From patchwork Mon Sep 30 20:08:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831573 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2120418wrw; Mon, 30 Sep 2024 13:09:24 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVefb8rRyGlkU16E5rRFYYNF7SsUZiK+QHbvkE2OLs2lNW3jwl1MPjLFvRgGABOwOCpkSljIA==@linaro.org X-Google-Smtp-Source: AGHT+IE9rfMes4lWthvsY+8S1dj3uOMv5v6wqPOEJ1PlRldwVnfGkUr7RVGuMlW/xfCcfrXpw0iU X-Received: by 2002:a05:620a:28c5:b0:7ac:9e4d:8060 with SMTP id af79cd13be357-7ae378dc921mr2595181385a.58.1727726964697; Mon, 30 Sep 2024 13:09:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727726964; cv=pass; d=google.com; s=arc-20240605; b=e82Re0olj7cCjoly7Wh9AeF6SuloX73qAGJWG1yWMiMVJlqFxRK5oZa+xR33FI6Gbl ha+Sf1CTdPqPJN0p5CXVd2+HKtgvhgalwa0Gc9slE1HCix2c4Qwd5jR5zFyWtg3ZEUAG DjMqzm9gT108etZLOJQhVM5PIhQCMor6AslgKTYLqkPMZ8CIjBDeZVTlzZNcOpzfG2mk hTXZFEitRlFNfPONsfkQISlwfFxbf8dwEoVMEy/yVaQkxOQ8HAEaXD1RNyihD7y4U6gF F2KCm/TgddEhDUIMpOqjwHV0yatIYDsDzeBZ3CmrXYAl3jsPbdQOAA7D2GSX5/Ar9gzX mb0g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=OxFIlm8sH8/IEY0ugRml4OnaztGCvs6xIsalv6u9uRs=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=R//koZ91odL0JxHolRUb57hhQJVBwsScaMmsL3cxGPVV5AqrpxDJs+I7O/FXybBFjq 0aXsrX+kWkRjpSdn/PRsoPLBgUi/j+XI2R62NqvTs8MhHSrZLmRBVvhNTxYThW0xJlLR QwMF00SFkrij6qpIbxUNen1t6+oJt6Qg3zII8NGhPSL8yq4MUQKUSnSazc93aCjli2Jc XtIxKX5C8X6c0M+dNUvNyWxN7te7CVR70g1jz6y67/WlnVi9GD7zw2f7jUKcnKowQz6M 4emoeQN2WKontMjzvjXvthYMclXQ4YAiTauwFUB/MM66VotCgDI2se8tYBVqPjLKdEeC x3Uw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Uhd955Wq; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id af79cd13be357-7ae37871d65si920523685a.654.2024.09.30.13.09.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:09:24 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Uhd955Wq; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 3A850384515E for ; Mon, 30 Sep 2024 20:09:24 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) by sourceware.org (Postfix) with ESMTPS id E6E15384646D for ; Mon, 30 Sep 2024 20:08:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E6E15384646D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E6E15384646D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::131 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726931; cv=none; b=sqODiYcoUflmeSOqlOWYt6zRx3oX2ZDBNaSSWBEqf0UKOYdRabn/+LhqgWPQ56KG29LwT4smeygDc09SZDnmJ/8101oiZt9Qmp3XZJZ/cMYS5DHkV91OnExs1u9v4O94JQiigMma9VyKZ4LQn45mhtllCrlU+T5Hg0Ygz8kaOeA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726931; c=relaxed/simple; bh=ksp4lRubghwDOaDTrPM4N73xlXJwTpGedY2AixVQ8RE=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=RWEoOaU5QEmkRFPPCk+qcEYNkd7E+z9o7mOpUH3GhDL3s+OG7MvahoaUmCLrpO41mg4P4KDITlqFjB13YJoxu1UTVl5sCDPcetbuVn6ZRz5FfLPt1GCCeG9vQJwqMEecnrCmtHp1EkPGt5oEgUacP9Zfm852wK8Getjnvf5ExgA= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-il1-x131.google.com with SMTP id e9e14a558f8ab-3a1a4870713so16593215ab.0 for ; Mon, 30 Sep 2024 13:08:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726925; x=1728331725; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OxFIlm8sH8/IEY0ugRml4OnaztGCvs6xIsalv6u9uRs=; b=Uhd955WqvqZrSi+jdtG8rDk+REHZgaWRjcT8v8zWys1QgDHrF70vNMxq0B+/vF86n9 XUKuilYBJnkBuA+GEoWjJO5Mh7CWU0F/ybp3nNSrcgwlmqsRqNu2czCp7NJSNVrVT7Oc IlLpL0PO6tla89HbbwK37HNalBRfpOB0mYmmtPZD3w/YyLm99P6IgI8SqUvFrrfnPRSO nJV37oDgmGtUzVafRCufP1Ngi1WDkU5xl/CNh9cQBUwBiP7W9b2ineXmeUX/W2roedAL 2xr5VmAK4BAmC3KRMq5vuNQh26BHUhDEu/puJlrmY66YLwfHxu2c9sL+l8SAkcTTcA7W R45Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726925; x=1728331725; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OxFIlm8sH8/IEY0ugRml4OnaztGCvs6xIsalv6u9uRs=; b=f4EgAyC2dXBHYzyq71RO8p/vP9qWkqTqrJTSN4q9OY5kDeKbGzhZUyI3gNIhrJ8m9f Wtz3YuEHGVUFwiC4WjOi9ASRNSWfpi6GzNKyxFrXDW3Kpo6knNdlgxBs/bEelPfnYy+s BSIo+2JeiIpcpbfWbsZZdVVR4IGoeikN+TQ0SltrImR837isgMTG2p1pSLee2Kzpisxi tBmVNQEUKPJJzsdLAsn7rY/t1herHLvfjnL4Efy+YJfyZsebr4cJP5dVPUaNcpH084yx cjkWe9z4l0G/CVE18EAC/SS5DuBvfQvHr9bRYo1A6lhStt4tQWT+2tLe0fLK2c3bagAP MdiQ== X-Gm-Message-State: AOJu0Yxpuo9YPIKUTvXPK+FaKsOy98Ws4EdEIVTTBWJp6o2kqhk5U7AV YQTvE5mEmvkZuDnyfZsYjrYI1uPkf3Uc6coZIrS7/vddVw72lh/b/7NLH2RYg4J/8HzNMgJ/YyC jxgk= X-Received: by 2002:a92:ca47:0:b0:3a1:a163:ba64 with SMTP id e9e14a558f8ab-3a34515057fmr103271385ab.3.1727726924490; Mon, 30 Sep 2024 13:08:44 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:43 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 1/9] linux: Add mseal syscall support Date: Mon, 30 Sep 2024 17:08:23 -0300 Message-Id: <20240930200831.1669010-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org It as added on Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370) as way to block operations as unmaping, moving to another location, shrinking the size, expanding the size, or modifying to a pre-existent memory mapping. Although the systecall only work on 64 bit CPU, the entrypoint was added for all ABIs (since kernel might eventually implement it to additional ones and/or the abi can execute on a 64 bit kernel). Checked on x86_64-linux-gnu. --- NEWS | 4 ++ manual/memory.texi | 66 ++++++++++++++++++ sysdeps/unix/sysv/linux/Makefile | 1 + sysdeps/unix/sysv/linux/Versions | 1 + sysdeps/unix/sysv/linux/aarch64/libc.abilist | 1 + sysdeps/unix/sysv/linux/alpha/libc.abilist | 1 + sysdeps/unix/sysv/linux/arc/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/le/libc.abilist | 1 + sysdeps/unix/sysv/linux/bits/mman-shared.h | 8 +++ sysdeps/unix/sysv/linux/csky/libc.abilist | 1 + sysdeps/unix/sysv/linux/hppa/libc.abilist | 1 + sysdeps/unix/sysv/linux/i386/libc.abilist | 1 + sysdeps/unix/sysv/linux/kernel-features.h | 8 +++ .../sysv/linux/loongarch/lp64/libc.abilist | 1 + .../sysv/linux/m68k/coldfire/libc.abilist | 1 + .../unix/sysv/linux/m68k/m680x0/libc.abilist | 1 + .../sysv/linux/microblaze/be/libc.abilist | 1 + .../sysv/linux/microblaze/le/libc.abilist | 1 + .../sysv/linux/mips/mips32/fpu/libc.abilist | 1 + .../sysv/linux/mips/mips64/n32/libc.abilist | 1 + .../sysv/linux/mips/mips64/n64/libc.abilist | 1 + sysdeps/unix/sysv/linux/nios2/libc.abilist | 1 + sysdeps/unix/sysv/linux/or1k/libc.abilist | 1 + .../linux/powerpc/powerpc32/fpu/libc.abilist | 1 + .../powerpc/powerpc32/nofpu/libc.abilist | 1 + .../linux/powerpc/powerpc64/be/libc.abilist | 1 + .../linux/powerpc/powerpc64/le/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv32/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv64/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-32/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-64/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/le/libc.abilist | 1 + .../sysv/linux/sparc/sparc32/libc.abilist | 1 + .../sysv/linux/sparc/sparc64/libc.abilist | 1 + sysdeps/unix/sysv/linux/syscalls.list | 1 + sysdeps/unix/sysv/linux/tst-mseal.c | 67 +++++++++++++++++++ .../unix/sysv/linux/x86_64/64/libc.abilist | 1 + .../unix/sysv/linux/x86_64/x32/libc.abilist | 1 + 40 files changed, 188 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/tst-mseal.c diff --git a/NEWS b/NEWS index b1ae1c31ca..8cbee5eb74 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,10 @@ Major new features: * The iconv program now supports converting files in place. The program automatically uses a temporary file if required. +* On Linux, the mseal function has been added. It allows to seal memory + mappings to avoid further change during process execution such as protection + permissions, unmapping, moving to another location, or shrinking the size. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/manual/memory.texi b/manual/memory.texi index 3710d7ec66..0c1b9fc7c2 100644 --- a/manual/memory.texi +++ b/manual/memory.texi @@ -3072,6 +3072,72 @@ process memory, no matter how it was allocated. However, portable use of the function requires that it is only used with memory regions returned by @code{mmap} or @code{mmap64}. +@deftypefun int mseal (void *@var{address}, size_t @var{length}, unsigned long @var{flags}) +@standards{Linux, sys/mman.h} +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} + +A successful call to the @code {mseal} function seals the memory range of +@var{length} bytes, starting at @var{address}. The sealed memory is +protection against further modifictions such as: + +@itemize @bullet +@item +Unmapping, moving to another location, extending or shrinking the size, +via @code{munmap} and @code{mremap}. + +@item +Moving or expanding a different VMA into the current location, via +@code{mremap}. + +@item +Modifying the memory range with @code{mmap} along with flag @code{MAP_FIXED}. + +@item +Expanding the size with @code{mremap}. + +@item +Change the protection flags with @code{mprotect} or @code{pkey_mprotect}. + +@item +Destructive behaviors on anonymous memory, such as @code{madvice} with +@code{MADV_DONTNEED}. +@end itemize + +The @var{address} must be an allocated virtual memory done by @code{mmap} +or @code{mremap}, and it must be page aligned. The end address (@var{address} +plus @var{length}) must be within an allocated virtual memory range. There +should be no unallocated memory between the start and end of address range. + +The @var{flags} is currently ununsed. + +The @code{mseal} function returns @math{0} on sucess and @math{-1} on +failure. + +The following @code{errno} error conditions are defined for this +function: + +@table @code +@item EPERM +The system blocked the operation, and the given address is unmodified +without partion update. This error is also returned when @code{mseal} +is issued on a 32 bit CPUs (the sealing is currently supported only on +64-bit CPUs, although 32 bit binaries running on 64 bit kernel is +supported). + +@item ENOMEM +Either the @var{address} is not allocated, or the end address is not +allocation, or there is an unallocated memory between start and end address. + +@item ENOSYS +The kernel does not support the @code{mseal} syscall. + +@strong{NB:} The memory sealing changes the lifetime of a mapping, where the +sealing memory could not be unmapped until the process terminates or starts +another one through @code{execve} function. + +@end table +@end deftypefun + @subsection Memory Protection Keys @cindex memory protection key diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 7df51a325c..887152997f 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -213,6 +213,7 @@ tests += \ tst-misalign-clone \ tst-mlock2 \ tst-mount \ + tst-mseal \ tst-ntp_adjtime \ tst-ntp_gettime \ tst-ntp_gettimex \ diff --git a/sysdeps/unix/sysv/linux/Versions b/sysdeps/unix/sysv/linux/Versions index 213ff5f1fe..194c9a47d7 100644 --- a/sysdeps/unix/sysv/linux/Versions +++ b/sysdeps/unix/sysv/linux/Versions @@ -331,6 +331,7 @@ libc { GLIBC_2.41 { sched_getattr; sched_setattr; + mseal; } GLIBC_PRIVATE { # functions used in other libraries diff --git a/sysdeps/unix/sysv/linux/aarch64/libc.abilist b/sysdeps/unix/sysv/linux/aarch64/libc.abilist index 38db77e4f7..ca2b42339a 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc.abilist +++ b/sysdeps/unix/sysv/linux/aarch64/libc.abilist @@ -2748,5 +2748,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/alpha/libc.abilist b/sysdeps/unix/sysv/linux/alpha/libc.abilist index 637bfce9fb..e385da44c7 100644 --- a/sysdeps/unix/sysv/linux/alpha/libc.abilist +++ b/sysdeps/unix/sysv/linux/alpha/libc.abilist @@ -3095,6 +3095,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/arc/libc.abilist b/sysdeps/unix/sysv/linux/arc/libc.abilist index 4a305cf730..499e48c8b1 100644 --- a/sysdeps/unix/sysv/linux/arc/libc.abilist +++ b/sysdeps/unix/sysv/linux/arc/libc.abilist @@ -2509,5 +2509,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/arm/be/libc.abilist b/sysdeps/unix/sysv/linux/arm/be/libc.abilist index 1d54f71b14..e9ccb8abb0 100644 --- a/sysdeps/unix/sysv/linux/arm/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/be/libc.abilist @@ -2801,6 +2801,7 @@ GLIBC_2.4 xdrstdio_create F GLIBC_2.4 xencrypt F GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/arm/le/libc.abilist b/sysdeps/unix/sysv/linux/arm/le/libc.abilist index ff7e8bc40b..5f551a3548 100644 --- a/sysdeps/unix/sysv/linux/arm/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/le/libc.abilist @@ -2798,6 +2798,7 @@ GLIBC_2.4 xdrstdio_create F GLIBC_2.4 xencrypt F GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/bits/mman-shared.h b/sysdeps/unix/sysv/linux/bits/mman-shared.h index d8ed4436b6..2681218cf9 100644 --- a/sysdeps/unix/sysv/linux/bits/mman-shared.h +++ b/sysdeps/unix/sysv/linux/bits/mman-shared.h @@ -80,6 +80,14 @@ int pkey_free (int __key) __THROW; range. */ int pkey_mprotect (void *__addr, size_t __len, int __prot, int __pkey) __THROW; +/* Seal the address range to avoid further modifications, such as remmap to + shrink or expand the VMA, change protection permission with mprotect, + unmap with munmap, destructive semantic such madvise with MADV_DONTNEED. + The address range must be valid VMA, withouth any gap (unallocated memory) + between start and end, and ADDR much be page aligned (LEN will be page + aligned implicitly). */ +int mseal (void *__addr, size_t __len, unsigned long flags) __THROW; + __END_DECLS #endif /* __USE_GNU */ diff --git a/sysdeps/unix/sysv/linux/csky/libc.abilist b/sysdeps/unix/sysv/linux/csky/libc.abilist index c3ed65467d..50239f275f 100644 --- a/sysdeps/unix/sysv/linux/csky/libc.abilist +++ b/sysdeps/unix/sysv/linux/csky/libc.abilist @@ -2785,5 +2785,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/hppa/libc.abilist b/sysdeps/unix/sysv/linux/hppa/libc.abilist index 8de7644a59..46a7db3e07 100644 --- a/sysdeps/unix/sysv/linux/hppa/libc.abilist +++ b/sysdeps/unix/sysv/linux/hppa/libc.abilist @@ -2821,6 +2821,7 @@ GLIBC_2.4 sys_errlist D 0x400 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/i386/libc.abilist b/sysdeps/unix/sysv/linux/i386/libc.abilist index 4fedf775d4..9b86da3a98 100644 --- a/sysdeps/unix/sysv/linux/i386/libc.abilist +++ b/sysdeps/unix/sysv/linux/i386/libc.abilist @@ -3005,6 +3005,7 @@ GLIBC_2.4 sys_errlist D 0x210 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/kernel-features.h b/sysdeps/unix/sysv/linux/kernel-features.h index a25cf07e9f..b9038d18bf 100644 --- a/sysdeps/unix/sysv/linux/kernel-features.h +++ b/sysdeps/unix/sysv/linux/kernel-features.h @@ -257,4 +257,12 @@ # define __ASSUME_FCHMODAT2 0 #endif +/* The mseal system call was introduced across all architectures in Linux 6.10 + (although only supported on 64-bit CPUs). */ +#if __LINUX_KERNEL_VERSION >= 0x060A00 +# define __ASSUME_MSEAL 1 +#else +# define __ASSUME_MSEAL 0 +#endif + #endif /* kernel-features.h */ diff --git a/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist b/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist index 0024282289..9b617ed24b 100644 --- a/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist +++ b/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist @@ -2269,5 +2269,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist index 142595eb3e..c3308f3d70 100644 --- a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist @@ -2781,6 +2781,7 @@ GLIBC_2.4 xdrstdio_create F GLIBC_2.4 xencrypt F GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist index 85e7746c10..1da35d9cdc 100644 --- a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist @@ -2948,6 +2948,7 @@ GLIBC_2.4 sys_errlist D 0x210 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist index 91dc1b8378..acf4a194f3 100644 --- a/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist @@ -2834,5 +2834,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist index 3440e90f6f..72f69dee89 100644 --- a/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist @@ -2831,5 +2831,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist index 5ee7b8c52f..f31d29add6 100644 --- a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist @@ -2909,6 +2909,7 @@ GLIBC_2.4 renameat F GLIBC_2.4 symlinkat F GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist index ae7474c0f0..57df1a30cc 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist @@ -2915,6 +2915,7 @@ GLIBC_2.4 renameat F GLIBC_2.4 symlinkat F GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist index cdf040dec2..808d11899f 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist @@ -2817,6 +2817,7 @@ GLIBC_2.4 renameat F GLIBC_2.4 symlinkat F GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/nios2/libc.abilist b/sysdeps/unix/sysv/linux/nios2/libc.abilist index 773d4c5873..da515dc1f7 100644 --- a/sysdeps/unix/sysv/linux/nios2/libc.abilist +++ b/sysdeps/unix/sysv/linux/nios2/libc.abilist @@ -2873,5 +2873,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/or1k/libc.abilist b/sysdeps/unix/sysv/linux/or1k/libc.abilist index c356a11b1c..e172e3f1eb 100644 --- a/sysdeps/unix/sysv/linux/or1k/libc.abilist +++ b/sysdeps/unix/sysv/linux/or1k/libc.abilist @@ -2259,5 +2259,6 @@ GLIBC_2.40 getcontext F GLIBC_2.40 makecontext F GLIBC_2.40 setcontext F GLIBC_2.40 swapcontext F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist index 7937f94cf0..05390d9b14 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist @@ -3138,6 +3138,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist index d6e35f31d2..8ab5bed681 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist @@ -3183,6 +3183,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist index 2268d6890d..cd025a4593 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist @@ -2892,6 +2892,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist index 7f61b14bc8..e0b47be0e1 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist @@ -2968,5 +2968,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist b/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist index 4187241f50..1a8affb9b7 100644 --- a/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist +++ b/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist @@ -2512,5 +2512,6 @@ GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.40 __riscv_hwprobe F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist b/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist index 8935beccac..ef38afe23e 100644 --- a/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist +++ b/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist @@ -2712,5 +2712,6 @@ GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.40 __riscv_hwprobe F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist index e69dc7ccf6..01067f7be1 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist @@ -3136,6 +3136,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist index 7d860001d8..6223ecbdb2 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist @@ -2929,6 +2929,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/sh/be/libc.abilist b/sysdeps/unix/sysv/linux/sh/be/libc.abilist index fcb8161841..ad5fbff8cd 100644 --- a/sysdeps/unix/sysv/linux/sh/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/be/libc.abilist @@ -2828,6 +2828,7 @@ GLIBC_2.4 sys_errlist D 0x210 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/sh/le/libc.abilist b/sysdeps/unix/sysv/linux/sh/le/libc.abilist index 3fd078d125..fb16b94525 100644 --- a/sysdeps/unix/sysv/linux/sh/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/le/libc.abilist @@ -2825,6 +2825,7 @@ GLIBC_2.4 sys_errlist D 0x210 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist index 1ce1fe9da7..af231e9ae5 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist @@ -3157,6 +3157,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist index 07507b86f6..45a0b0463f 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist @@ -2793,6 +2793,7 @@ GLIBC_2.4 sys_errlist D 0x430 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/syscalls.list b/sysdeps/unix/sysv/linux/syscalls.list index f1cfe8dc13..424bf43868 100644 --- a/sysdeps/unix/sysv/linux/syscalls.list +++ b/sysdeps/unix/sysv/linux/syscalls.list @@ -39,6 +39,7 @@ mlockall - mlockall i:i mlockall mount EXTRA mount i:sssUp __mount mount mount_setattr EXTRA mount_setattr i:isUpU mount_setattr move_mount EXTRA move_mount i:isisU move_mount +mseal EXTRA mseal i:bUU __mseal mseal munlock - munlock i:aU munlock munlockall - munlockall i: munlockall nfsservctl EXTRA nfsservctl i:ipp __compat_nfsservctl nfsservctl@GLIBC_2.0:GLIBC_2.28 diff --git a/sysdeps/unix/sysv/linux/tst-mseal.c b/sysdeps/unix/sysv/linux/tst-mseal.c new file mode 100644 index 0000000000..95637f1377 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-mseal.c @@ -0,0 +1,67 @@ +/* Basic tests for mseal. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +do_test (void) +{ + TEST_VERIFY_EXIT (mseal (MAP_FAILED, 0, 0) == -1); + if (errno == ENOSYS || errno == EPERM) + FAIL_UNSUPPORTED ("kernel does not support mseal"); + TEST_COMPARE (errno, EINVAL); + + size_t pagesize = getpagesize (); + void *p = xmmap (NULL, 4 * pagesize, PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE, -1); + xmunmap (p + 2 * pagesize, pagesize); + + /* Unaligned address. */ + TEST_VERIFY_EXIT (mseal (p + 1, pagesize, 0) == -1); + TEST_COMPARE (errno, EINVAL); + + /* Length too big. */ + TEST_VERIFY_EXIT (mseal (p, 3 * pagesize, 0) == -1); + TEST_COMPARE (errno, ENOMEM); + + TEST_VERIFY_EXIT (mseal (p, pagesize, 0) == 0); + /* Apply the same seal should be idempotent. */ + TEST_VERIFY_EXIT (mseal (p, pagesize, 0) == 0); + + TEST_VERIFY_EXIT (mprotect (p, pagesize, PROT_WRITE) == -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (munmap (p, pagesize) == -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (mremap (p, pagesize, 2 * pagesize, 0) == MAP_FAILED); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (madvise (p, pagesize, MADV_DONTNEED) == -1); + TEST_COMPARE (errno, EPERM); + + xmunmap (p + pagesize, pagesize); + xmunmap (p + 3 * pagesize, pagesize); + + return 0; +} + +#include diff --git a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist index 5acf49dbe8..41964726bb 100644 --- a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist @@ -2744,6 +2744,7 @@ GLIBC_2.4 sys_errlist D 0x420 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist index 02d1bb97dc..3b05723239 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist @@ -2763,5 +2763,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F From patchwork Mon Sep 30 20:08:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831572 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2120399wrw; Mon, 30 Sep 2024 13:09:22 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVSzHxpW0aUBTTHYv+EL7sxI0QUDEwQ4EjJgAuYGtR0wRK7VVr/E0+OeKP4ULeYhi7nJcaPLw==@linaro.org X-Google-Smtp-Source: AGHT+IHivDBqm5zQjqxTUSJaSoL/zbCQ5b1KorZww7olCDz27VFec14SJb+LlTzHl2ksw0dUNHE2 X-Received: by 2002:a05:620a:3907:b0:7ab:36c7:b9f6 with SMTP id af79cd13be357-7ae37855d20mr1805370585a.31.1727726962520; Mon, 30 Sep 2024 13:09:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727726962; cv=pass; d=google.com; s=arc-20240605; b=MpPpirGtmqffpdhUxvG5vXkiz+OShvsZLQD2vtuK6jyAPyl7bdRvbpN1TxEBIMLaIZ yB0XRPIfnwd/XIvW0g60ZVXNtOMP/SurzQW57BZniCHi0dgldwJskd9buiRjf0/RmAcV eRkyDrIgL7jQiV131rnO9lLBr76xJA4hJYiGBjSB0jdNxmJo+hfOilR8Iolkdw/z2SiZ s8v/GwQNda3CgADvNrj3NXyFHniI9peuU40sg8bVLsLB0m7SgehNRg1wabji4ksXvhLE yYDDqdMb0NRj4oC085aKgx1WZiNVVRlLanL+Vye6EzJnRfJQ2Zcio8uqVGphCDptvjq9 u/FQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=/Ev8XSb5kk42nkyW8i5qwZA6ZqW5ViycIWf1gef3Y1g=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=F+9MKk7Rb5i73Nw/0ROZkK6l8I4xzghqWjxLMpoTC7OMO2JOVS1q3Bt+NMj88zJoQg rYjQWbDBs8+9QVAWfmrrM/Nwg1VBiSzORVLJPhVUffYf83ciAXm/RhuihU4Ly7lV8825 487vnRjy3t/5Ig9d7NR6vqghDS6XLux37txU6VJDlmbWawdKf0fFVdPiWCe2FXWEqS/o Kg5RCDBQGKxakjNqm0LWoYwmwEXI3PsbySl8wMzoFgd5AbJDVTsWUHo7cA5F3K9D4ltD FFtLHMkJwtfGbHLoiQEgoiIL4s5YXaU9r2JdNvEfAGyFCKWI/BDYQdFv+g2e8zU1LYTH 8Bwg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cTKO5tEH; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7ae378381c4si922876385a.292.2024.09.30.13.09.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:09:22 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cTKO5tEH; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 117B538449D0 for ; Mon, 30 Sep 2024 20:09:22 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) by sourceware.org (Postfix) with ESMTPS id 6D46738460B2 for ; Mon, 30 Sep 2024 20:08:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6D46738460B2 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6D46738460B2 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::234 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726931; cv=none; b=EJ8jKkbUv8wT/uYo7rJp0tytLR7PorFu3GK+j20+3fx1iXURhW1n5lg+SzgNcv+083YlQNytaVMihcBC5qaxEvgl/xxn70UDpd9+zJEOomG0q2hNGJhLghRK//I2QuPxXpiOXxQ0E5CVwu0rmMRSpKTslnJq4O8fddLiKgCMc1k= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726931; c=relaxed/simple; bh=X91pcQ+0YKdGOgxrL5b35s6+P0LD3m7ILCR+K8KY3lg=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=ogF/zER+d9KjyOX82epmHnsTh3G/neXE3gEP/mHrdrV2t9kC5g+2zRxfSjkotSx7L37uDUPTqLACMFMWbgqU/yk+Czvui1ikSxSnVfnvmpklq1QIMo3Jrdo2iPLecgZYcdI4ioVLznQgzXv9Yr7JYhTUaoRgeg7CXDgfG9l+hKk= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-3e03f8ecef8so3050896b6e.1 for ; Mon, 30 Sep 2024 13:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726927; x=1728331727; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/Ev8XSb5kk42nkyW8i5qwZA6ZqW5ViycIWf1gef3Y1g=; b=cTKO5tEHH+GKKUC7n8Xul/brHkjRUMfE2cGVuflY8Frt3633nlzlpTE0e1VA//ENsk CSIy5LCvKncFxYlAUqYsSNdRxXDPRTQ3AWUpSO0OUleycf2QEwdyo885JyEGEFCOKu/8 w3VtJgwjDkS7ib3TjjnrNlKfu2b2tbcY6y6PJ4ac+fOZKwohhIMZv6Eods5t51tN7Mid cN319yx/voWCSCDdGIGJsTgiCDKxP0TaSix5nrVP0ll3+CjDU8BRSc9d1JbOVNxLGdyi Tk1HIwgiFN3GyIvj0R2l312LTkCM48+ZvYY9sBvDSmSHlE75hlEcjzmDfjgbiIdCnbSe uCHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726927; x=1728331727; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/Ev8XSb5kk42nkyW8i5qwZA6ZqW5ViycIWf1gef3Y1g=; b=UPynt8B5uiZd7z1Q8Q1ZWkuwN1SE6iZbb8zNXP99AOejD7rpH3LCDJDP6oUDs9gy9a vOuzSqEiISqFxSJdn/u7EsysLDNpz9d0X+nVL/ky6/7gm/AX0dXbhHo9AYQf3h+eLS8q Zevn4BxB4n7TKcC7GJ6+BV4JUzBQCYAqYzk9hs7/pViHMOI1FbBVPud5ciVIx221xvpD rkGwrK0+ndeBR0RxOEFfZlQ0jewcxzCYAzvsZTj4KUCTQTNviKOR4Ae7GfyonXS8MO/7 WKpZdI8aCz3do6r4nLFxbd0iOP91z5M5Q0CCOiUlhcc2ARUfYJSTJBW0bKPRqDeBuR/1 qwAA== X-Gm-Message-State: AOJu0YyYi5F3iBS90dtIeR5a4QIi3i+4uLNjtMkMORcd0YUIhm8G32vr EN78tr8lnFGWuGG7Z7CJ7nvYcWNtmGAbIBRC8nCdDOX/pg1tt6ONzbDPBJqVAtS1QQBHfgq7Pnr /vY8= X-Received: by 2002:a05:6808:181c:b0:3da:a032:24a6 with SMTP id 5614622812f47-3e39396963bmr10248776b6e.19.1727726927106; Mon, 30 Sep 2024 13:08:47 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:46 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 2/9] elf: Parse gnu properties for static linked binaries Date: Mon, 30 Sep 2024 17:08:24 -0300 Message-Id: <20240930200831.1669010-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So the static binary can opt-in of memory sealing. Checked on x86_64-linux-gnu. --- elf/dl-support.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/elf/dl-support.c b/elf/dl-support.c index 451932dd03..bd02a77d1a 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -45,6 +45,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -334,6 +335,18 @@ _dl_non_dynamic_init (void) _dl_main_map.l_relro_size = ph->p_memsz; break; } + /* Process program headers again, but scan them backwards so + that PT_NOTE can be skipped if PT_GNU_PROPERTY exits. */ + for (const ElfW(Phdr) *ph = &_dl_phdr[_dl_phnum]; ph != _dl_phdr; --ph) + switch (ph[-1].p_type) + { + case PT_NOTE: + _dl_process_pt_note (&_dl_main_map, -1, &ph[-1]); + break; + case PT_GNU_PROPERTY: + _dl_process_pt_gnu_property (&_dl_main_map, -1, &ph[-1]); + break; + } call_function_static_weak (_dl_find_object_init); From patchwork Mon Sep 30 20:08:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831574 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2120535wrw; Mon, 30 Sep 2024 13:09:45 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWTxbhbkJar47kM7uNXB6SK4PTmEHD9ODiKFLkPlgcr/re5HGFVUDIh19yG98QDdy6/ndnlSw==@linaro.org X-Google-Smtp-Source: AGHT+IEbpwS5h8PLl1mdUXBa/JoNdp28uk0kZ+Rbbtmxc84X5223NTnJF26ab7I+s98DuTfTf81y X-Received: by 2002:a05:622a:1aa5:b0:458:31ae:d45 with SMTP id d75a77b69052e-45d73aeb8b9mr13477771cf.26.1727726985036; Mon, 30 Sep 2024 13:09:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727726985; cv=pass; d=google.com; s=arc-20240605; b=hMA5bjp1UwBwL6qBW53nggQBaTuLnBZ+KJUHSanGziqchsFZkp7V1oC/aDERURt8vP 9FtGtBb/bRUGBJtCJjdCeHc9gsq32eIJQqiUi8gywT4Rmknasm0qcdrp9PyWPePWlwFC E7xbdN/lgH82/wfNWeeO45QCFWQTIrFz64b9gh8qKyVbU2zvJMXxrld6Rgaac3e37kf4 qeAcOfypAB+lf6b4tjeDI6glfcnIT6aHp1cXdUGeWywN4unpnLavTMtYr8Nnghy2vWF2 VsYG31oQeKd5iiA6VsvIInTMIZeLk6lVZtCkfD/tRWiimpm2GDrX7jIi+7YPLB+5aXn6 dEUQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=qo1+QsqCRiZ1lpIaotDFAn0w97r06TArb2ben/5KGn4=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=QvhSsgclR2fyjI/GRLpDYFb1lbPC0U7Xy54NAywhuFhR0o8qlPoZdHdmboF4uDP5fI MaysPJPiAWVuBVGTleuPfmFoTx48ifFy0h52hsuA91TDtt7eni1tUhDgHdVl688CIGiB fWh5gWwCyWIy9ZYW1rbSN7iska7hc2pYbnlUkg/Gei+iphV8PqnipTHMN5RmF4Sdr00A Df36tGGQvwMXxXzSeBk7Xy54eghssbmoY5H+plQmRE7vrJ8aF9TZQj9iXW1wEO8VtEuJ ezPR3AZ7ymFWHCCaiz/LkjNFqEeM1W/GSz5rHdDvcojS+p0FZZFh1uYOBNvGH7X/NlHG m2Rg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XE+pcQZ0; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-45c9f2bd60esi90852121cf.164.2024.09.30.13.09.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:09:45 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XE+pcQZ0; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9AF153845BD3 for ; Mon, 30 Sep 2024 20:09:44 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by sourceware.org (Postfix) with ESMTPS id B6BC83849AC4 for ; Mon, 30 Sep 2024 20:08:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B6BC83849AC4 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B6BC83849AC4 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726932; cv=none; b=h8E5O0lsEULswf1QGOCX/OGTWlV/g98R37r1qawMdFWGVMip1vwmwAmm8ZcJcdC1ejT3DkvkNXHjfKiPWSuuV87Mi5iXS7VTzBRXStcTbaifESaYW7Z/KhOKJSiDuURNZHuMTXTo2k2A/jv1kTdjxNsUo94c5M0/3NsT44Oid0g= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726932; c=relaxed/simple; bh=Z/IFPyohGzY2amWz/0l6s4QlyK0PDIJ3nmjjdByNp1w=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=Rox5IoBYiOe51h4CO00A5fSNwHqn/zjYzsx12qtQeMs7UaZhZ1OhNinQAw2RSHDDbb1D4uFsMfM42jgjZn/OTi5HQmY8//Bui13l+KYzUao5Q+WTSR/uXemFDVzK69mxwFneL04KZSS98LHZEc3xTkmtoRAZH8f8sYjgui8GrnQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-20b01da232aso34051945ad.1 for ; Mon, 30 Sep 2024 13:08:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726929; x=1728331729; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qo1+QsqCRiZ1lpIaotDFAn0w97r06TArb2ben/5KGn4=; b=XE+pcQZ0Cmf80wviz97OnTa8m7Wk09KwgEBoXG10xkK7TG27joJ0H2YDRJmoe12doS T/jMvi4mDyW2Z5HQDjdGN25S22mR18zUSAvjsKCbwVtZ3n06L7zeuL/hv570gULUwpoM NewZYliK0h/U3NVN2t7BGCwYiTgduQ+OOSE8/BRDquI2pQIRUqV2U8oGoOfxFWknjCWh eF1FouK5AMq81W2ZnIFPJGweraj+GT9L6DubQ4FSG8BPyQ6vlYSJW7gqDCmoQtISqWLH hMdFLT8c+DEWo55DxPoUajKjIH3kANGAAX2RiKmAhfFNXitBIthaTHIuFoZi0P9or4mG 731Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726929; x=1728331729; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qo1+QsqCRiZ1lpIaotDFAn0w97r06TArb2ben/5KGn4=; b=bROMLNg2IpKFrbfhR4ZGaQmhYpGTA6ffyVOQAN+Bu7ziYYHm2/7S/zwLax0tr6DuaG QCSe6TuThY+d4seAHLbHysST0afIHLV9uB3G1ZWSb0tQBdSbnr64IcMaTJU0u+N4O0H2 WbcOXBU+ADORpLpdd2qFINhGsg8xkJgs/4S/pk+HW8kjM11Bsjf+PT8UVr7vVm5Qnwy4 zi64yeCUfkrwakY6M5Cj/cZP4gVYgMYhqNx3b11d1o0HQIDNyi3HETeywUxTVlas/ilG T96Xn9FIIMAYUhncSNdpS7pqH6XYxESJGHS2cohSCBf6+UAQ5bkuDkcezEKKF0/cG9ng sAhQ== X-Gm-Message-State: AOJu0YzjYX+X4zGTBL1690miMFn2BTsgeqqxEBkhVZkAXPHddY4tzJvw zIiCh5PO10TuxhxJMimOLqpkKopENJ0Q3juthnqTgh0IkykLy3UJFxM3vzRlhBi2KGyAqvJVLcL 3lpo= X-Received: by 2002:a17:903:230c:b0:206:9c9b:61bb with SMTP id d9443c01a7336-20ba9e9ab3dmr12677655ad.6.1727726929452; Mon, 30 Sep 2024 13:08:49 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:49 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 3/9] elf: Parse gnu properties for the loader Date: Mon, 30 Sep 2024 17:08:25 -0300 Message-Id: <20240930200831.1669010-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So it can opt-in for memory sealing. Checked on x86_64-linux-gnu. --- elf/rtld.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/elf/rtld.c b/elf/rtld.c index cb6b61d570..8dfa089f83 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1751,11 +1751,15 @@ dl_main (const ElfW(Phdr) *phdr, /* PT_GNU_RELRO is usually the last phdr. */ size_t cnt = rtld_ehdr->e_phnum; while (cnt-- > 0) - if (rtld_phdr[cnt].p_type == PT_GNU_RELRO) + switch (rtld_phdr[cnt].p_type) { + case PT_GNU_RELRO: GL(dl_rtld_map).l_relro_addr = rtld_phdr[cnt].p_vaddr; GL(dl_rtld_map).l_relro_size = rtld_phdr[cnt].p_memsz; break; + case PT_GNU_PROPERTY: + _dl_process_pt_gnu_property (&GL(dl_rtld_map), -1, &rtld_phdr[cnt]); + break; } /* Add the dynamic linker to the TLS list if it also uses TLS. */ From patchwork Mon Sep 30 20:08:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831575 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2121069wrw; Mon, 30 Sep 2024 13:11:11 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXwREqaLuWZabn/mFXP+TdjNES0kC5Wjm+tqBxnOV0j4oMD4dYCmC6HoW75Tg5cTNpNLVwKlA==@linaro.org X-Google-Smtp-Source: AGHT+IG+37fUCMB4kNL69vhFhzYA3AnaqPUNLnMy2WVOnCj0AxapEgC6BTEIPf/+anCwAAEUFMt+ X-Received: by 2002:a05:620a:45a2:b0:7a9:b4d2:9d68 with SMTP id af79cd13be357-7ae5b853bcamr159140785a.22.1727727071410; Mon, 30 Sep 2024 13:11:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727727071; cv=pass; d=google.com; s=arc-20240605; b=LKz+lWqk6YmIfH8Yg5ersnUU/4mteSkJIYHC7kFya2kTOL6R5diBXWGvYYB2uOoXdz ISqAme4AuHplOXs9X4tyI9W6UxXbAtPRIjaM37je+QlXlY7SE7Z+l537D5FZ3n/rKSYo K4QWqBQaUUhQFrkfUVFQhGd47aeKIakv/pi6ANxecSwE3resu8ohCIiQYjRku7NGih5i H/p7Sili/Rfl00Up7urgfTEHCX2Ly1rVcwXz8tLdJG3m6rfwE2IXyHJ+JZXA5v4Mja7O CO1B/OaItjiQAqevszP4fWFyyY7jGpOLex5shTuypS7TATWkv0wouvxGd+tF8uYMsjnd conQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=t4+HeD2Hzt1Y83nXACGjOB7d6ko6bhNwDhiOV2mE+EM=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=Rk8CHT6fLSqRISzn5BfLlOdra3mt3OqvwEIbPxXMaIMCjm0BjpDtUyAc4BrVePCV4B ISneaRYGtvIv9KTeBYzKdtfgFU5QO8PkvZASvMj9AuzQIu33m/13BDLtBnkdPgRXdEQg EpoQgDkfwHj+ou2dgi7LZX3ESVi5fx4AgKXYPhgyqHIWKLqCDAo6IyETyPxF6DiecMft MFnV9ghm2LC/7aqcC3XRb50LE80hIg7eYpSDa9p49bf6lBCrepaXLNHZ85HvFLd0WHgG c2g9xwuDdNqyocbHG8caR7m5PzP29Pus8tuCJiboloe33WBoQJ8Lo9IQw8FNKHV7SQhX taZg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=R0eOOmEe; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id af79cd13be357-7ae3787129fsi900594685a.555.2024.09.30.13.11.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:11:11 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=R0eOOmEe; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0265E3846402 for ; Mon, 30 Sep 2024 20:11:11 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) by sourceware.org (Postfix) with ESMTPS id 121533846425 for ; Mon, 30 Sep 2024 20:08:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 121533846425 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 121533846425 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62b ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726934; cv=none; b=xXkY+9ouEcEp0W0DnqOBqatDWcowAm5h0bSKOkHZBh9fVE0Lgnsd4xai4e5ffz3j+U0rJnAus2mxfglqLDvWG76DeDLF82gxOxkywje/XA80zYuV4yNJ2VyUUsYvCrPW+KdHVt9Is3d4GHwaXwTptKu0FI5IfE3aFH2+SP2IYPY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726934; c=relaxed/simple; bh=YIrWpcQQtzFlYPXkOZQWo4zr2DGImdZXfwnpfDLSZ6s=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=ebBDqABzwGoQF81UuPnDju+n6G9m+CZ2Pe/wFINpHhxGAZqTqLClTWW9cM6UP840txonHLX7UgQnArKACiZgMGxjAxUyEaCM4QL0cf2l8rre6nX4Q3wSsdTLfvlLBQWkmqJPcRAvjzliVI7s0Pjulk5rqnWvUM4MCPfxtw1s8LU= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x62b.google.com with SMTP id d9443c01a7336-20b01da232aso34052115ad.1 for ; Mon, 30 Sep 2024 13:08:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726932; x=1728331732; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=t4+HeD2Hzt1Y83nXACGjOB7d6ko6bhNwDhiOV2mE+EM=; b=R0eOOmEeXwamRKiW3THtStn+3GqRu7KBxCyk5S098g8DQmLw6QXrUTBROKXNA1hE8q FS8UayfBPzeqY3984ReUbzlsOXPQfw3IjHP3WM3WOzIAFblakUEBFAykOVFUf8nATitR zr6Wgo0RpU2Bth5BSmXCcvC8yL6WWkvUedXj/cUW70CJkqZ+RR1cwtsYcEaBCzFcDLFX ME364OiD0wZhMxVDfUd3gB3pf3BMXcDOJux/WuN0pzkz1l+6MjDhrgUSJqNNyOXdlLYf mtS6Gu48qyXd2rYS5ZIfubht6yNMePeNuDnU6T5HtJZ09jM00N80R3MxZGTuZtK8k1an qrRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726932; x=1728331732; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=t4+HeD2Hzt1Y83nXACGjOB7d6ko6bhNwDhiOV2mE+EM=; b=JtRTBVBaswBJLQT0kcG2P5M3oC+k9pyUqz73TcLjA/KgMHKGIDS8NeTr8EiOJGPP/p IeyI7iToTa78xQhY9//sbxSNVIfScE2I0SK7Lzkogi6GHeqKtJJXWa1Jvm9euCIcGwIb mBtNNUrQ3Hr1Kst8C31ecSWQD7pjjFMFC7WUPP0CJ/HalMvOX4yi8sSz7lQ/y/DjPsHp ra1zTvE5Q4HnGAbioWoP/rYIykaqFgcwZw0tY/6RHZdN6idOilQzLDb61NA6qraVEtJd Lw+fHWrGjc0mj9qaepBpppuRlqHpMoum+7+pdIdIaJ3x4QtR6qVQD6ILIaRm8m4h1Nfr qUiw== X-Gm-Message-State: AOJu0Yy0E8S1+X2dMncV3cZjWH2XSSzKoe89ZCyXFJ5MAGOj+0ftXzBH pahe45+kDL0uOyS7BYfFKFDxZYFWObPzOHStE5EMgKqc/FznektgX0UQaKhBc8lEHR7EqIgq1iv S6Cs= X-Received: by 2002:a17:902:c947:b0:20a:fd4e:fef6 with SMTP id d9443c01a7336-20ba9ebb492mr11123745ad.8.1727726931719; Mon, 30 Sep 2024 13:08:51 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:51 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 4/9] rtld: Move call_init_paths after _dl_process_pt_gnu_property Date: Mon, 30 Sep 2024 17:08:26 -0300 Message-Id: <20240930200831.1669010-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org To allow the loader malloc behavior to be changed by the gnu attribute. It would allow the pages allocated to be memory sealed if the loader if built with memory sealing. Checked on x86_64-linux-gnu. --- elf/rtld.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/elf/rtld.c b/elf/rtld.c index 8dfa089f83..0f4b3e9a43 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1708,10 +1708,6 @@ dl_main (const ElfW(Phdr) *phdr, /* With vDSO setup we can initialize the function pointers. */ setup_vdso_pointers (); - /* Initialize the data structures for the search paths for shared - objects. */ - call_init_paths (&state); - /* Initialize _r_debug_extended. */ struct r_debug *r = _dl_debug_initialize (GL(dl_rtld_map).l_addr, LM_ID_BASE); @@ -1767,6 +1763,10 @@ dl_main (const ElfW(Phdr) *phdr, /* Assign a module ID. Do this before loading any audit modules. */ _dl_assign_tls_modid (&GL(dl_rtld_map)); + /* Initialize the data structures for the search paths for shared + objects. */ + call_init_paths (&state); + audit_list_add_dynamic_tag (&state.audit_list, main_map, DT_AUDIT); audit_list_add_dynamic_tag (&state.audit_list, main_map, DT_DEPAUDIT); From patchwork Mon Sep 30 20:08:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831579 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2121527wrw; Mon, 30 Sep 2024 13:12:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWj0j2odZ+Nswnp5UFQByKb6qCTZALlbkDoENMiJAlwpMK6mgNCdbDbsdooWyahG4QCnyio8A==@linaro.org X-Google-Smtp-Source: AGHT+IFZTM4v8xuk4oEZ4AwxDlraSF17+D6k6z+oL5j8Sokxwc05mseF7YWr3AMN+p+8k5viTKuE X-Received: by 2002:ac8:5956:0:b0:458:1d6c:e35d with SMTP id d75a77b69052e-45c9f2a3915mr213736671cf.48.1727727143689; Mon, 30 Sep 2024 13:12:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727727143; cv=pass; d=google.com; s=arc-20240605; b=kPenm9LvRhFc6KryALwrZT/LGCMFyUpJqLQfDN31ZgL993jaNT5RnfqJHSS548lwMy xj/cjPh5DI/31o8BWg/Dw3mOd+7gERclbtPERhAS+nGsnj724b5hiAnyieWVZ6xD+GEH v35jly2ahB65uLrqU82L8NJfDLTxf/dzQvHQI1U1jFs//Ok5471GDB8R1CPGrRvHHTPv xgKbknd15WSLw/w44JxrTf6kfLHs7cRsPt4sJhtHQkYKNC0Uk53xpJ9gM9XGlHp50ss2 sexfgzosT14zW4E23F2uCfUVdogNJfZ4ExKnoIRN1mEaOFyBHkrcs+iaEboQLLdjP0lv SPIw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=8vqO0JhS9U4c3iOKBOvmros2ivIzywkbp+VAwUy++XY=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=C4+ql8gJ6BGvY+T6Tj+dhewLViMChGhQ0lnUzSWj1Oa7RxNToKgLxnN5G8o/CBtZTo Og/cj/3naJCIyCRWI6ZtY1sOD8xT2qySxiScgCvmFginLFRRD4H7nRD1SU/a69usA+ay MlHkzMBXnCh+cMXwc3CBH68UetYOtu83mgJkzQASIvjkb9TBMMuXZgx4jJHKGJakQ7+j zVL7r+NkG5NSm//9PbRomhcv8YXWersleeeE8wPkcduSfBgxLkwGVoa07FzN4b1p7PmW GjyPWT37hVXGcQtTpvi5UbaYN6y0Lyhm/sRFpbnNgv41qx0v7DFy4JQ0bffx+Drl2R76 mzzA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Yr52dYsC; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id d75a77b69052e-45c9f28f852si88578561cf.71.2024.09.30.13.12.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:12:23 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Yr52dYsC; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 483EF38449D9 for ; Mon, 30 Sep 2024 20:12:23 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-il1-x12f.google.com (mail-il1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) by sourceware.org (Postfix) with ESMTPS id 287C53846461 for ; Mon, 30 Sep 2024 20:08:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 287C53846461 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 287C53846461 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::12f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726952; cv=none; b=cuDscCW1hmc/WVXePQAO8X1RKt3VThRjgnoeBnjXxcrXoFqGQyTiCpwHXWbP1tSxHJrhCIQtg0Zw0/KdpvMw3OzFGTXVUA4O5UI5S7vX0rOUGfHSbtpFHEuHbfaDIMHH5Lp9Ugq3U3mMstKR1aq/vscVTQiAYsj/VteG5tYk/8g= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726952; c=relaxed/simple; bh=srJsH0o/joYyhIKV8nbjp1/z8n7FiNByCO5SZrPrSw0=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=p1P4M4IKUhiQh79y4NW1Cr1qpo78OuxNaUd+iA6QLUknSFfG1pWRjz36MQxNIF2vbv/7mVV0l4rpPwoQaXy/WI6o+tmPp6G0lhYmP6emSHUzuafTiOTro9MEFPy8DXBqReRvj6ifUvhWjlVeDcIw0VUr5sNLtlPJj+hDEnNWx1I= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-il1-x12f.google.com with SMTP id e9e14a558f8ab-3a3525ba6aaso5697715ab.2 for ; Mon, 30 Sep 2024 13:08:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726934; x=1728331734; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8vqO0JhS9U4c3iOKBOvmros2ivIzywkbp+VAwUy++XY=; b=Yr52dYsCD4WRdbBaXr3SwN8gtoMt3Z9jqpopXlEWPl2e3PnxSFu3v1ZM/12da3weFl Jc44d6WavJELPSXqRyhPFYjiua9i8WsN0aQIuyLlSbt9l/xQwA0H6tLkmP7aShDQwPXX hC5q236pfBc4Z7qT8Xtq2BXIcW4WpM8H9pftmVKEb+pr1lvlvLNs1oCtsiBkn22NIZZN ue6w+GCjYzzkYf4V4aCmZS9erEO/4BZjywh6z+PSL3HwcRJSxmtqOZ00WInQT+Rd6AI+ 6nbhlgKRssVmiHRR/4TXOpCht8ZtlTNymsSQd+YN5iUHEJ2sYSLI8m1Xjt0XCizBw/BC ho+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726934; x=1728331734; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8vqO0JhS9U4c3iOKBOvmros2ivIzywkbp+VAwUy++XY=; b=dhDpE92HCYVCRCUGrTtXsb5aLSCpWhI8uLFOft2dFhGhpDOXopsMjyBnh6BFuroBS4 ieb+4H1pNs78YTlTV9JI4Eg0KzXqMJPROV3f+NkSLZuFsgXe9v/oTVlOkhZ495t37sqb qK0vtnjSi4trxV6tdSqKjZ9tDm1fZ7paNs0T93wy6G2KQr0B6ldfEGysbGuuYl58jE9W znjmbRLTSKXIH5CbDLXbQ3D9TkUFZt4PIvSBu1bMvUflvzJ16W4XzsCecHPOpLsStSag ED22UOrNUSTYt1oQqdFfSbQy5ifBb+QyakJ6lSWQGzXTdLX9s0e0ilKNnvSdN986NEs5 SITA== X-Gm-Message-State: AOJu0Yw49rhpBjdO2wawasXck3VrvOxatA2P8aLLhopuf2Nyf6ltXf2e GtVTzy7F4iCeW/AHakJG2ZXlLRn0SR0yG4ueh936dkeCtnqgHNxwvElcjpqxY2BCfAHXs01zbfd TOKg= X-Received: by 2002:a05:6e02:2188:b0:3a3:35f0:4c19 with SMTP id e9e14a558f8ab-3a3451b454cmr98475155ab.21.1727726934102; Mon, 30 Sep 2024 13:08:54 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:53 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 5/9] elf: Use RTLD_NODELETE for dependencies Date: Mon, 30 Sep 2024 17:08:27 -0300 Message-Id: <20240930200831.1669010-6-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So dlopen dependencies for objects opened with RTLD_NODELETE are also marked with RTLD_NODELETE. Checked on x86_64-linux-gnu. --- elf/dl-open.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/elf/dl-open.c b/elf/dl-open.c index 8b4704c09d..f251781dc4 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -600,7 +600,8 @@ dl_open_worker_begin (void *a) /* Load that object's dependencies. */ _dl_map_object_deps (new, NULL, 0, 0, - mode & (__RTLD_DLOPEN | RTLD_DEEPBIND | __RTLD_AUDIT)); + mode & (__RTLD_DLOPEN | RTLD_DEEPBIND | __RTLD_AUDIT + | RTLD_NODELETE)); /* So far, so good. Now check the versions. */ for (unsigned int i = 0; i < new->l_searchlist.r_nlist; ++i) From patchwork Mon Sep 30 20:08:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831577 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2121082wrw; Mon, 30 Sep 2024 13:11:13 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVJhEvqNecVwDVhr+IoBJrYtRXsrmcvp/+YxymRM6x4zdsqLsdi/5T+l/0nGDE1V7MRZW7KbA==@linaro.org X-Google-Smtp-Source: AGHT+IFRhYxzWdQLa/thOSZC5oPNl472kYWr2rX1WElPgSoLhPe+aj2lPOTH52+yVMwxXUHXTwPs X-Received: by 2002:a25:b127:0:b0:e26:78d:25ca with SMTP id 3f1490d57ef6-e26078d3545mr6756745276.57.1727727073001; Mon, 30 Sep 2024 13:11:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727727072; cv=pass; d=google.com; s=arc-20240605; b=Kv04+0QkHVOjLh2hFYfZ0mI1Zj6dBdJJsgl5td355oop/yEbfYAbTDGOMeeWsQmWkA XH+5EDeI8aKjqFRfNRzABdsrfQtpgp7aU7Ht8Sm/Aw1Nh99Tt0o8BG7xqS+n5vaYS5Ew pDo6eUNQXVmxbQndtDrtZf258265W/37Jqadh02bHsa9PvkYNSy17mhZmlDESomaovcR FN65L3FBAaZNqibxgmBncdSVcB9VG/28awt4xcoW2EkgvLY2KPBaB25kIiXJl/kDNRO4 53wYJzOQmsHG/I+g7WZogktKqg8aW6AMRuadou+fjJdma7ef9BpJEF9KZLG1meudRVkX GzAw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=6enK2tjMh2S/+8qOtGnPNnjnO6c9mAtE2mV1r/axQ7I=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=HHKN0Ty2KaM3szi162G5vVqOgAOKiQtl06naDVASmtJVZaKHZFY4HHduKim3ayIBWw IndO1kc59RSz0Mkpmgj0O7TBinY79Jg+4Vp4NoXur2ptOyuYE06dL4o1d0GgYEckZz1B 97aGOLxjFcJ+Ru+Nr83aw6pH5zUW7vNkTSVOU5MS2qV8G0LVSUqXKfxSRYJZapSLn7L0 qL4Ejnj1rVEYm4qwcLUuxJQkHo+ryQ6m2ApeSzHBY94r9Oy4EyhCJhFLYj4MJM3XlY17 Or6wA6npx2Rbom72OI+pBvBQRiJqTJ6iobEmM9oBWO6jkNUPSHKt8EYk8Ox1ZICc/1sE yzWg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=krfTXoMv; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-45c9f37561fsi95222831cf.555.2024.09.30.13.11.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:11:12 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=krfTXoMv; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 90E823845141 for ; Mon, 30 Sep 2024 20:11:12 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) by sourceware.org (Postfix) with ESMTPS id D6FE03846401 for ; Mon, 30 Sep 2024 20:08:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D6FE03846401 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D6FE03846401 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::12a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726953; cv=none; b=YtIGn52/c7frQgeryRnUBtQ6lrmWIm9tYzHGWppqwU+7WbpCr7qhexIRfywanFlDME+txIMZ+ymO2Kj927PQOwIJAtnMTXUG1fYvv/M6G0OV2uzheb9I1EUqyhB+EuCky3J739/jFfOrdoVGVTXKSl4Q8aJ7jNapRrFq7FZtU64= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726953; c=relaxed/simple; bh=gZPo3nShziOmGAbd+0pCgUu6Qm850DH0SgyD005yejE=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=xLiU25eyzfsvItfHkS7gq5dwSTKrMU23/sREX7orN57FI0RjFKlPIYE4FEyw5EyWrnWzi6q/aOcPB7rux0CX9+xYMRiREPKy+j0FkB9/zttlP+lVi7Tzaju71hS6IKBmuuKoZy3pmx7G3XhX0+S/m5SQtr9gTas2PuqkCNQLm/0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-il1-x12a.google.com with SMTP id e9e14a558f8ab-3a0cbc08b38so24897635ab.0 for ; Mon, 30 Sep 2024 13:08:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726937; x=1728331737; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6enK2tjMh2S/+8qOtGnPNnjnO6c9mAtE2mV1r/axQ7I=; b=krfTXoMvHYhRH8wIi/i6bAgKrwkv1wMnlkocJLQmL/MZA36xHYqF74nZ/vIvhF+wFA vAO5Gvp2T2WAF5WwhnO3drBa7qHTgxKvYkOd9tDKNBfbn3eLbXXDB8VMzS/eIzaJLu8t WiZrNO3oe/DttSFrTHcWHTjncB0jztCs3d/9JxCmeQ4Jm/qWgnEPkISsEEPM4tepzLkb cT9hwYer+nwt9+H91p3tL8a8YGCAMY5FMouyLRGpchcTX2xtKZSv+F/RmlxBgRlBlsv3 FJRVQoNnS/AOEL+JvWGIWuMqqgN8zSzlh2p9wr+6YgDM4OfRqHQHgzGHW78zyUZqPB3u lGAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726937; x=1728331737; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6enK2tjMh2S/+8qOtGnPNnjnO6c9mAtE2mV1r/axQ7I=; b=AV0Qp643HrhIck0vvkFbV9v+yKr7grJHrrxxCJYb7dksAnp7IUlXbQTMJ68ZkwE+Pe nniZW93cs73misXtKXAJ0BapUGEAtOVJFlKFebYY1L13wRRgLP3yw1j4PcGzvM2m503J yfDdPmPUa7OQowIpe6DUidHGpTRhj3QzeWX4q7Es8+zuekEK/zL2P1cJRCoAWIMJM3bx Hm0GVk93Kutg5WkX3T5SlcPNEt8Fzi3N9bl4sAmQWuXSZsliUp2a9ovsXe/9F7acaSm+ J2476AUkk34Uw4C/WGgn/69gnB9gi5mi16YPtYOV89udDiyi0BPg0kVrGZ+QE9q9j/OL IMpA== X-Gm-Message-State: AOJu0Yx0vKWwqRLDMEY1T705i9SylfLRJQUQgSLFGdxMaKWLrFT5ac8w B8/R5BBPTtMWhElNPOZ7F1NTlSDjuk6Zf/vR6xj64keNbRXKtvCRehOAzOvs2vE3fcddogRT3mN 3V/Y= X-Received: by 2002:a05:6e02:1a6c:b0:3a0:98e9:1b7a with SMTP id e9e14a558f8ab-3a34514af43mr104310265ab.2.1727726936440; Mon, 30 Sep 2024 13:08:56 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:56 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 6/9] elf: Add support to memory sealing Date: Mon, 30 Sep 2024 17:08:28 -0300 Message-Id: <20240930200831.1669010-7-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The new Linux mseal syscall allows mark a memory mapping to avoid further changes (such as chaing the protection flags). The memory sealing is done in multiple places where the memory is supposed to be immutable during program execution: * All shared library dependencies from the binary, including the read-only segments after PT_GNU_RELRO setup. * The binary itself, including dynamic and static linked ones. In both cases, it is up either to binary or the loader to set up the sealing. * Any preload libraries, including depedencies. * Any library loaded with dlopen with RTLD_NODELETE flag. * Audit modules. * The loader bump allocator. The memory sealing is controled by a new gnu attribute, GNU_PROPERTY_MEMORY_SEAL, added by the new static linker option '-z memory-seal'. It is set per binary, including statically linked and shared objects. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- NEWS | 6 ++++ elf/dl-load.c | 4 +++ elf/dl-map-segments.h | 6 ++++ elf/dl-minimal-malloc.c | 3 ++ elf/dl-open.c | 4 +++ elf/dl-reloc.c | 51 ++++++++++++++++++++++++++++++ elf/dl-support.c | 7 ++++ elf/elf.h | 2 ++ elf/rtld.c | 8 +++++ elf/setup-vdso.h | 2 ++ include/link.h | 8 +++++ sysdeps/aarch64/dl-prop.h | 5 +++ sysdeps/generic/dl-mseal.h | 23 ++++++++++++++ sysdeps/generic/dl-prop-mseal.h | 36 +++++++++++++++++++++ sysdeps/generic/dl-prop.h | 5 +++ sysdeps/generic/ldsodefs.h | 8 +++++ sysdeps/unix/sysv/linux/Makefile | 4 +++ sysdeps/unix/sysv/linux/dl-mseal.c | 41 ++++++++++++++++++++++++ sysdeps/unix/sysv/linux/dl-mseal.h | 27 ++++++++++++++++ sysdeps/x86/dl-prop.h | 4 +++ 20 files changed, 254 insertions(+) create mode 100644 sysdeps/generic/dl-mseal.h create mode 100644 sysdeps/generic/dl-prop-mseal.h create mode 100644 sysdeps/unix/sysv/linux/dl-mseal.c create mode 100644 sysdeps/unix/sysv/linux/dl-mseal.h diff --git a/NEWS b/NEWS index 8cbee5eb74..f103b4995b 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,12 @@ Major new features: mappings to avoid further change during process execution such as protection permissions, unmapping, moving to another location, or shrinking the size. +* The loader will memory seal all libraries that contains the new gnu + attribute GNU_PROPERTY_MEMORY_SEAL. The memory sealing uses the new Linux + mseal syscall, and it will be applied to all shared libraries dependencies, + the binary, any preload and audit modules, and aby library loaded with + RTLD_NODELETE. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/elf/dl-load.c b/elf/dl-load.c index ac8e217a7f..41165287ae 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1415,6 +1415,10 @@ cannot enable executable stack as shared object requires"); /* Assign the next available module ID. */ _dl_assign_tls_modid (l); + if (l->l_seal == lt_seal_toseal + && (mode & __RTLD_DLOPEN) && !(mode & RTLD_NODELETE)) + l->l_seal = lt_seal_dont_dlopen; + #ifdef DL_AFTER_LOAD DL_AFTER_LOAD (l); #endif diff --git a/elf/dl-map-segments.h b/elf/dl-map-segments.h index 30977cf800..7cdf9ebde0 100644 --- a/elf/dl-map-segments.h +++ b/elf/dl-map-segments.h @@ -18,6 +18,7 @@ . */ #include +#include /* Map a segment and align it properly. */ @@ -188,6 +189,11 @@ _dl_map_segments (struct link_map *l, int fd, -1, 0); if (__glibc_unlikely (mapat == MAP_FAILED)) return DL_MAP_SEGMENTS_ERROR_MAP_ZERO_FILL; + /* We need to seal this here because it will not be part of + the PT_LOAD segments, nor it is taken in RELRO + calculation. */ + if (l->l_seal) + _dl_mseal (mapat, zeroend - zeropage); } } diff --git a/elf/dl-minimal-malloc.c b/elf/dl-minimal-malloc.c index 25d870728d..232fc5cf9c 100644 --- a/elf/dl-minimal-malloc.c +++ b/elf/dl-minimal-malloc.c @@ -27,6 +27,7 @@ #include #include #include +#include static void *alloc_ptr, *alloc_end, *alloc_last_block; @@ -62,6 +63,8 @@ __minimal_malloc (size_t n) if (page == MAP_FAILED) return NULL; __set_vma_name (page, nup, " glibc: loader malloc"); + if (GL(dl_rtld_map).l_seal == lt_seal_toseal) + _dl_mseal (page, nup); if (page != alloc_end) alloc_ptr = page; alloc_end = page + nup; diff --git a/elf/dl-open.c b/elf/dl-open.c index f251781dc4..63834ff692 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -793,6 +793,10 @@ dl_open_worker (void *a) if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) _dl_debug_printf ("opening file=%s [%lu]; direct_opencount=%u\n\n", new->l_name, new->l_ns, new->l_direct_opencount); + + /* The seal flag is set only for NEW, however its dependencies could not be + unloaded and thus can also be sealed. */ + _dl_mseal_map (new, true, false); } void * diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c index 4bf7aec88b..637870d0c7 100644 --- a/elf/dl-reloc.c +++ b/elf/dl-reloc.c @@ -28,6 +28,7 @@ #include <_itoa.h> #include #include "dynamic-link.h" +#include /* Statistics function. */ #ifdef SHARED @@ -347,6 +348,11 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[], done, do it. */ if (l->l_relro_size != 0) _dl_protect_relro (l); + + /* Seal the memory mapping after RELRO setup, we can use the PT_LOAD + segments because even if relro splits the the original RW VMA, + mseal works with multiple VMAs with different flags. */ + _dl_mseal_map (l, false, false); } @@ -369,6 +375,51 @@ cannot apply additional memory protection after relocation"); } } +static void +_dl_mseal_map_1 (struct link_map *l, bool force) +{ + /* The 'force' check allow to seal audit with sealing enabled after + they are loader during process startup. */ + if (l->l_seal == lt_seal_dont + || (force + ? l->l_seal != lt_seal_dont_dlopen + : l->l_seal == lt_seal_dont_dlopen)) + return; + + int r = -1; + if (l->l_contiguous) + r = _dl_mseal ((void *) l->l_map_start, l->l_map_end - l->l_map_start); + else + { + const ElfW(Phdr) *ph; + for (ph = l->l_phdr; ph < &l->l_phdr[l->l_phnum]; ++ph) + switch (ph->p_type) + { + case PT_LOAD: + { + ElfW(Addr) mapstart = l->l_addr + + (ph->p_vaddr & ~(GLRO(dl_pagesize) - 1)); + ElfW(Addr) allocend = l->l_addr + ph->p_vaddr + ph->p_memsz; + r = _dl_mseal ((void *) mapstart, allocend - mapstart); + } + break; + } + } + + if (r == 0) + l->l_seal = lt_seal_sealed; +} + +void +_dl_mseal_map (struct link_map *l, bool dep, bool force) +{ + if (l->l_searchlist.r_list == NULL || !dep) + _dl_mseal_map_1 (l, force); + else + for (unsigned int i = 0; i < l->l_searchlist.r_nlist; ++i) + _dl_mseal_map_1 (l->l_searchlist.r_list[i], force); +} + void __attribute_noinline__ _dl_reloc_bad_type (struct link_map *map, unsigned int type, int plt) diff --git a/elf/dl-support.c b/elf/dl-support.c index bd02a77d1a..9fb185fb30 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -46,6 +46,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -100,6 +101,7 @@ static struct link_map _dl_main_map = .l_used = 1, .l_tls_offset = NO_TLS_OFFSET, .l_serial = 1, + .l_seal = lt_seal_dont, }; /* Namespace information. */ @@ -353,6 +355,11 @@ _dl_non_dynamic_init (void) /* Setup relro on the binary itself. */ if (_dl_main_map.l_relro_size != 0) _dl_protect_relro (&_dl_main_map); + + /* Seal the memory mapping after RELRO setup, we can use the PT_LOAD + segments because even if relro splits the the original RW VMA, + mseal works with multiple VMAs with different flags. */ + _dl_mseal_map (&_dl_main_map, false, false); } #ifdef DL_SYSINFO_IMPLEMENTATION diff --git a/elf/elf.h b/elf/elf.h index 33aea7f743..b9fe2064af 100644 --- a/elf/elf.h +++ b/elf/elf.h @@ -1357,6 +1357,8 @@ typedef struct #define GNU_PROPERTY_STACK_SIZE 1 /* No copy relocation on protected data symbol. */ #define GNU_PROPERTY_NO_COPY_ON_PROTECTED 2 +/* No memory sealing. */ +#define GNU_PROPERTY_MEMORY_SEAL 3 /* A 4-byte unsigned integer property: A bit is set if it is set in all relocatable inputs. */ diff --git a/elf/rtld.c b/elf/rtld.c index 0f4b3e9a43..90eb798013 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -53,6 +53,7 @@ #include #include #include +#include #include @@ -478,6 +479,7 @@ _dl_start_final (void *arg, struct dl_start_final_info *info) GL(dl_rtld_map).l_real = &GL(dl_rtld_map); GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start; GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end; + GL(dl_rtld_map).l_seal = lt_seal_dont; /* Copy the TLS related data if necessary. */ #ifndef DONT_USE_BOOTSTRAP_MAP # if NO_TLS_OFFSET != 0 @@ -1042,6 +1044,11 @@ ERROR: audit interface '%s' requires version %d (maximum supported version %d); /* Mark the DSO as being used for auditing. */ dlmargs.map->l_auditing = 1; + + /* Audit modules can not be loaded with RTLD_NODELETE, so apply the sealing + again on all dependencies an and ignore any possible missing seal due + dlopen without RTLD_NODELETE. */ + _dl_mseal_map (dlmargs.map, true, true); } /* Load all audit modules. */ @@ -1124,6 +1131,7 @@ rtld_setup_main_map (struct link_map *main_map) /* And it was opened directly. */ ++main_map->l_direct_opencount; main_map->l_contiguous = 1; + main_map->l_seal = lt_seal_dont; /* A PT_LOAD segment at an unexpected address will clear the l_contiguous flag. The ELF specification says that PT_LOAD diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h index 888e1e4897..f115e6eb78 100644 --- a/elf/setup-vdso.h +++ b/elf/setup-vdso.h @@ -66,6 +66,8 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), /* The vDSO is always used. */ l->l_used = 1; + /* The PT_LOAD may not cover all the vdso mapping. */ + l->l_seal = lt_seal_dont; /* Initialize l_local_scope to contain just this map. This allows the use of dl_lookup_symbol_x to resolve symbols within the vdso. diff --git a/include/link.h b/include/link.h index 5ed445d5a6..e8ee740099 100644 --- a/include/link.h +++ b/include/link.h @@ -214,6 +214,14 @@ struct link_map lt_library map. */ unsigned int l_tls_in_slotinfo:1; /* TLS slotinfo updated in dlopen. */ + enum /* Memory sealing status. */ + { + lt_seal_dont = 0, /* Do not seal the object. */ + lt_seal_dont_dlopen, /* Do not seal from a dlopen. */ + lt_seal_toseal, /* The library is marked to be sealed. */ + lt_seal_sealed /* The library is sealed. */ + } l_seal:2; + /* NODELETE status of the map. Only valid for maps of type lt_loaded. Lazy binding sets l_nodelete_active directly, potentially from signal handlers. Initial loading of an diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h index df05c0211d..c66d9a49f0 100644 --- a/sysdeps/aarch64/dl-prop.h +++ b/sysdeps/aarch64/dl-prop.h @@ -19,6 +19,8 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include + extern void _dl_bti_protect (struct link_map *, int) attribute_hidden; extern void _dl_bti_check (struct link_map *, const char *) @@ -45,6 +47,9 @@ static inline int _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + if (!GLRO(dl_aarch64_cpu_features).bti) /* Skip note processing. */ return 0; diff --git a/sysdeps/generic/dl-mseal.h b/sysdeps/generic/dl-mseal.h new file mode 100644 index 0000000000..dccf78ae38 --- /dev/null +++ b/sysdeps/generic/dl-mseal.h @@ -0,0 +1,23 @@ +/* Memory sealing. Generic version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +static inline int +_dl_mseal (void *addr, size_t len) +{ + return 0; +} diff --git a/sysdeps/generic/dl-prop-mseal.h b/sysdeps/generic/dl-prop-mseal.h new file mode 100644 index 0000000000..b1f93a17fb --- /dev/null +++ b/sysdeps/generic/dl-prop-mseal.h @@ -0,0 +1,36 @@ +/* Support for GNU properties. Generic version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_PROP_MSEAL_H +#define _LD_PROP_MSEAL_H + +#include + +static __always_inline bool +_dl_process_gnu_property_seal (struct link_map *l, int fd, uint32_t type, + uint32_t datasz, void *data) +{ + if (type == GNU_PROPERTY_MEMORY_SEAL && datasz == 0) + { + l->l_seal = lt_seal_toseal; + return true; + } + return false; +} + +#endif diff --git a/sysdeps/generic/dl-prop.h b/sysdeps/generic/dl-prop.h index 1d92920a96..5fac690c81 100644 --- a/sysdeps/generic/dl-prop.h +++ b/sysdeps/generic/dl-prop.h @@ -19,6 +19,8 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include + /* The following functions are used by the dynamic loader and the dlopen machinery to process PT_NOTE and PT_GNU_PROPERTY entries in the binary or shared object. The notes can be used to change the @@ -47,6 +49,9 @@ static inline int __attribute__ ((always_inline)) _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + /* Continue until GNU_PROPERTY_1_NEEDED is found. */ if (type == GNU_PROPERTY_1_NEEDED) { diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 259ce2e7d6..e528b7ff83 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1017,6 +1017,14 @@ extern void _dl_relocate_object (struct link_map *map, /* Protect PT_GNU_RELRO area. */ extern void _dl_protect_relro (struct link_map *map) attribute_hidden; +/* Issue memory sealing for the link map MAP. If MAP is contiguous the + whole region is sealed, otherwise iterate over the program headerrs and + seal each PT_LOAD segment.i + The DEP specify whether to seal the dependencies as well, while FORCE + ignores any possible missing seal due dlopen without RTLD_NODELETE. */ +extern void _dl_mseal_map (struct link_map *map, bool dep, bool force) + attribute_hidden; + /* Call _dl_signal_error with a message about an unhandled reloc type. TYPE is the result of ELFW(R_TYPE) (r_info), i.e. an R__* value. PLT is nonzero if this was a PLT reloc; it just affects the message. */ diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 887152997f..a49a83f530 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -643,6 +643,10 @@ sysdep-rtld-routines += \ dl-sbrk \ # sysdep-rtld-routines +dl-routines += \ + dl-mseal \ + # dl-routines + others += \ pldd \ # others diff --git a/sysdeps/unix/sysv/linux/dl-mseal.c b/sysdeps/unix/sysv/linux/dl-mseal.c new file mode 100644 index 0000000000..c99fd991cb --- /dev/null +++ b/sysdeps/unix/sysv/linux/dl-mseal.c @@ -0,0 +1,41 @@ +/* Memory sealing. Linux version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +int +_dl_mseal (void *addr, size_t len) +{ + int r; +#if __ASSUME_MSEAL + r = INTERNAL_SYSCALL_CALL (mseal, addr, len, 0); +#else + r = -ENOSYS; + static int mseal_supported = true; + if (atomic_load_relaxed (&mseal_supported)) + { + r = INTERNAL_SYSCALL_CALL (mseal, addr, len, 0); + if (r == -ENOSYS) + atomic_store_relaxed (&mseal_supported, false); + } +#endif + return r; +} diff --git a/sysdeps/unix/sysv/linux/dl-mseal.h b/sysdeps/unix/sysv/linux/dl-mseal.h new file mode 100644 index 0000000000..25e3f724dc --- /dev/null +++ b/sysdeps/unix/sysv/linux/dl-mseal.h @@ -0,0 +1,27 @@ +/* Memory sealing. Linux version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* Seal the ADDR or size LEN to protect against modifications, such as + changes on the permission flags (through mprotect), remap (through + mmap and/or remap), shrink, destruction changes (madvise with + MADV_DONTNEED), or change its size. The input has the same constraints + as the mseal syscall. + + Return 0 in case of success or a negative value otherwise (a negative + errno). */ +int _dl_mseal (void *addr, size_t len) attribute_hidden; diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h index 08387dfaff..26a687d611 100644 --- a/sysdeps/x86/dl-prop.h +++ b/sysdeps/x86/dl-prop.h @@ -19,6 +19,7 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include #include extern void _dl_cet_check (struct link_map *, const char *) @@ -241,6 +242,9 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { /* This is called on each GNU property. */ + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + unsigned int needed_1 = 0; unsigned int feature_1_and = 0; unsigned int isa_1_needed = 0; From patchwork Mon Sep 30 20:08:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831582 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2121972wrw; Mon, 30 Sep 2024 13:13:41 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXlxyDySjqRaKicDaIAuESa1oeJwA+LMeSY6OhVR5r9Y5WPTaAmdE5sWVHNczO08D9UtHfO8Q==@linaro.org X-Google-Smtp-Source: AGHT+IHSg927nAFPij+aXd/Ss8kWph21UD7ZkMQNUWuoh+8QTq8ABVnKsDH7WE6IJioDUqsLr7Oq X-Received: by 2002:a05:622a:24b:b0:458:4aec:2738 with SMTP id d75a77b69052e-45c9f2a68d0mr247976951cf.56.1727727221219; Mon, 30 Sep 2024 13:13:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727727221; cv=pass; d=google.com; s=arc-20240605; b=MwUr8hsyX2s/cXKjBp6fDGAXcDbe2pcPtlu87X6hLddzpSvTZgWCP+xxMuJP0+HWIS Au8jJDPA9/2akRbt4Nk+9ZOiZVBGai/3KuHjg0p5gnw+mqH+8YVdZebmrik+A94I5b7+ 3UstZM7z05lS4LObjsE12sXoadiAjhoNUI8W3/QLzbxx6wKFdUsKuFfFF2ZT5TsSNYv0 51OgpsqNuNzxFJEg5RqDSemGIYY4eo3fmqnA0szdvaQB23QDU0Fpqli4g+x/lXLcdyam OrBgjdZbzSbbSyWcVxA4JJsjHNe4MgUgdWY4gZSWytckdVCgK/aEdCVhPzosDKkk6/LM Chlw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=ysqDXy3bOFwPmkl35bad/Fq5SjB5trgCjVFIaqVAByA=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=OuGHId8CbI4A3ytjj6aLdyLBXTwTa5QuiS139YvnjCZ8Wn4BphMryp4qCEowcXiXRJ QJ1ABOkMfxqJglaALvdzYVeX8LlGZ1YfQQBzZDMUrhZG6PMm4tIImg2OfqBv3ByTWFf+ B2+D2CAAuccoV124x2z+44cyvPSLCEuezHqD590VBP8TKPPxrx2e7B5w1pBh5KrcISxF 9WaKnCpI+vD8Y7/Y8a2z2u+EUXZ92n13OAvuu7MjEITImROadzM4qUlaeGslT7CzQCeY mYTLjIShC3SkpB9wdaWJQtCix0vcDoWoXlbrcTRf05Pg4+nv9m9dip6UPnKMLEsuALyk nAJg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZEElqfSJ; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-45c9f329c8bsi58526821cf.233.2024.09.30.13.13.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:13:41 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZEElqfSJ; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C05C8384641D for ; Mon, 30 Sep 2024 20:13:40 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) by sourceware.org (Postfix) with ESMTPS id 3FA98384640D for ; Mon, 30 Sep 2024 20:09:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3FA98384640D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3FA98384640D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::d2e ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726952; cv=none; b=KgJxgHDJqqN86eUn30RuF1Gt13QX+OcBf6jzmlT263YiWRV3Cvj0cUfTrZmODTdhIkCWlibDslpj4RSsOCSwKKAMHx/S8YAVwOFC9vTC/5AiOZEO1KBuGWSGgVvvApJOOvGBV1dyBZ/UkBNAm+t9os/DmNHbwZ66HTGDR+ihWks= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726952; c=relaxed/simple; bh=bg5zXYalPjRMiswfRoUvK3/2LEBW3YjoJlynrDfRMTA=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=lv2Iysec4rq2gMgkro6ktH1Spo7XRyO3nZJotFPPqGY8ZgsEhrIrmMeJbUDsRmvQqbgYeuDEc5rT8qzrPPGAUkS/OfoXiJ6QpBXghmB/nEdaI7M14XhgcjJXW+5fMpDXSLJqTKOocEd68f2eLl3PKDmiRxKYqQ/DLaDhgM4CxPE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-io1-xd2e.google.com with SMTP id ca18e2360f4ac-82aef2c1e5fso180150239f.1 for ; Mon, 30 Sep 2024 13:09:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726939; x=1728331739; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ysqDXy3bOFwPmkl35bad/Fq5SjB5trgCjVFIaqVAByA=; b=ZEElqfSJmWgkuUOuh/rV2YmbicRsySqM1NvoVERxv1ZF1HLVO6nmThcUt49YGJCA71 2YcUzO92yvmSi7Y5WWamyez4Y7p63J1GhGAULGq5ELHK7I3r96GOBF1QUjIITmiKv1LK W0Ivu+uD59kvq4RekM+wyQM6Fiem4JGP+tzoP3NZ4qcBHNfcT1UlTwkDSFFZdlg5bWv5 /q0Q48dKe9g3tIjPbP7woslfhfllyoL32ILa0r2Ht6TWRqKNhfdcELaA+OSrQwR9gBCC o9hodSwORh8NsWvWyVVl6DSm6dRzhD7FzJD/hum3VZoOMA7XSMTg0Cqwab+zTKT++7ta uI0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726939; x=1728331739; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ysqDXy3bOFwPmkl35bad/Fq5SjB5trgCjVFIaqVAByA=; b=Q9/PEiTumwCPSGhwU0L7HKE0gNNGbG8AJafOlBuJzDxSJrvKgA0sp7N4De+QsNR6RM CpnlmFVUXRibmi2IIYT+oi9SDGQ9zbmJhmdu5BwSTGo/D/s/sMRaUfF+i63KHjUWyRhC fDngTq3PcQEA/2kgnVkin/dYzGJWuTt7OwKYmoMgzXQ9sw2miiOJpusxPTUQXNTV3QZa UOelDBTtcc0wfWaXGEF2hyB4H/q7X+a/dWcDHYPZguodI6jRPjHTRYtSCH6TsaMnQRhn yGMEDjvCryACN+6OkWXoXap/fJ9iRtB/HIZA4Yl9ydOfmfzO9vPJWO9qb/C3vhBP4beF 2qSw== X-Gm-Message-State: AOJu0YzuikaTDg5VDZqWKMq3DTqPhsqPwk0U5NR/rkWD5Vptkd+Sbmv9 M82QAe15OoPxnf1jmu6wQvCshnxNDH0choW+nyYHAebqD6wst7Ifc5MPswUjxtZdtzREyUQizbX VJu0= X-Received: by 2002:a05:6602:6d13:b0:82c:ffb5:86ab with SMTP id ca18e2360f4ac-834931d4168mr1408340739f.5.1727726938789; Mon, 30 Sep 2024 13:08:58 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:58 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 7/9] Enable memory sealing automatically Date: Mon, 30 Sep 2024 17:08:29 -0300 Message-Id: <20240930200831.1669010-8-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org All libraries, programs, and the testsuite in glibc are now build with memory sealing by default if the toochain supports it. A new configure option, --disable-default-memory-seal, disables it. Checked on aarch64-linux-gnu. --- INSTALL | 5 ++++ Makeconfig | 17 ++++++++++++++ Makerules | 2 ++ NEWS | 4 ++++ configure | 57 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 19 +++++++++++++++ elf/Makefile | 1 + manual/install.texi | 5 ++++ 8 files changed, 110 insertions(+) diff --git a/INSTALL b/INSTALL index 24e3c8d25b..2a340514c2 100644 --- a/INSTALL +++ b/INSTALL @@ -245,6 +245,11 @@ if 'CFLAGS' is specified it must enable optimization. For example: Disable using 'scv' instruction for syscalls. All syscalls will use 'sc' instead, even if the kernel supports 'scv'. PowerPC only. +'--disable-default-memory-seal' + Don't build glibc libraries, programs, and the testsuite with + memory sealing support (GNU_PROPERTY_MEMORY_SEAL). By default, + memory sealing is enabled if toolchain suports the linker option. + '--build=BUILD-SYSTEM' '--host=HOST-SYSTEM' These options are for cross-compiling. If you specify both options diff --git a/Makeconfig b/Makeconfig index a87ff7b1d3..953a8b1d1f 100644 --- a/Makeconfig +++ b/Makeconfig @@ -389,6 +389,21 @@ dt-relr-ldflag = no-dt-relr-ldflag = endif +# Linker options to enable and disable memory sealing (GNU_PROPERTY_MEMORY_SEAL), +# if --disable-default-memory-sealing is used explicit disable memory sealing for +# the case linker defaults to it. +ifeq ($(have-z-memory-seal),yes) +no-memory-seal-ldflag = -Wl,-z,nomemory-seal +ifeq ($(default-memory-seal),yes) +memory-seal-ldflag = -Wl,-z,memory-seal +else +memory-seal-ldflag = $(no-memory-seal-ldflag) +endif +else +memory-seal-ldflag = +no-memory-seal-ldflag = +endif + ifeq (no,$(build-pie-default)) pie-default = $(no-pie-ccflag) else # build-pie-default @@ -433,6 +448,7 @@ link-extra-libs-tests = $(libsupport) ifndef +link-pie +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -Wl,-O1 -nostdlib -nostartfiles \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ @@ -466,6 +482,7 @@ ifndef +link-static +link-static-before-inputs = -nostdlib -nostartfiles -static \ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(static-pie-dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \ $(+preinit) $(+prectorT) diff --git a/Makerules b/Makerules index 275110dda8..f2240ed2df 100644 --- a/Makerules +++ b/Makerules @@ -539,6 +539,7 @@ define build-shlib-helper $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \ $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \ -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \ @@ -555,6 +556,7 @@ define build-module-helper $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -B$(csu-objpfx) $(load-map-file) \ $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \ $(link-test-modules-rpath-link) \ diff --git a/NEWS b/NEWS index f103b4995b..ad1b05e015 100644 --- a/NEWS +++ b/NEWS @@ -41,6 +41,10 @@ Major new features: the binary, any preload and audit modules, and aby library loaded with RTLD_NODELETE. +* All libraries, progras, and the testsuite in glibc are now build with + memory sealing by default if the toochain supports it. A new configure + option, --disable-default-memory-seal, disables it. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/configure b/configure index ec0b62db36..74b56afbbf 100755 --- a/configure +++ b/configure @@ -808,6 +808,7 @@ enable_mathvec enable_cet enable_scv enable_fortify_source +enable_default_memory_sealing with_cpu ' ac_precious_vars='build_alias @@ -1491,6 +1492,9 @@ Optional Features: Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value supported by the build compiler. + --disable-default-memory-sealing + Do not build glibc libraries, programs, and the + testsuite with memory sealing [default=no] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -4855,6 +4859,16 @@ case "$enable_fortify_source" in *) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;; esac +# Check whether --enable-default-memory-sealing was given. +if test ${enable_default_memory_sealing+y} +then : + enableval=$enable_default_memory_sealing; default_memory_sealing=$enableval +else case e in #( + e) default_memory_sealing=yes ;; +esac +fi + + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -7102,6 +7116,49 @@ printf "%s\n" "$libc_linker_feature" >&6; } config_vars="$config_vars have-no-dynamic-linker = $libc_cv_no_dynamic_linker" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for linker that supports -z memory-seal" >&5 +printf %s "checking for linker that supports -z memory-seal... " >&6; } +libc_linker_feature=no +cat > conftest.c <&5 + (eval $ac_try) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then + if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -Wl,-z,memory-seal -nostdlib \ + -nostartfiles -fPIC -shared -o conftest.so conftest.c 2>&1 \ + | grep "warning: -z memory-seal ignored" > /dev/null 2>&1; then + true + else + libc_linker_feature=yes + fi +fi +rm -f conftest* +if test $libc_linker_feature = yes; then + libc_cv_z_memory_seal=yes +else + libc_cv_z_memory_seal=no +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_linker_feature" >&5 +printf "%s\n" "$libc_linker_feature" >&6; } + +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +config_vars="$config_vars +have-z-memory-seal = $libc_cv_z_memory_seal" +config_vars="$config_vars +default-memory-seal = $default_memory_sealing" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -static-pie" >&5 printf %s "checking for -static-pie... " >&6; } if test ${libc_cv_static_pie+y} diff --git a/configure.ac b/configure.ac index 7c9b57789e..0a7776a7bb 100644 --- a/configure.ac +++ b/configure.ac @@ -426,6 +426,12 @@ case "$enable_fortify_source" in *) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);; esac +AC_ARG_ENABLE([default-memory-sealing], + AS_HELP_STRING([--disable-default-memory-sealing], + [Do not build glibc libraries, programs, and the testsuite with memory sealing @<:@default=no@:>@]), + [default_memory_sealing=$enableval], + [default_memory_sealing=yes]) + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -1278,6 +1284,19 @@ LIBC_LINKER_FEATURE([--no-dynamic-linker], [libc_cv_no_dynamic_linker=no]) LIBC_CONFIG_VAR([have-no-dynamic-linker], [$libc_cv_no_dynamic_linker]) +LIBC_LINKER_FEATURE([-z memory-seal], + [-Wl,-z,memory-seal], + [libc_cv_z_memory_seal=yes], + [libc_cv_z_memory_seal=no]) + +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +LIBC_CONFIG_VAR([have-z-memory-seal], [$libc_cv_z_memory_seal]) +LIBC_CONFIG_VAR([default-memory-seal], [$default_memory_sealing]) + AC_CACHE_CHECK(for -static-pie, libc_cv_static_pie, [dnl LIBC_TRY_CC_OPTION([-static-pie], [libc_cv_static_pie=yes], diff --git a/elf/Makefile b/elf/Makefile index 09d77093a7..942761d9c6 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -1392,6 +1392,7 @@ $(objpfx)ld.so: $(objpfx)librtld.os $(ld-map) $(LINK.o) -nostdlib -nostartfiles -shared -o $@.new \ $(LDFLAGS-rtld) -Wl,-z,defs $(z-now-$(bind-now)) \ $(dt-relr-ldflag) \ + $(memory-seal-ldflag) \ $(filter-out $(map-file),$^) $(load-map-file) \ -Wl,-soname=$(rtld-installed-name) $(call after-link,$@.new) diff --git a/manual/install.texi b/manual/install.texi index 3e68a3d823..58363e8a9c 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -272,6 +272,11 @@ C++ libraries. Disable using @code{scv} instruction for syscalls. All syscalls will use @code{sc} instead, even if the kernel supports @code{scv}. PowerPC only. +@item --disable-default-memory-seal +Don't build glibc libraries, programs, and the testsuite with +memory sealing support (@code{GNU_PROPERTY_MEMORY_SEAL}). By default, +memory sealing is enabled if toolchain suports the linker option. + @item --build=@var{build-system} @itemx --host=@var{host-system} These options are for cross-compiling. If you specify both options and From patchwork Mon Sep 30 20:08:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831580 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2121551wrw; Mon, 30 Sep 2024 13:12:26 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUCb0iWyXy6g2VZ6hRgnjPOPqiFkFqtf1tXZZBWsjyzHZryTzCXM1x68PkUcYbwx6WLzE1vkw==@linaro.org X-Google-Smtp-Source: AGHT+IGOUeFKd80LCm/3uQYGky++frl/lIny2vBv45ttGxLbSopTNqj9LwKOm1pd1yiS9WneuRMz X-Received: by 2002:a05:620a:198f:b0:7a6:5cfd:cdfe with SMTP id af79cd13be357-7ae3782e605mr2228163085a.25.1727727146573; Mon, 30 Sep 2024 13:12:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727727146; cv=pass; d=google.com; s=arc-20240605; b=UgHpcnoDN/WEjIjnZLMxHZ6wUjDwX2+JcvGbLlntV7Sjy14YoD3m8BHlOB+VhKMMXG ccLZSvpG04xJI8XtV05AGFi1hYkEyCeNXBkWmY2vjtQCP6spvL1jF56zrE1BFCpQsAGH su6Vj5F+YUHF20caOsV+3rZEppJufF+IstHeo4SGI+TrgNMg56leqxwV9m+Y4NH0y39D fyniCTUL7t5MtXhz1hh0V/qrrLbzN5hb10t6b35eJ6dIqvEmrYq0qDTGSpE09QGvNwTS Jpgyf5A+32apKlK7lurCkz4A/7oHIMJBf5pe3FNsiDL7yt72CCXKk8xgOfSgX1hBkfav CFrw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=hoO2VAvfcWgIMxVBjaFTEEZE77LG8pqx+pV8CAKEshY=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=c5OT28BqZVCSwThI/ZG2OvIqA/LWgiD+ZgbM8rtbnoVCvUlQ8IB1DgLfA0k8ptA38k zKHj+7V5z1e6vHNbPAate3McvYxi+eiHp+Naa+CFyHpnHmL96iWf/cH8fENkMC+AXWZa NGqqCMn9PDqK3JgI8FVAFFqanFEn7dDRycDTtLh42hE4V/y181Hzshnu8vssnEdVBa7m DottbY9BucQyrnFyTExmZDYpXoScm6ZsnB/nmSsdZz7NkrI+i1Ikigr6RU/Xlmlu2N0n UQE1gvrM2LTAKm4TrZCI2gP4p/hNPIIcVv8wKqHuEMEh/HvQnPoqQFXuRopJvOfrq6Kw sInw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jr6nyX+X; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id af79cd13be357-7ae3785497dsi915632285a.439.2024.09.30.13.12.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:12:26 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jr6nyX+X; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2F1513845140 for ; Mon, 30 Sep 2024 20:12:26 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by sourceware.org (Postfix) with ESMTPS id 7799638460B1 for ; Mon, 30 Sep 2024 20:09:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7799638460B1 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7799638460B1 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::432 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726953; cv=none; b=Ji3LrrIuxK8LE/Q4e59IsoTa07LqTKW3JZfO2vKlZ9SYb4NxBi9uBNqsgzqs8vdwMXV/v6gqhsEoE0OOWFW16ypc9gQensMtzkp6ExjL1Et/7VoTduCxlMXBEkTR+OfesLmqw2/7kNs5B2vuragVmfiZoOwwBOiGb68kMwhnjRk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726953; c=relaxed/simple; bh=V3Ldk1XnEcNBQLVVm4oEEOlOJX16Fjlo1c3GMEiPXWM=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=rAUROPFceLUttT41wzA3JZ2ueDtN9Pe621MPBbQKuGZVCEXzUsbwJ4E9qJX/q40lTO/U8SLxpY0xrGskvLmZkFG72yMhUR9PbYoma9grTEY/nr8qx5nZ/kWjy2HtBlstW5WnFnm+l03t9jno6xIF/KAzQHmZUkENWpRF+Vqf8i8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-718e285544fso3704413b3a.1 for ; Mon, 30 Sep 2024 13:09:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726942; x=1728331742; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hoO2VAvfcWgIMxVBjaFTEEZE77LG8pqx+pV8CAKEshY=; b=jr6nyX+XRlcsHX0ljEa3l7J/Int4W8RoZ+iL6CToqZyJNXVXJeavCsluDcWOJR8yYa EXtHM38M2LYs/BeOZjbOjgCtA5eRm8D3yZrpyLb8RHN19ETEtyRnhqnZtII4jTPYMT5a Y3VXoeOsMZY9YQfXm6WzHtX/uqR7hfIq+7WwliYyVaLcTHSVIfq5/Mbq/l+9azoiyp4Q kwc3tAvi0yqA6BcjOcE1CqrkzxvISp9Qg8ibFKt188Rjaj4+y+tD91mjgxYnKKsQDilo wED+FZhq99CFZtBAGIlSbHZD6m7C7ftuSJ8/QzLJwKlf7Ls4g0bU/4ZPY9oejR9eBXvx Vdtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726942; x=1728331742; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hoO2VAvfcWgIMxVBjaFTEEZE77LG8pqx+pV8CAKEshY=; b=QbHEnNDf2XrJYubs+NzYmgOAenfzSFEWgC5mhg9JlKceAcVHLfX0zWTunVGm7MZNBf uzKsr+8VM1AXXlTNhncnYQAhvxQ1OhlL4KJH8VXZHwEPE878kFYQt/c/NvnA7XiEzLGP 9QFi7Xd8GEHZeAyk13vhOEx+EoQkgc4lybg3EGH8LLZb6E5F0T1frT9gbJpC6GEzJeyM 8DRGyE5Xp0/MZNTRiy8xDX8wWSNn1VhOsyj33nF8QtXH8aT6xbje0aO5/lSCmxP2QR8F oShZESeugH43iofX35Zzy4iYGD+CceJ1+uHv1iupCiVaq+13PcexG4N9aE8Dy+4ADQ74 7WOA== X-Gm-Message-State: AOJu0Yz6ipUhamO0SvieVLZ7tgq8gnz0TNOYpTzwqGmInXvL9fhkHF/C Jk0oLKBeMLbswC9r9MfYPZRAUZzAECk8iCvsH+/l6GS54JKjEookAdMlUZsDWhtx6E4oIFWEvNH qhl4= X-Received: by 2002:a05:6a00:2396:b0:717:869c:2c60 with SMTP id d2e1a72fcca58-71b2607039fmr19293570b3a.26.1727726941206; Mon, 30 Sep 2024 13:09:01 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:09:00 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 8/9] linux: Add memory sealing tests Date: Mon, 30 Sep 2024 17:08:30 -0300 Message-Id: <20240930200831.1669010-9-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-11.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The tests check both the default behavior (no memory sealing) and sealing support if linker supports it. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- sysdeps/unix/sysv/linux/Makefile | 87 ++++++ .../sysv/linux/tst-dl_mseal-auditmod-noseal.c | 1 + .../unix/sysv/linux/tst-dl_mseal-auditmod.c | 23 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1.c | 19 ++ .../linux/tst-dl_mseal-dlopen-2-1-noseal.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c | 19 ++ .../sysv/linux/tst-dl_mseal-dlopen-2-noseal.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2.c | 19 ++ .../sysv/linux/tst-dl_mseal-mod-1-noseal.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c | 19 ++ .../sysv/linux/tst-dl_mseal-mod-2-noseal.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c | 74 +++++ .../sysv/linux/tst-dl_mseal-preload-noseal.c | 1 + .../unix/sysv/linux/tst-dl_mseal-preload.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-skeleton.c | 277 ++++++++++++++++++ .../sysv/linux/tst-dl_mseal-static-noseal.c | 45 +++ sysdeps/unix/sysv/linux/tst-dl_mseal-static.c | 42 +++ sysdeps/unix/sysv/linux/tst-dl_mseal.c | 72 +++++ 20 files changed, 831 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal.c diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index a49a83f530..a5e8843e6a 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -656,6 +656,93 @@ install-bin += \ # install-bin $(objpfx)pldd: $(objpfx)xmalloc.o + +ifeq ($(have-z-memory-seal)$(default-memory-seal),yesyes) +tests-static += \ + tst-dl_mseal-static \ + tst-dl_mseal-static-noseal \ + # tests-static + +tests += \ + $(tests-static) \ + tst-dl_mseal \ + tst-dl_mseal-noseal \ + # tests + +modules-names += \ + tst-dl_mseal-auditmod \ + tst-dl_mseal-auditmod-noseal \ + tst-dl_mseal-dlopen-1 \ + tst-dl_mseal-dlopen-1-1 \ + tst-dl_mseal-dlopen-2 \ + tst-dl_mseal-dlopen-2-1 \ + tst-dl_mseal-dlopen-2-1-noseal \ + tst-dl_mseal-dlopen-2-noseal \ + tst-dl_mseal-mod-1 \ + tst-dl_mseal-mod-1-noseal \ + tst-dl_mseal-mod-2 \ + tst-dl_mseal-mod-2-noseal \ + tst-dl_mseal-preload \ + tst-dl_mseal-preload-noseal \ + # modules-names + +$(objpfx)tst-dl_mseal.out: \ + $(objpfx)tst-dl_mseal-auditmod.so \ + $(objpfx)tst-dl_mseal-preload.so \ + $(objpfx)tst-dl_mseal-mod-1.so \ + $(objpfx)tst-dl_mseal-mod-2.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1.so + +$(objpfx)tst-dl_mseal-noseal.out: \ + $(objpfx)tst-dl_mseal-auditmod-noseal.so \ + $(objpfx)tst-dl_mseal-preload-noseal.so \ + $(objpfx)tst-dl_mseal-mod-1-noseal.so \ + $(objpfx)tst-dl_mseal-mod-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + +LDFLAGS-tst-dl_mseal = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-mod-1.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-1.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-2.so = -Wl,--no-as-needed + +tst-dl_mseal-dlopen-1-1.so-no-memory-seal = yes +tst-dl_mseal-dlopen-2-1.so-no-memory-seal = yes + +$(objpfx)tst-dl_mseal: $(objpfx)tst-dl_mseal-mod-1.so +$(objpfx)tst-dl_mseal-mod-1.so: $(objpfx)tst-dl_mseal-mod-2.so +$(objpfx)tst-dl_mseal-dlopen-1.so: $(objpfx)tst-dl_mseal-dlopen-1-1.so +$(objpfx)tst-dl_mseal-dlopen-2.so: $(objpfx)tst-dl_mseal-dlopen-2-1.so + +tst-dl_mseal-noseal-no-memory-seal = yes +tst-dl_mseal-preload-noseal.so-no-memory-seal = yes +tst-dl_mseal-auditmod-noseal.so-no-memory-seal = yes +tst-dl_mseal-mod-2-noseal.so-no-memory-seal = yes +tst-dl_mseal-dlopen-2-noseal.so-no-memory-seal =yes + +LDFLAGS-tst-dl_mseal-noseal = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-mod-1-noseal.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-mod-2-noseal.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-2-noseal.so = -Wl,--no-as-needed + +tst-dl_mseal-dlopen-2-1-noseal.so-no-memory-seal = yes + +$(objpfx)tst-dl_mseal-noseal: $(objpfx)tst-dl_mseal-mod-1-noseal.so +$(objpfx)tst-dl_mseal-mod-1-noseal.so: $(objpfx)tst-dl_mseal-mod-2-noseal.so +$(objpfx)tst-dl_mseal-dlopen-2-noseal.so: $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + +tst-dl_mseal-static-noseal-no-memory-seal = yes + +tst-dl_mseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-static-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-noseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-static-noseal-ARGS = -- $(host-test-program-cmd) +endif endif ifeq ($(subdir),rt) diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c new file mode 100644 index 0000000000..a5b257d05e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c @@ -0,0 +1 @@ +#include "tst-dl_mseal-auditmod.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c new file mode 100644 index 0000000000..d909a1561c --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c @@ -0,0 +1,23 @@ +/* Audit module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +unsigned int +la_version (unsigned int v) +{ + return v; +} diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c new file mode 100644 index 0000000000..ef1372f47e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c new file mode 100644 index 0000000000..3c2cbe6035 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c new file mode 100644 index 0000000000..0cd647de46 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c new file mode 100644 index 0000000000..0cd647de46 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c new file mode 100644 index 0000000000..f719dd3cba --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c new file mode 100644 index 0000000000..f719dd3cba --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c new file mode 100644 index 0000000000..3bd188efe8 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c new file mode 100644 index 0000000000..3bd188efe8 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c new file mode 100644 index 0000000000..636e9777af --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c new file mode 100644 index 0000000000..636e9777af --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c new file mode 100644 index 0000000000..34d6714448 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c @@ -0,0 +1,74 @@ +/* Basic tests for sealing. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* This test checks the GNU_PROPERTY_MEMORY_SEAL handling on multiple + places: + + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency module (tst-dl_mseal-mod-2-noseal.so). + - On a audit modules (tst-dl_mseal-auditmod-noeal.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-2-noseal.so). +*/ + +#define LIB_PRELOAD "tst-dl_mseal-preload-noseal.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2-noseal.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1-noseal.so" + +#define LIB_AUDIT "tst-dl_mseal-auditmod-noseal.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "libc.so", + "ld.so", + "tst-dl_mseal-mod-1-noseal.so", +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + "tst-dl_mseal-noseal", + LIB_PRELOAD, + LIB_AUDIT, + "tst-dl_mseal-mod-2-noseal.so", + LIB_DLOPEN_NODELETE, + LIB_DLOPEN_NODELETE_DEP, + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c new file mode 100644 index 0000000000..32b4153e79 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c @@ -0,0 +1 @@ +#include "tst-dl_mseal-preload.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c new file mode 100644 index 0000000000..7831608dd4 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c new file mode 100644 index 0000000000..b1b5f4226e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c @@ -0,0 +1,277 @@ +/* Basic tests for sealing. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#if UINTPTR_MAX == UINT64_MAX +# define PTR_FMT "#018" PRIxPTR +#else +# define PTR_FMT "#010" PRIxPTR +#endif + +#pragma GCC optimize ("O0") + +static int +new_flags (const char flags[4]) +{ + bool read_flag = flags[0] == 'r'; + bool write_flag = flags[1] == 'w'; + bool exec_flag = flags[2] == 'x'; + + write_flag = !write_flag; + + return (read_flag ? PROT_READ : 0) + | (write_flag ? PROT_WRITE : 0) + | (exec_flag ? PROT_EXEC : 0); +} + +/* Libraries/VMA that could not be sealed, and that checking for sealing + does not work (kernel does not allow changing protection). */ +static const char *non_sealed_vmas[] = +{ + ".", /* basename value for empty string anonymous + mappings. */ + "[heap]", + "[vsyscall]", + "[vvar]", + "[stack]", + "zero", /* /dev/zero */ +}; + +static int +is_in_string_list (const char *s, const char *const list[], size_t len) +{ + for (size_t i = 0; i != len; i++) + if (strcmp (s, list[i]) == 0) + return i; + return -1; +} +#define IS_IN_STRING_LIST(__s, __list) \ + is_in_string_list (__s, __list, array_length (__list)) + +static void * +tf (void *closure) +{ + pthread_exit (NULL); + return NULL; +} + +static int +handle_restart (void) +{ +#ifndef TEST_STATIC + xdlopen (LIB_DLOPEN_NODELETE, RTLD_NOW | RTLD_NODELETE); + xdlopen (LIB_DLOPEN_DEFAULT, RTLD_NOW); +#endif + + /* pthread_exit will load LIBGCC_S_SO. */ + xpthread_join (xpthread_create (NULL, tf, NULL)); + + FILE *fp = xfopen ("/proc/self/maps", "r"); + char *line = NULL; + size_t linesiz = 0; + + unsigned long pagesize = getpagesize (); + + bool found_expected[array_length(expected_sealed_vmas)] = { false }; + while (xgetline (&line, &linesiz, fp) > 0) + { + uintptr_t start; + uintptr_t end; + char flags[5] = { 0 }; + char name[256] = { 0 }; + int idx; + + /* The line is in the form: + start-end flags offset dev inode pathname */ + int r = sscanf (line, + "%" SCNxPTR "-%" SCNxPTR " %4s %*s %*s %*s %256s", + &start, + &end, + flags, + name); + TEST_VERIFY_EXIT (r == 3 || r == 4); + + int found = false; + + const char *libname = basename (name); + if ((idx = IS_IN_STRING_LIST (libname, expected_sealed_vmas)) + != -1) + { + /* Check if we can change the protection flags of the segment. */ + int new_prot = new_flags (flags); + TEST_VERIFY_EXIT (mprotect ((void *) start, end - start, + new_prot) == -1); + TEST_VERIFY_EXIT (errno == EPERM); + + /* Also checks trying to map over the sealed libraries. */ + { + char *p = mmap ((void *) start, pagesize, new_prot, + MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + TEST_VERIFY_EXIT (p == MAP_FAILED); + TEST_VERIFY_EXIT (errno == EPERM); + } + + /* And if remap is also blocked. */ + { + char *p = mremap ((void *) start, end - start, end - start, 0); + TEST_VERIFY_EXIT (p == MAP_FAILED); + TEST_VERIFY_EXIT (errno == EPERM); + } + + printf ("sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + + found_expected[idx] = true; + found = true; + } + else if ((idx = IS_IN_STRING_LIST (libname, expected_non_sealed_vmas)) + != -1) + { + /* Check if expected non-sealed segments protection can indeed be + changed. The idea is to use something that would not break + process execution, so just try to mprotect with all protection + bits. */ + int new_prot = PROT_READ | PROT_WRITE | PROT_EXEC; + TEST_VERIFY_EXIT (mprotect ((void *) start, end - start, new_prot) + == 0); + + printf ("not-sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + + found = true; + } + else if (IS_IN_STRING_LIST (libname, expected_non_sealed_special) != -1) + { + /* These pages protection can no be changed. */ + found = true; + } + + if (!found) + { + if (IS_IN_STRING_LIST (libname, non_sealed_vmas) != -1) + printf ("not-sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + else + FAIL_EXIT1 ("unexpected vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + } + } + xfclose (fp); + + printf ("\n"); + + /* Also check if all the expected sealed maps were found. */ + for (int i = 0; i < array_length (expected_sealed_vmas); i++) + if (expected_sealed_vmas[i][0] && !found_expected[i]) + FAIL_EXIT1 ("expected VMA %s not sealed\n", expected_sealed_vmas[i]); + + return 0; +} + +static int restart; +#define CMDLINE_OPTIONS \ + { "restart", no_argument, &restart, 1 }, + +static int +do_test (int argc, char *argv[]) +{ + /* We must have either: + - One or four parameters left if called initially: + + path to ld.so optional + + "--library-path" optional + + the library path optional + + the application name */ + if (restart) + return handle_restart (); + + /* Check the test requirements. */ + { + int r = mseal (NULL, 0, 0); + if (r == -1 && (errno == ENOSYS || errno == EPERM)) + FAIL_UNSUPPORTED ("mseal is not supported by the kernel"); + else + TEST_VERIFY_EXIT (r == 0); + } + support_need_proc ("Reads /proc/self/maps to get stack names."); + + char *spargv[9]; + int i = 0; + for (; i < argc - 1; i++) + spargv[i] = argv[i + 1]; + spargv[i++] = (char *) "--direct"; + spargv[i++] = (char *) "--restart"; + spargv[i] = NULL; + + char *envvarss[] = { +#ifndef TEST_STATIC + (char *) "LD_PRELOAD=" LIB_PRELOAD, + (char *) "LD_AUDIT=" LIB_AUDIT, +#endif + NULL + }; + + struct support_capture_subprocess result = + support_capture_subprogram (spargv[0], spargv, envvarss); + support_capture_subprocess_check (&result, "tst-dl_mseal", 0, + sc_allow_stdout); + + { + FILE *out = fmemopen (result.out.buffer, result.out.length, "r"); + TEST_VERIFY (out != NULL); + char *line = NULL; + size_t linesz = 0; + while (xgetline (&line, &linesz, out)) + printf ("%s", line); + fclose (out); + } + + support_capture_subprocess_free (&result); + + return 0; +} + +#define TEST_FUNCTION_ARGV do_test +#include diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c new file mode 100644 index 0000000000..3a52ee24ed --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c @@ -0,0 +1,45 @@ +/* Basic tests for sealing. Static version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks the GNU_PROPERTY_MEMORY_SEAL handling on a statically + built binary. In this case only the vDSO (if existent) will be sealed. */ + +#define TEST_STATIC 1 + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "", +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + "tst-dl_mseal-static-noseal", + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Auxiliary kernel pages where permission can not be changed. */ +static const char *expected_non_sealed_special[] = +{ + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c new file mode 100644 index 0000000000..c0d82bcd75 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c @@ -0,0 +1,42 @@ +/* Basic tests for sealing. Static version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks the memory sealing work on a statically built binary. */ + +#define TEST_STATIC 1 + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "tst-dl_mseal-static", +}; + +/* Auxiliary pages mapped by the kernel. */ +static const char *expected_non_sealed_vmas[] = +{ + "[vdso]", + "[sigpage]", +}; + +/* Auxiliary kernel pages where permission can not be changed. */ +static const char *expected_non_sealed_special[] = +{ + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal.c new file mode 100644 index 0000000000..3b5553a906 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal.c @@ -0,0 +1,72 @@ +/* Basic tests for sealing. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* Check if memory sealing works as expected on multiples places: + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency modules (tst-dl_mseal-mod-{1,2}.so). + - On a audit modules (tst-dl_mseal-auditmod.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-{2,2-1}.so). + - On the libgcc_s opened by thread unwind. +*/ + +#define LIB_PRELOAD "tst-dl_mseal-preload.so" +#define LIB_AUDIT "tst-dl_mseal-auditmod.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "libc.so", + "ld.so", + "tst-dl_mseal", + "tst-dl_mseal-mod-1.so", + "tst-dl_mseal-mod-2.so", + LIB_PRELOAD, + LIB_AUDIT, + LIB_DLOPEN_NODELETE, +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + LIB_DLOPEN_NODELETE_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" From patchwork Mon Sep 30 20:08:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 831583 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2122224wrw; Mon, 30 Sep 2024 13:14:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX2QBeuhCzZcxLxVSipOXnOsu/TfFrSxcCAD1HVqPkM/5NFoNURGVFoKFbK+OgbUc3wjX3qNQ==@linaro.org X-Google-Smtp-Source: AGHT+IEBRibPJrQTHa9D149+SOOL2PWLLzL6x5RUlYaQIn1vDYFdW74Qy7EYFN3cvRkdcNDI8P6x X-Received: by 2002:ac8:590c:0:b0:458:2f54:3bb5 with SMTP id d75a77b69052e-45c9f1b6ad0mr197515191cf.7.1727727267054; Mon, 30 Sep 2024 13:14:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727727267; cv=pass; d=google.com; s=arc-20240605; b=L2gmUNMYkmwb6dhFtG0ixG0uxOLxhvhXsQY1O6Hhvihafn+x8B2PStzojqpiGn1x6R DcDskS2H+sDmy1BYmvXwSCvGwzLvxR8ljc5qGg7CKEq62buyJ2fhBBp7/5UYTkenE36R 6nV60tj5qo62Im2tKhEcEtpl+jmFLkikaCiQu7Py09G+xTWEVHDN4aIVk/Z0/LW2mjd5 uNqz81aYAsYqv9XYNpqoez0f5WxvWjA+ihymgV9i6lhYM1d7xLrLlelo9QOmwlLZ1ha2 8zgaYC1J+0ALBW3IDTcFR51nAjS4csKUrVLHsFF78O/TuC10fr5ocPz9C6eR/ni7Zmek XYkA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=ZkRcoEqR/25SEAMrW4BsX0yjIkkSQGE+0esw2BI5mts=; fh=3tUIaab7WH3k5DYf15UFmY7vUQNGmrLDHVJFJrkNDfY=; b=Lkbwlct1GwG5UmODg1OfrcT2GLeGzjmTjwWHd1lMvcbCpwqtM3BNuwk1liOmq3r8Jw GYSYMyzog05uaaoVbg/jiCwMxH30DhfcvIxjhbMldGaWTWD2IRVcknvLhiJHpAkEXVvc tn3EfrD8qDcyuspnT6oN8X+bqnQFK73tey73qNBJ/49dGWzkAxMmgFBpGPB/0svWsFON EaMx2YiBlTpjPW4/M+DbRtop+B4hS9dfn9b7hl75jPdzG6MQ6A/oCX3of1fMbEeo8hgy qHcq0MpRxBjBQcUQZfLPSPweNVd6aohSOdmQ3Chc+CwChwZmdICBWMTO53BW9MCjlFCZ BHzg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IMkNma5j; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id d75a77b69052e-45c9f328fd3si90356721cf.353.2024.09.30.13.14.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:14:27 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IMkNma5j; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id AB0323849AC4 for ; Mon, 30 Sep 2024 20:14:26 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) by sourceware.org (Postfix) with ESMTPS id F133D384A487 for ; Mon, 30 Sep 2024 20:09:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F133D384A487 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F133D384A487 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::d2b ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726953; cv=none; b=M7xC/JK/s7pIEVnkQokL318xuD7AZhRV8i+EmAks7IeZAY6NrAmPrUeWDBpkgzzao2U9ZFxwVmLtt87NMrOsisS5h35Wk3ZsGuO8zhErS7ZxT9kG/VDSuLXogzU6IGgP85jp9YoiSNEaRo6eOQxcGhcRnDNUmMV+OMwD7+8Egmw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726953; c=relaxed/simple; bh=brkUsjS4YSm9BF8SFM5keIiSFMrra1r15wdeUibZvVU=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=gNF+8+kTxFYd9qoe+9XLW2G2dRkJVi3NjzVIYjnm2My6vVPnMWLmI69OhUQrtyv+e4nuEZE3CQHSDI9dygCvyMl0gNBrcbCPYk2UBXqN+gzs1QPIjrkyyXmJWvUXoamHLvSGb8zE4Gugv7n58LN4UGTSsx12kd4VYYhje5SkRS4= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-io1-xd2b.google.com with SMTP id ca18e2360f4ac-82cd93a6617so196464439f.3 for ; Mon, 30 Sep 2024 13:09:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726944; x=1728331744; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZkRcoEqR/25SEAMrW4BsX0yjIkkSQGE+0esw2BI5mts=; b=IMkNma5j2a4i0sYZNAs/L02gkQvwskNPeUS1wSpQ5hvgWpP+fGKIuxtpauddbrWK+e 0n67KfaYq7CmzjMiK1wI0MWcSh6rbbXfGYm9Abd7N0dJ8axrsSjuS2HF3iFgdkmKtEx1 sN3uYUbZ7z5cWtrfkeAdzLwEgBwbHbAGhou2BAFNr3Wh0riFB69TlcgO9SiRlPoNnRbt afSYhtsfi4QO3ZykEdujynjPdlGgJS+AZFmVg2wnTV3Vm5Tsg0eaUTOqBEK0zgcMRi9B vjHV9EiGfr9YWN5683x0Zo5heFBh6oXQGuwloD58RGgEkBgMWguO4U7cm+Qvl5sQ1/Dw gmQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726944; x=1728331744; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZkRcoEqR/25SEAMrW4BsX0yjIkkSQGE+0esw2BI5mts=; b=AwFq80wOb1Et+c4jyhaP1FLlARn8dFQuePlXv0ckoffc4uSv/fPe5AWS+Ig0x/0Yna 521qG9OlBqvt38PytMfxHwz25O2w0uZaJbCJ+RnZVC8xuiGG3h8iBb72UGXEmnmgkHFL lyisCUUXKjM4Aze66MXq/vvBeheJz6P5nUme/kfRfWm+FtZQ+7V1AWcij4JG6MZ/WycX 7fXoF7J4npzvSnREtY3ETq9tcpsObeBG6hAbilgmM1uhdmW/taKiKpDp1Rapf5h0kyI4 k7TPLDHEGT7l8xYjvtOwlT8b5FKaAj4IwgCkbt+peC8L1hPR/o+hnysGdX9lWbn57dyK 4Urw== X-Gm-Message-State: AOJu0YxzYceMeHwLvbeEJ/uMD2q4601i1IH5+7gZm+vYrnOvzYGzF3GK nWeubkoCdBJvgetTnWIxkAwaTcNh9YgBqpLDlCkwOM5d+2gSkuUQsQ6YBqgvV8IxwF990NucubB y05I= X-Received: by 2002:a05:6e02:1fcd:b0:39d:1ca5:3904 with SMTP id e9e14a558f8ab-3a34517f9bbmr97690265ab.14.1727726943603; Mon, 30 Sep 2024 13:09:03 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.09.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:09:03 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 9/9] elf: Add glibc.rtld.seal tunable Date: Mon, 30 Sep 2024 17:08:31 -0300 Message-Id: <20240930200831.1669010-10-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-11.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The new tunable can be used to enforce memory sealing on the program and all its dependencies. The tunable accepts two different values: * '0' where loaders follow the GNU_PROPERTY_MEMORY_SEAL attribute if present. This is the default and no sealing would be applied if the object does not have the memory sealing attribute. * '1' where sealing is enforced even if the object does not have the GNU_PROPERTY_MEMORY_SEAL. Also, any syscall failure on memory sealing aborts the programs. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- NEWS | 6 ++ elf/dl-load.c | 3 + elf/dl-mseal-mode.h | 28 +++++++ elf/dl-reloc.c | 13 ++++ elf/dl-support.c | 2 + elf/dl-tunables.list | 6 ++ elf/rtld.c | 5 ++ elf/tst-rtld-list-tunables.exp | 1 + manual/tunables.texi | 35 +++++++++ sysdeps/generic/ldsodefs.h | 6 ++ sysdeps/unix/sysv/linux/Makefile | 15 ++++ sysdeps/unix/sysv/linux/dl-mseal.c | 7 ++ .../unix/sysv/linux/tst-dl_mseal-skeleton.c | 5 +- .../unix/sysv/linux/tst-dl_mseal-tunable.c | 76 +++++++++++++++++++ 14 files changed, 206 insertions(+), 2 deletions(-) create mode 100644 elf/dl-mseal-mode.h create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c diff --git a/NEWS b/NEWS index ad1b05e015..728ff91ab1 100644 --- a/NEWS +++ b/NEWS @@ -45,6 +45,12 @@ Major new features: memory sealing by default if the toochain supports it. A new configure option, --disable-default-memory-seal, disables it. +* A new tunable, glibc.rtld.seal, can enable memory sealing on the program + and all its dependencies. The tunable accepts two different values, + with '0' applying the GNU attribute GNU_PROPERTY_MEMORY_SEAL (if present), + or '1' to enforce sealing the program and its dependencies (including + preload, audit modules, and objects opened with RTLD_NODELETE). + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/elf/dl-load.c b/elf/dl-load.c index 41165287ae..f3bec94fe3 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1315,6 +1315,9 @@ cannot enable executable stack as shared object requires"); break; } + /* Update the sealing mode based on the tunable. */ + _dl_mseal_update_map (l, mode); + /* We are done mapping in the file. We no longer need the descriptor. */ if (__glibc_unlikely (__close_nocancel (fd) != 0)) { diff --git a/elf/dl-mseal-mode.h b/elf/dl-mseal-mode.h new file mode 100644 index 0000000000..745ca60064 --- /dev/null +++ b/elf/dl-mseal-mode.h @@ -0,0 +1,28 @@ +/* Memory sealing tunable. Generic definitions. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_MSEAL_MODE_H +#define _DL_MSEAL_MODE_H + +enum dl_seal_mode +{ + DL_SEAL_DEFAULT = 0, + DL_SEAL_ENFORCE = 1, +}; + +#endif diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c index 637870d0c7..6a10cb431b 100644 --- a/elf/dl-reloc.c +++ b/elf/dl-reloc.c @@ -29,6 +29,8 @@ #include #include "dynamic-link.h" #include +#include +#include /* Statistics function. */ #ifdef SHARED @@ -375,6 +377,17 @@ cannot apply additional memory protection after relocation"); } } +void +_dl_mseal_update_map (struct link_map *map, int mode) +{ + /* Also enable forced sealing on audit modules, loader will apply it + after the modules is being loaded and validated. */ + if (TUNABLE_GET (glibc, rtld, seal, int32_t, NULL) == DL_SEAL_ENFORCE + && (!(mode & __RTLD_DLOPEN) + || (mode & RTLD_NODELETE) || (mode & __RTLD_AUDIT))) + map->l_seal = lt_seal_toseal; +} + static void _dl_mseal_map_1 (struct link_map *l, bool force) { diff --git a/elf/dl-support.c b/elf/dl-support.c index 9fb185fb30..1aea1aa6cd 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -349,6 +349,8 @@ _dl_non_dynamic_init (void) _dl_process_pt_gnu_property (&_dl_main_map, -1, &ph[-1]); break; } + /* Update the sealing mode based on the tunable. */ + _dl_mseal_update_map (&_dl_main_map, 0); call_function_static_weak (_dl_find_object_init); diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list index 40ac5b3776..4bc694bee5 100644 --- a/elf/dl-tunables.list +++ b/elf/dl-tunables.list @@ -135,6 +135,12 @@ glibc { maxval: 1 default: 0 } + seal { + type: INT_32 + minval: 0 + maxval: 1 + default: 0 + } } mem { diff --git a/elf/rtld.c b/elf/rtld.c index 90eb798013..027e43ce1b 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1247,6 +1247,9 @@ rtld_setup_main_map (struct link_map *main_map) break; } + /* Update the sealing mode based on the tunable. */ + _dl_mseal_update_map (main_map, 0); + /* Adjust the address of the TLS initialization image in case the executable is actually an ET_DYN object. */ if (main_map->l_tls_initimage != NULL) @@ -1766,6 +1769,8 @@ dl_main (const ElfW(Phdr) *phdr, break; } + _dl_mseal_update_map (&GL(dl_rtld_map), 0); + /* Add the dynamic linker to the TLS list if it also uses TLS. */ if (GL(dl_rtld_map).l_tls_blocksize != 0) /* Assign a module ID. Do this before loading any audit modules. */ diff --git a/elf/tst-rtld-list-tunables.exp b/elf/tst-rtld-list-tunables.exp index db0e1c86e9..01e614646c 100644 --- a/elf/tst-rtld-list-tunables.exp +++ b/elf/tst-rtld-list-tunables.exp @@ -15,3 +15,4 @@ glibc.rtld.dynamic_sort: 2 (min: 1, max: 2) glibc.rtld.enable_secure: 0 (min: 0, max: 1) glibc.rtld.nns: 0x4 (min: 0x1, max: 0x10) glibc.rtld.optional_static_tls: 0x200 (min: 0x0, max: 0x[f]+) +glibc.rtld.seal: 0 (min: 0, max: 1) diff --git a/manual/tunables.texi b/manual/tunables.texi index 0b1b2898c0..4dbbdf4ac2 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -355,6 +355,41 @@ tests for @code{AT_SECURE} programs and not meant to be a security feature. The default value of this tunable is @samp{0}. @end deftp +@deftp Tunable glibc.rtld.seal +Sets whether to enable memory sealing during program execution. The sealed +memory prevents further changes to the mapped memory region, such as shrinking +or expanding, mapping another segment over a pre-existing region, or changing +the memory protection flags (check the @code{mseal} for more information). +The sealing is done in multiple places where the memory is supposed to be +immutable over program execution: + +@itemize @bullet +@item +All shared library dependencies from the binary, including the read-only segments +after @code{PT_GNU_RELRO} setup. + +@item +The binary itself, including dynamic and static linked ones. In both cases, it is +up either to binary or the loader to set up the sealing. + +@item +Any preload libraries. + +@item +Any library loaded with @code{dlopen} with @code{RTLD_NODELETE} flag. + +@item +All audit modules and their dependencies. +@end itemize + +The tunable accepts two values: @samp{0} where sealing applies the GNU attribute +@code{GNU_PROPERTY_MEMORY_SEAL} if present, and @samp{1} where sealing is +enforced on the binary and its dependencies. For the enforced mode, +if the memory can not be sealed the process terminates the execution. + +The default value of this tunable is @samp{0}. +@end deftp + @node Elision Tunables @section Elision Tunables @cindex elision tunables diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index e528b7ff83..926c615941 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1017,6 +1017,12 @@ extern void _dl_relocate_object (struct link_map *map, /* Protect PT_GNU_RELRO area. */ extern void _dl_protect_relro (struct link_map *map) attribute_hidden; +/* The the sealing mode of MAP based on open MODE and on the rtld.seal + tunable. */ +extern void _dl_mseal_update_map (struct link_map *map, + int mode) + attribute_hidden; + /* Issue memory sealing for the link map MAP. If MAP is contiguous the whole region is sealed, otherwise iterate over the program headerrs and seal each PT_LOAD segment.i diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index a5e8843e6a..b4a12ad6ce 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -667,6 +667,7 @@ tests += \ $(tests-static) \ tst-dl_mseal \ tst-dl_mseal-noseal \ + tst-dl_mseal-tunable \ # tests modules-names += \ @@ -706,6 +707,16 @@ $(objpfx)tst-dl_mseal-noseal.out: \ $(objpfx)tst-dl_mseal-dlopen-2-noseal.so \ $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so +$(objpfx)tst-dl_mseal-tunable.out: \ + $(objpfx)tst-dl_mseal-auditmod-noseal.so \ + $(objpfx)tst-dl_mseal-preload-noseal.so \ + $(objpfx)tst-dl_mseal-mod-1-noseal.so \ + $(objpfx)tst-dl_mseal-mod-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + LDFLAGS-tst-dl_mseal = -Wl,--no-as-needed LDFLAGS-tst-dl_mseal-mod-1.so = -Wl,--no-as-needed LDFLAGS-tst-dl_mseal-dlopen-1.so = -Wl,--no-as-needed @@ -738,10 +749,14 @@ $(objpfx)tst-dl_mseal-dlopen-2-noseal.so: $(objpfx)tst-dl_mseal-dlopen-2-1-nosea tst-dl_mseal-static-noseal-no-memory-seal = yes +tst-dl_mseal-tunable-no-memory-seal = yes +$(objpfx)tst-dl_mseal-tunable: $(objpfx)tst-dl_mseal-mod-1-noseal.so + tst-dl_mseal-ARGS = -- $(host-test-program-cmd) tst-dl_mseal-static-ARGS = -- $(host-test-program-cmd) tst-dl_mseal-noseal-ARGS = -- $(host-test-program-cmd) tst-dl_mseal-static-noseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-tunable-ARGS = -- $(host-test-program-cmd) endif endif diff --git a/sysdeps/unix/sysv/linux/dl-mseal.c b/sysdeps/unix/sysv/linux/dl-mseal.c index c99fd991cb..e4da0c32d2 100644 --- a/sysdeps/unix/sysv/linux/dl-mseal.c +++ b/sysdeps/unix/sysv/linux/dl-mseal.c @@ -17,6 +17,7 @@ . */ #include +#include #include #include #include @@ -37,5 +38,11 @@ _dl_mseal (void *addr, size_t len) atomic_store_relaxed (&mseal_supported, false); } #endif + if (TUNABLE_GET (glibc, rtld, seal, int32_t, NULL) == DL_SEAL_ENFORCE + && r != 0) + _dl_fatal_printf ("Fatal error: sealing is enforced and an error " + "ocurred for the 0x%lx-0x%lx range\n", + (long unsigned int) addr, + (long unsigned int) addr + len); return r; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c index b1b5f4226e..0562907560 100644 --- a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c @@ -39,8 +39,6 @@ # define PTR_FMT "#010" PRIxPTR #endif -#pragma GCC optimize ("O0") - static int new_flags (const char flags[4]) { @@ -249,6 +247,9 @@ do_test (int argc, char *argv[]) #ifndef TEST_STATIC (char *) "LD_PRELOAD=" LIB_PRELOAD, (char *) "LD_AUDIT=" LIB_AUDIT, +#endif +#ifdef TUNABLE_ENV_VAR + (char *) "GLIBC_TUNABLES=" TUNABLE_ENV_VAR, #endif NULL }; diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c new file mode 100644 index 0000000000..a1069164bb --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c @@ -0,0 +1,76 @@ +/* Basic tests for sealing. Check the tunable in enforce mode. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* This test checks the glibc.rtld.seal enforces sealing on multiple + places: + + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency module (tst-dl_mseal-mod-2-noseal.so). + - On a audit modules (tst-dl_mseal-auditmod-noeal.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-2-noseal.so). +*/ + +#define TUNABLE_ENV_VAR "glibc.rtld.seal=1" + +#define LIB_PRELOAD "tst-dl_mseal-preload-noseal.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2-noseal.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1-noseal.so" + +#define LIB_AUDIT "tst-dl_mseal-auditmod-noseal.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "tst-dl_mseal-tunable", + "libc.so", + "ld.so", + "tst-dl_mseal-mod-1-noseal.so", + "tst-dl_mseal-mod-2-noseal.so", + LIB_DLOPEN_NODELETE, + LIB_DLOPEN_NODELETE_DEP, + LIB_AUDIT, + LIB_PRELOAD, +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c"