From patchwork Tue Dec 17 21:47:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 181919 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp6350433ile; Tue, 17 Dec 2019 13:49:02 -0800 (PST) X-Google-Smtp-Source: APXvYqyz1snVfmPjVFZpwYhNrkPXBH4zBDxNiz6oB+RpLqzQ2vSIKrTdXV0ydiDcoaaD8mHENWsJ X-Received: by 2002:a9d:7e8c:: with SMTP id m12mr40940583otp.346.1576619342455; Tue, 17 Dec 2019 13:49:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576619342; cv=none; d=google.com; s=arc-20160816; b=pIEUV9ATTXXcofjNGxbfuK63VsNdBAxF10kreEepbWTLwoImecoAC6tzaj3GHUrfLR rWQ1KL+lW39eyoVZl40+oXea/48xX+fLS2yF9ZxtFMwe6G0Qhx349CF8arC/RfDcRqKq DwN4vYljh4jEdcnU6WWfxPQJgdYOtO5b9H1rHjh10gR+k9otzBvzGXTSvXfsmtUwFdAo nLI5C3u8+pc282wuhyJnXXvbP0GIqUlPM3FtCGyjdldO3MnCFRTvWOuIMNbogIhtVr2d QiV2KzqvgzDpvveVrxiaTF0H18rnVp2kyqXuLhb9RLrNaDwJXJ0br5sOKwdlz7+1GBmM 0j9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:to:from :dkim-signature:delivered-to:sender:list-help:list-post:list-archive :list-subscribe:list-unsubscribe:list-id:precedence:mailing-list :dkim-signature:domainkey-signature; bh=cdhT9pkFyuo/DsH5l2GQyUgJuqDHBxRQFxXTskLU8X4=; b=mnNC7TdacffRON7H7veDzNHa+YsI+KpD7K5PvfcYan/Tzv1/lqcc2j/zR1/1diSveI 7byjGTl09YxHttvDykD1BoJEg5Lxh/XPj9ggIRMUs6xQNc8ne6/vWXPjbgq5flXzWZLc XaeqAvLQvFKDJXgo57sn09ANw8UCh9qoA+c7vaVkv2QSkFfja4qbb+FZvmV6ZvQpv8uq L/acLjOCM4aVXo/XGRXlysENNN5DzCRbzjiFnyc6sS/l0zeRbAYobXbyfkFFyY79XYmB o23XcvYSTRcBhbrFPxhraz0kmmJWZndmaowXQ/n/31RyD/lbujJXUVxHURtVdaoW8Sey h/vA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=uoVlO9cU; dkim=pass header.i=@linaro.org header.s=google header.b=RTC9IXEH; spf=pass (google.com: domain of libc-alpha-return-108170-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) smtp.mailfrom="libc-alpha-return-108170-patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id w64si12585012oif.51.2019.12.17.13.49.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Dec 2019 13:49:02 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-return-108170-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=uoVlO9cU; dkim=pass header.i=@linaro.org header.s=google header.b=RTC9IXEH; spf=pass (google.com: domain of libc-alpha-return-108170-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) smtp.mailfrom="libc-alpha-return-108170-patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references; q=dns; s=default; b=OWUuA5hntZfz2A5Zhhlv8FWY9fKafAP xCsLQ4zmpKU0SJENLBZqefeRpQZInwnfipyCRvdaiVbSxye5+YAE+NELwC/S2xzJ tHYWKrSCDguBhUdGN5Q7Nm6EhYY4CDkCP1iX+1OWgtNT2XRKty0Eoi1/zbNyQCAA zJw+IFtGdJmw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references; s=default; bh=XbJ0ogZKtRFyOHZeDZjLKICfG9A=; b=uoVlO 9cUy9AM0SHNhbzAcPP1qRz5zPwSfMiFLsL+W/CRXZemdVCyPSkPdEOY0abv55LhW Jr2ioLx8u3XAcpthEg9u1sfueBbUtABcO5/zYWKQT2ScimOk6fyL7v9aOYJz+vLz zsYxTmNgVeLXHlnU5NEGJOjD536em/iqTv8doM= Received: (qmail 110723 invoked by alias); 17 Dec 2019 21:47:48 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 110685 invoked by uid 89); 17 Dec 2019 21:47:48 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-21.9 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.1 spammy= X-HELO: mail-pj1-f66.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references; bh=cdhT9pkFyuo/DsH5l2GQyUgJuqDHBxRQFxXTskLU8X4=; b=RTC9IXEHnjNJRxAEMhigKGbmHu+OGFOvKo8v2anFjNaij9L/1XxwwOs20j9ExBQpOr 8JBVmyQ+256ID1T/rqruNKFtZ14h7oS+XRJoVKFLOHffllfYClMDYRrS7y8DaQRcQpZW Y2zpHiCpiq4x/OwppCRH9KXbwb/OWw0jYYWrAi46OKTa3hATiAeH6924cWVCd0z3LFFR oiCpPS9oIkzIopZWncPiRqKGJBH/2HhSAlK5JPNiH0e7TP2d5IFN3KSncX1OoVtK54L1 VgmwdU750GdIXVySTGk+YpwlVbpY3WX5TnbUHhn8GgaQkhmk9qArdBl824RthVcAg7h6 QSkg== Return-Path: From: Adhemerval Zanella To: libc-alpha@sourceware.org Subject: [PATCH v3 08/16] elf: Enable relro for static build Date: Tue, 17 Dec 2019 18:47:20 -0300 Message-Id: <20191217214728.2886-8-adhemerval.zanella@linaro.org> In-Reply-To: <20191217214728.2886-1-adhemerval.zanella@linaro.org> References: <20191217214728.2886-1-adhemerval.zanella@linaro.org> Changes from previous version: - The tests were removed and instead I will use the ones proposed by Florian's patch 'elf: Add tests for working RELRO protection' [1]. I also plan to send additional coverage for '.data.rel.ro' which trigger failures for the static case on both partial and full relro which is fixed by this patch once the patch is upstream. -- The code is similar to the one at elf/dl-reloc.c, where it checks for the l_relro_size from the link_map (obtained from PT_GNU_RELRO header from program headers) and calls_dl_protected_relro. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, aarch64-linux-gnu, s390x-linux-gnu, and sparc64-linux-gnu. I also check with --enable-static pie on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu which seems the only architectures where static PIE is actually working (as per 9d7a3741c9e, on arm-linux-gnueabihf, powerpc64{le}-linux-gnu, and s390x-linux-gnu I am seeing runtime issues not related to my patch). [1] https://sourceware.org/ml/libc-alpha/2019-10/msg00059.html --- elf/dl-support.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) -- 2.17.1 diff --git a/elf/dl-support.c b/elf/dl-support.c index 5526d5ee6e..b2b1b12f6f 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -367,14 +367,24 @@ _dl_non_dynamic_init (void) if (_dl_platform != NULL) _dl_platformlen = strlen (_dl_platform); - /* Scan for a program header telling us the stack is nonexecutable. */ if (_dl_phdr != NULL) - for (uint_fast16_t i = 0; i < _dl_phnum; ++i) - if (_dl_phdr[i].p_type == PT_GNU_STACK) + for (const ElfW(Phdr) *ph = _dl_phdr; ph < &_dl_phdr[_dl_phnum]; ++ph) + switch (ph->p_type) { - _dl_stack_flags = _dl_phdr[i].p_flags; + /* Check if the stack is nonexecutable. */ + case PT_GNU_STACK: + _dl_stack_flags = ph->p_flags; + break; + + case PT_GNU_RELRO: + _dl_main_map.l_relro_addr = ph->p_vaddr; + _dl_main_map.l_relro_size = ph->p_memsz; break; } + + /* Setup relro on the binary itself. */ + if (_dl_main_map.l_relro_size != 0) + _dl_protect_relro (&_dl_main_map); } #ifdef DL_SYSINFO_IMPLEMENTATION