg== X-Gm-Message-State: AOJu0Ywx4qcnK6edosvLphMcKlRNwv3d3qt0haCMp9S2zjFjA4BLCwMw HAIOtP8DqF+qjW+UQGaCBClQ8/+qabEdB/Q8UbUCu/YAxXMLKVdLPcefGloT0IbKbyFLGKtd2Jt 9 X-Received: by 2002:a17:903:1108:b0:20c:ea0a:9665 with SMTP id d9443c01a7336-20cea0a98aemr154164095ad.32.1729098279555; Wed, 16 Oct 2024 10:04:39 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c3:1434:ab87:e5f9:1b86:daf6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20d1805cdaesm30912895ad.281.2024.10.16.10.04.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2024 10:04:39 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , "H . J . Lu" Subject: [PATCH v3 0/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property Date: Wed, 16 Oct 2024 14:01:10 -0300 Message-ID: <20241016170435.1404114-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patch=linaro.org@sourceware.org The new attribute indicates that an ET_EXEC or ET_DYN ELF object should be memory-sealed if the loader supports it. Memory sealing is useful as a hardening mechanism to avoid either remapping the memory segments or changing the memory protection segments layout by the dynamic loader (for instance, the RELRO hardening). The Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370) added the mseal syscall accomplishes it. A GNU property is used instead of a new dynamic sectiopn tag (like the one proposed fro DT_GNU_FLAGS_1) to allow memory sealing to work with ET_EXEC without PT_DYNAMIC support (at least for glibc some ports still do no support static-pie). The first patch adds the -Wl,memory-seal/-Wl,nomemory-seal options to ld.bfd. The GNU_PROPERTY_MEMORY_SEAL property is added only for ET_EXEC or ET_DYN objects. The second patch adds similar support for ld.gold. The third patch adds the ld --enable-memory-seal configure options to enable the memory sealing mark as default (similar to other security hardening as RELRO or non-executable stacks). Changes v2->v3: * Do not add or merge the GNU_PROPERTY_MEMORY_SEAL property if present on ET_REL. * Extend testing. Changes v1->v2: * Make the security hardening opt-in instead of opt-out. * Add gold support. Adhemerval Zanella (3): elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property ld: Add --enable-memory-seal configure option bfd/elf-properties.c | 100 ++++++++++++++++----- bfd/elfxx-x86.c | 3 +- binutils/readelf.c | 6 ++ binutils/testsuite/lib/binutils-common.exp | 22 +++++ elfcpp/elfcpp.h | 1 + gold/NEWS | 3 + gold/layout.cc | 4 + gold/options.h | 3 + gold/testsuite/Makefile.am | 19 ++++ gold/testsuite/Makefile.in | 26 +++++- gold/testsuite/memory_seal_main.c | 5 ++ gold/testsuite/memory_seal_shared.c | 7 ++ gold/testsuite/memory_seal_test.sh | 45 ++++++++++ include/bfdlink.h | 3 + include/elf/common.h | 1 + ld/NEWS | 4 + ld/config.in | 3 + ld/configure | 38 ++++++-- ld/configure.ac | 17 ++++ ld/emultempl/elf.em | 5 ++ ld/ld.texi | 8 ++ ld/lexsup.c | 11 +++ ld/testsuite/config/default.exp | 8 ++ ld/testsuite/ld-elf/property-seal-1.d | 16 ++++ ld/testsuite/ld-elf/property-seal-1.s | 11 +++ ld/testsuite/ld-elf/property-seal-2.d | 17 ++++ ld/testsuite/ld-elf/property-seal-3.d | 16 ++++ ld/testsuite/ld-elf/property-seal-4.d | 16 ++++ ld/testsuite/ld-elf/property-seal-5.d | 15 ++++ ld/testsuite/ld-elf/property-seal-6.d | 16 ++++ ld/testsuite/ld-elf/property-seal-7.d | 14 +++ ld/testsuite/ld-elf/property-seal-8.d | 15 ++++ ld/testsuite/ld-srec/srec.exp | 4 + ld/testsuite/lib/ld-lib.exp | 6 ++ 34 files changed, 456 insertions(+), 32 deletions(-) create mode 100644 gold/testsuite/memory_seal_main.c create mode 100644 gold/testsuite/memory_seal_shared.c create mode 100755 gold/testsuite/memory_seal_test.sh create mode 100644 ld/testsuite/ld-elf/property-seal-1.d create mode 100644 ld/testsuite/ld-elf/property-seal-1.s create mode 100644 ld/testsuite/ld-elf/property-seal-2.d create mode 100644 ld/testsuite/ld-elf/property-seal-3.d create mode 100644 ld/testsuite/ld-elf/property-seal-4.d create mode 100644 ld/testsuite/ld-elf/property-seal-5.d create mode 100644 ld/testsuite/ld-elf/property-seal-6.d create mode 100644 ld/testsuite/ld-elf/property-seal-7.d create mode 100644 ld/testsuite/ld-elf/property-seal-8.d