[07/12] x86/CET: Add tests with legacy non-CET shared objects
Commit Message
On Tue, Jul 24, 2018 at 11:21:22PM -0400, Carlos O'Donell wrote:
> On 07/21/2018 10:20 AM, H.J. Lu wrote:
> > Check binary compatibility of CET-enabled executables:
> >
>
> OK for 2.28.
>
> Gold star for always enabling the tests and having them
>
> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
>
> > 1. When CET-enabled executable is used with legacy non-CET shared object
> > at run-time, ld.so should disable SHSTK and put legacy non-CET shared
> > objects in legacy bitmap.
>
> OK.
>
> > 2. When IBT-enabled executable dlopens legacy non-CET shared object,
> > ld.so should put legacy shared object in legacy bitmap.
>
> OK.
>
> > 3. Use GLIBC_TUNABLES=glibc.tune.x86_shstk=[on|off|permissive] to
> > control how SHSTK is enabled.
>
> OK.
>
> >
> > * sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1,
> > tst-cet-legacy-2, tst-cet-legacy-2a, tst-cet-legacy-3,
> > tst-cet-legacy-4, tst-cet-legacy-4a, tst-cet-legacy-4b
> > and tst-cet-legacy-4c.
> > (modules-names): Add tst-cet-legacy-mod-1, tst-cet-legacy-mod-2
> > and tst-cet-legacy-mod-4.
> > (CFLAGS-tst-cet-legacy-2.c): New.
> > (CFLAGS-tst-cet-legacy-mod-1.c): Likewise.
> > (CFLAGS-tst-cet-legacy-mod-2.c): Likewise.
> > (CFLAGS-tst-cet-legacy-3.c): Likewise.
> > (CFLAGS-tst-cet-legacy-4.c): Likewise.
> > (CFLAGS-tst-cet-legacy-mod-4.c): Likewise.
> > ($(objpfx)tst-cet-legacy-1): Likewise.
> > ($(objpfx)tst-cet-legacy-2): Likewise.
> > ($(objpfx)tst-cet-legacy-2.out): Likewise.
> > ($(objpfx)tst-cet-legacy-2a): Likewise.
> > ($(objpfx)tst-cet-legacy-2a.out): Likewise.
> > ($(objpfx)tst-cet-legacy-4): Likewise.
> > ($(objpfx)tst-cet-legacy-4.out): Likewise.
> > ($(objpfx)tst-cet-legacy-4a): Likewise.
> > ($(objpfx)tst-cet-legacy-4a.out): Likewise.
> > (tst-cet-legacy-4a-ENV): Likewise.
> > ($(objpfx)tst-cet-legacy-4b): Likewise.
> > ($(objpfx)tst-cet-legacy-4b.out): Likewise.
> > (tst-cet-legacy-4b-ENV): Likewise.
> > ($(objpfx)tst-cet-legacy-4c): Likewise.
> > ($(objpfx)tst-cet-legacy-4c.out): Likewise.
> > (tst-cet-legacy-4c-ENV): Likewise.
> > * sysdeps/x86/tst-cet-legacy-1.c: New file.
> > * sysdeps/x86/tst-cet-legacy-2.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-2a.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-3.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-4.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-4a.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-4b.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-4c.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-mod-1.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-mod-2.c: Likewise.
> > * sysdeps/x86/tst-cet-legacy-mod-4.c: Likewise.
> > ---
> > sysdeps/x86/Makefile | 38 +++++++++++++
> > sysdeps/x86/tst-cet-legacy-1.c | 44 +++++++++++++++
> > sysdeps/x86/tst-cet-legacy-2.c | 64 ++++++++++++++++++++++
> > sysdeps/x86/tst-cet-legacy-2a.c | 1 +
> > sysdeps/x86/tst-cet-legacy-3.c | 88 ++++++++++++++++++++++++++++++
> > sysdeps/x86/tst-cet-legacy-4.c | 56 +++++++++++++++++++
> > sysdeps/x86/tst-cet-legacy-4a.c | 1 +
> > sysdeps/x86/tst-cet-legacy-4b.c | 1 +
> > sysdeps/x86/tst-cet-legacy-4c.c | 1 +
> > sysdeps/x86/tst-cet-legacy-mod-1.c | 24 ++++++++
> > sysdeps/x86/tst-cet-legacy-mod-2.c | 24 ++++++++
> > sysdeps/x86/tst-cet-legacy-mod-4.c | 2 +
> > 12 files changed, 344 insertions(+)
> > create mode 100644 sysdeps/x86/tst-cet-legacy-1.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-2.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-2a.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-3.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-4.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-4a.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-4b.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-4c.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-mod-1.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-mod-2.c
> > create mode 100644 sysdeps/x86/tst-cet-legacy-mod-4.c
> >
> > diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
> > index e9b2d0b35d..672bb19489 100644
> > --- a/sysdeps/x86/Makefile
> > +++ b/sysdeps/x86/Makefile
> > @@ -17,6 +17,44 @@ endif
> > ifeq ($(enable-cet),yes)
> > ifeq ($(subdir),elf)
> > sysdep-dl-routines += dl-cet
> > +
> > +tests += tst-cet-legacy-1 tst-cet-legacy-2 tst-cet-legacy-2a \
> > + tst-cet-legacy-3 tst-cet-legacy-4
>
> OK.
>
> > +ifneq (no,$(have-tunables))
> > +tests += tst-cet-legacy-4a tst-cet-legacy-4b tst-cet-legacy-4c
>
> OK.
>
> > +endif
> > +modules-names += tst-cet-legacy-mod-1 tst-cet-legacy-mod-2 \
> > + tst-cet-legacy-mod-4
> > +
> > +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch
> > +CFLAGS-tst-cet-legacy-2a.c += -fcf-protection
> > +CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none
> > +CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none
> > +CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none
> > +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch
> > +CFLAGS-tst-cet-legacy-4a.c += -fcf-protection
> > +CFLAGS-tst-cet-legacy-4b.c += -fcf-protection
> > +CFLAGS-tst-cet-legacy-mod-4.c += -fcf-protection=none
>
> OK, but I'm slightly disappointed that we can't have all tests
> enabled and just have these return UNSUPPORTED. These tests are
> effectively hidden behind the enable-cet check and could bitrot
> because we aren't compiling them.
>
> > +
> > +$(objpfx)tst-cet-legacy-1: $(objpfx)tst-cet-legacy-mod-1.so \
> > + $(objpfx)tst-cet-legacy-mod-2.so
> > +$(objpfx)tst-cet-legacy-2: $(objpfx)tst-cet-legacy-mod-2.so $(libdl)
> > +$(objpfx)tst-cet-legacy-2.out: $(objpfx)tst-cet-legacy-mod-1.so
> > +$(objpfx)tst-cet-legacy-2a: $(objpfx)tst-cet-legacy-mod-2.so $(libdl)
> > +$(objpfx)tst-cet-legacy-2a.out: $(objpfx)tst-cet-legacy-mod-1.so
> > +$(objpfx)tst-cet-legacy-4: $(libdl)
> > +$(objpfx)tst-cet-legacy-4.out: $(objpfx)tst-cet-legacy-mod-4.so
> > +ifneq (no,$(have-tunables))
> > +$(objpfx)tst-cet-legacy-4a: $(libdl)
> > +$(objpfx)tst-cet-legacy-4a.out: $(objpfx)tst-cet-legacy-mod-4.so
> > +tst-cet-legacy-4a-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=permissive
>
> OK.
>
> > +$(objpfx)tst-cet-legacy-4b: $(libdl)
> > +$(objpfx)tst-cet-legacy-4b.out: $(objpfx)tst-cet-legacy-mod-4.so
> > +tst-cet-legacy-4b-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=on
>
> OK.
>
> > +$(objpfx)tst-cet-legacy-4c: $(libdl)
> > +$(objpfx)tst-cet-legacy-4c.out: $(objpfx)tst-cet-legacy-mod-4.so
> > +tst-cet-legacy-4c-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=off
>
> OK.
>
> > +endif
> > endif
> >
...
> > diff --git a/sysdeps/x86/tst-cet-legacy-3.c b/sysdeps/x86/tst-cet-legacy-3.c
> > new file mode 100644
> > index 0000000000..7bf0e656b1
> > --- /dev/null
> > +++ b/sysdeps/x86/tst-cet-legacy-3.c
> > @@ -0,0 +1,88 @@
> > +/* Check compatibility of CET-enabled executable with dlopened legacy
> > + shared object. Copied from gcc.target/i386/pr81128.c in GCC testsuite.
>
> You cannot copy from GCC and relicense from GPLv3 to GPLv2.1 unless you
> owned the original code.
>
We only need to check if we can dlopen non-CET shared object from a CET
program. I am checking in this patch with a simple test:
int
test (void)
{
printf ("PASS\n");
return 0;
}
H.J.
---
Check binary compatibility of CET-enabled executables:
1. When CET-enabled executable is used with legacy non-CET shared object
at run-time, ld.so should disable SHSTK and put legacy non-CET shared
objects in legacy bitmap.
2. When IBT-enabled executable dlopens legacy non-CET shared object,
ld.so should put legacy shared object in legacy bitmap.
3. Use GLIBC_TUNABLES=glibc.tune.x86_shstk=[on|off|permissive] to
control how SHSTK is enabled.
* sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1,
tst-cet-legacy-2, tst-cet-legacy-2a, tst-cet-legacy-3,
tst-cet-legacy-4, tst-cet-legacy-4a, tst-cet-legacy-4b
and tst-cet-legacy-4c.
(modules-names): Add tst-cet-legacy-mod-1, tst-cet-legacy-mod-2
and tst-cet-legacy-mod-4.
(CFLAGS-tst-cet-legacy-2.c): New.
(CFLAGS-tst-cet-legacy-mod-1.c): Likewise.
(CFLAGS-tst-cet-legacy-mod-2.c): Likewise.
(CFLAGS-tst-cet-legacy-3.c): Likewise.
(CFLAGS-tst-cet-legacy-4.c): Likewise.
(CFLAGS-tst-cet-legacy-mod-4.c): Likewise.
($(objpfx)tst-cet-legacy-1): Likewise.
($(objpfx)tst-cet-legacy-2): Likewise.
($(objpfx)tst-cet-legacy-2.out): Likewise.
($(objpfx)tst-cet-legacy-2a): Likewise.
($(objpfx)tst-cet-legacy-2a.out): Likewise.
($(objpfx)tst-cet-legacy-4): Likewise.
($(objpfx)tst-cet-legacy-4.out): Likewise.
($(objpfx)tst-cet-legacy-4a): Likewise.
($(objpfx)tst-cet-legacy-4a.out): Likewise.
(tst-cet-legacy-4a-ENV): Likewise.
($(objpfx)tst-cet-legacy-4b): Likewise.
($(objpfx)tst-cet-legacy-4b.out): Likewise.
(tst-cet-legacy-4b-ENV): Likewise.
($(objpfx)tst-cet-legacy-4c): Likewise.
($(objpfx)tst-cet-legacy-4c.out): Likewise.
(tst-cet-legacy-4c-ENV): Likewise.
* sysdeps/x86/tst-cet-legacy-1.c: New file.
* sysdeps/x86/tst-cet-legacy-2.c: Likewise.
* sysdeps/x86/tst-cet-legacy-2a.c: Likewise.
* sysdeps/x86/tst-cet-legacy-3.c: Likewise.
* sysdeps/x86/tst-cet-legacy-4.c: Likewise.
* sysdeps/x86/tst-cet-legacy-4a.c: Likewise.
* sysdeps/x86/tst-cet-legacy-4b.c: Likewise.
* sysdeps/x86/tst-cet-legacy-4c.c: Likewise.
* sysdeps/x86/tst-cet-legacy-mod-1.c: Likewise.
* sysdeps/x86/tst-cet-legacy-mod-2.c: Likewise.
* sysdeps/x86/tst-cet-legacy-mod-4.c: Likewise.
---
sysdeps/x86/Makefile | 38 ++++++++++++++++++
sysdeps/x86/tst-cet-legacy-1.c | 44 ++++++++++++++++++++
sysdeps/x86/tst-cet-legacy-2.c | 64 ++++++++++++++++++++++++++++++
sysdeps/x86/tst-cet-legacy-2a.c | 1 +
sysdeps/x86/tst-cet-legacy-3.c | 37 +++++++++++++++++
sysdeps/x86/tst-cet-legacy-4.c | 56 ++++++++++++++++++++++++++
sysdeps/x86/tst-cet-legacy-4a.c | 1 +
sysdeps/x86/tst-cet-legacy-4b.c | 1 +
sysdeps/x86/tst-cet-legacy-4c.c | 1 +
sysdeps/x86/tst-cet-legacy-mod-1.c | 24 +++++++++++
sysdeps/x86/tst-cet-legacy-mod-2.c | 24 +++++++++++
sysdeps/x86/tst-cet-legacy-mod-4.c | 2 +
12 files changed, 293 insertions(+)
create mode 100644 sysdeps/x86/tst-cet-legacy-1.c
create mode 100644 sysdeps/x86/tst-cet-legacy-2.c
create mode 100644 sysdeps/x86/tst-cet-legacy-2a.c
create mode 100644 sysdeps/x86/tst-cet-legacy-3.c
create mode 100644 sysdeps/x86/tst-cet-legacy-4.c
create mode 100644 sysdeps/x86/tst-cet-legacy-4a.c
create mode 100644 sysdeps/x86/tst-cet-legacy-4b.c
create mode 100644 sysdeps/x86/tst-cet-legacy-4c.c
create mode 100644 sysdeps/x86/tst-cet-legacy-mod-1.c
create mode 100644 sysdeps/x86/tst-cet-legacy-mod-2.c
create mode 100644 sysdeps/x86/tst-cet-legacy-mod-4.c
Comments
On 07/25/2018 07:46 AM, H.J. Lu wrote:
> On Tue, Jul 24, 2018 at 11:21:22PM -0400, Carlos O'Donell wrote:
>> On 07/21/2018 10:20 AM, H.J. Lu wrote:
>>> Check binary compatibility of CET-enabled executables:
>>>
>>
>> OK for 2.28.
>>
>> Gold star for always enabling the tests and having them
>>
>> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
>>
>>> 1. When CET-enabled executable is used with legacy non-CET shared object
>>> at run-time, ld.so should disable SHSTK and put legacy non-CET shared
>>> objects in legacy bitmap.
>>
>> OK.
>>
>>> 2. When IBT-enabled executable dlopens legacy non-CET shared object,
>>> ld.so should put legacy shared object in legacy bitmap.
>>
>> OK.
>>
>>> 3. Use GLIBC_TUNABLES=glibc.tune.x86_shstk=[on|off|permissive] to
>>> control how SHSTK is enabled.
>>
>> OK.
>>
>>>
>>> * sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1,
>>> tst-cet-legacy-2, tst-cet-legacy-2a, tst-cet-legacy-3,
>>> tst-cet-legacy-4, tst-cet-legacy-4a, tst-cet-legacy-4b
>>> and tst-cet-legacy-4c.
>>> (modules-names): Add tst-cet-legacy-mod-1, tst-cet-legacy-mod-2
>>> and tst-cet-legacy-mod-4.
>>> (CFLAGS-tst-cet-legacy-2.c): New.
>>> (CFLAGS-tst-cet-legacy-mod-1.c): Likewise.
>>> (CFLAGS-tst-cet-legacy-mod-2.c): Likewise.
>>> (CFLAGS-tst-cet-legacy-3.c): Likewise.
>>> (CFLAGS-tst-cet-legacy-4.c): Likewise.
>>> (CFLAGS-tst-cet-legacy-mod-4.c): Likewise.
>>> ($(objpfx)tst-cet-legacy-1): Likewise.
>>> ($(objpfx)tst-cet-legacy-2): Likewise.
>>> ($(objpfx)tst-cet-legacy-2.out): Likewise.
>>> ($(objpfx)tst-cet-legacy-2a): Likewise.
>>> ($(objpfx)tst-cet-legacy-2a.out): Likewise.
>>> ($(objpfx)tst-cet-legacy-4): Likewise.
>>> ($(objpfx)tst-cet-legacy-4.out): Likewise.
>>> ($(objpfx)tst-cet-legacy-4a): Likewise.
>>> ($(objpfx)tst-cet-legacy-4a.out): Likewise.
>>> (tst-cet-legacy-4a-ENV): Likewise.
>>> ($(objpfx)tst-cet-legacy-4b): Likewise.
>>> ($(objpfx)tst-cet-legacy-4b.out): Likewise.
>>> (tst-cet-legacy-4b-ENV): Likewise.
>>> ($(objpfx)tst-cet-legacy-4c): Likewise.
>>> ($(objpfx)tst-cet-legacy-4c.out): Likewise.
>>> (tst-cet-legacy-4c-ENV): Likewise.
>>> * sysdeps/x86/tst-cet-legacy-1.c: New file.
>>> * sysdeps/x86/tst-cet-legacy-2.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-2a.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-3.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-4.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-4a.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-4b.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-4c.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-mod-1.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-mod-2.c: Likewise.
>>> * sysdeps/x86/tst-cet-legacy-mod-4.c: Likewise.
>>> ---
>>> sysdeps/x86/Makefile | 38 +++++++++++++
>>> sysdeps/x86/tst-cet-legacy-1.c | 44 +++++++++++++++
>>> sysdeps/x86/tst-cet-legacy-2.c | 64 ++++++++++++++++++++++
>>> sysdeps/x86/tst-cet-legacy-2a.c | 1 +
>>> sysdeps/x86/tst-cet-legacy-3.c | 88 ++++++++++++++++++++++++++++++
>>> sysdeps/x86/tst-cet-legacy-4.c | 56 +++++++++++++++++++
>>> sysdeps/x86/tst-cet-legacy-4a.c | 1 +
>>> sysdeps/x86/tst-cet-legacy-4b.c | 1 +
>>> sysdeps/x86/tst-cet-legacy-4c.c | 1 +
>>> sysdeps/x86/tst-cet-legacy-mod-1.c | 24 ++++++++
>>> sysdeps/x86/tst-cet-legacy-mod-2.c | 24 ++++++++
>>> sysdeps/x86/tst-cet-legacy-mod-4.c | 2 +
>>> 12 files changed, 344 insertions(+)
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-1.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-2.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-2a.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-3.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-4.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-4a.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-4b.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-4c.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-mod-1.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-mod-2.c
>>> create mode 100644 sysdeps/x86/tst-cet-legacy-mod-4.c
>>>
>>> diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
>>> index e9b2d0b35d..672bb19489 100644
>>> --- a/sysdeps/x86/Makefile
>>> +++ b/sysdeps/x86/Makefile
>>> @@ -17,6 +17,44 @@ endif
>>> ifeq ($(enable-cet),yes)
>>> ifeq ($(subdir),elf)
>>> sysdep-dl-routines += dl-cet
>>> +
>>> +tests += tst-cet-legacy-1 tst-cet-legacy-2 tst-cet-legacy-2a \
>>> + tst-cet-legacy-3 tst-cet-legacy-4
>>
>> OK.
>>
>>> +ifneq (no,$(have-tunables))
>>> +tests += tst-cet-legacy-4a tst-cet-legacy-4b tst-cet-legacy-4c
>>
>> OK.
>>
>>> +endif
>>> +modules-names += tst-cet-legacy-mod-1 tst-cet-legacy-mod-2 \
>>> + tst-cet-legacy-mod-4
>>> +
>>> +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch
>>> +CFLAGS-tst-cet-legacy-2a.c += -fcf-protection
>>> +CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none
>>> +CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none
>>> +CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none
>>> +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch
>>> +CFLAGS-tst-cet-legacy-4a.c += -fcf-protection
>>> +CFLAGS-tst-cet-legacy-4b.c += -fcf-protection
>>> +CFLAGS-tst-cet-legacy-mod-4.c += -fcf-protection=none
>>
>> OK, but I'm slightly disappointed that we can't have all tests
>> enabled and just have these return UNSUPPORTED. These tests are
>> effectively hidden behind the enable-cet check and could bitrot
>> because we aren't compiling them.
>>
>>> +
>>> +$(objpfx)tst-cet-legacy-1: $(objpfx)tst-cet-legacy-mod-1.so \
>>> + $(objpfx)tst-cet-legacy-mod-2.so
>>> +$(objpfx)tst-cet-legacy-2: $(objpfx)tst-cet-legacy-mod-2.so $(libdl)
>>> +$(objpfx)tst-cet-legacy-2.out: $(objpfx)tst-cet-legacy-mod-1.so
>>> +$(objpfx)tst-cet-legacy-2a: $(objpfx)tst-cet-legacy-mod-2.so $(libdl)
>>> +$(objpfx)tst-cet-legacy-2a.out: $(objpfx)tst-cet-legacy-mod-1.so
>>> +$(objpfx)tst-cet-legacy-4: $(libdl)
>>> +$(objpfx)tst-cet-legacy-4.out: $(objpfx)tst-cet-legacy-mod-4.so
>>> +ifneq (no,$(have-tunables))
>>> +$(objpfx)tst-cet-legacy-4a: $(libdl)
>>> +$(objpfx)tst-cet-legacy-4a.out: $(objpfx)tst-cet-legacy-mod-4.so
>>> +tst-cet-legacy-4a-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=permissive
>>
>> OK.
>>
>>> +$(objpfx)tst-cet-legacy-4b: $(libdl)
>>> +$(objpfx)tst-cet-legacy-4b.out: $(objpfx)tst-cet-legacy-mod-4.so
>>> +tst-cet-legacy-4b-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=on
>>
>> OK.
>>
>>> +$(objpfx)tst-cet-legacy-4c: $(libdl)
>>> +$(objpfx)tst-cet-legacy-4c.out: $(objpfx)tst-cet-legacy-mod-4.so
>>> +tst-cet-legacy-4c-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=off
>>
>> OK.
>>
>>> +endif
>>> endif
>>>
> ...
>>> diff --git a/sysdeps/x86/tst-cet-legacy-3.c b/sysdeps/x86/tst-cet-legacy-3.c
>>> new file mode 100644
>>> index 0000000000..7bf0e656b1
>>> --- /dev/null
>>> +++ b/sysdeps/x86/tst-cet-legacy-3.c
>>> @@ -0,0 +1,88 @@
>>> +/* Check compatibility of CET-enabled executable with dlopened legacy
>>> + shared object. Copied from gcc.target/i386/pr81128.c in GCC testsuite.
>>
>> You cannot copy from GCC and relicense from GPLv3 to GPLv2.1 unless you
>> owned the original code.
>>
>
> We only need to check if we can dlopen non-CET shared object from a CET
> program. I am checking in this patch with a simple test:
>
That is perfect, and the test is simpler. I'm OK wit hthis.
> int
> test (void)
> {
> printf ("PASS\n");
> return 0;
> }
>
>
> H.J.
> ---
> Check binary compatibility of CET-enabled executables:
>
> 1. When CET-enabled executable is used with legacy non-CET shared object
> at run-time, ld.so should disable SHSTK and put legacy non-CET shared
> objects in legacy bitmap.
> 2. When IBT-enabled executable dlopens legacy non-CET shared object,
> ld.so should put legacy shared object in legacy bitmap.
> 3. Use GLIBC_TUNABLES=glibc.tune.x86_shstk=[on|off|permissive] to
> control how SHSTK is enabled.
>
> * sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1,
> tst-cet-legacy-2, tst-cet-legacy-2a, tst-cet-legacy-3,
> tst-cet-legacy-4, tst-cet-legacy-4a, tst-cet-legacy-4b
> and tst-cet-legacy-4c.
> (modules-names): Add tst-cet-legacy-mod-1, tst-cet-legacy-mod-2
> and tst-cet-legacy-mod-4.
> (CFLAGS-tst-cet-legacy-2.c): New.
> (CFLAGS-tst-cet-legacy-mod-1.c): Likewise.
> (CFLAGS-tst-cet-legacy-mod-2.c): Likewise.
> (CFLAGS-tst-cet-legacy-3.c): Likewise.
> (CFLAGS-tst-cet-legacy-4.c): Likewise.
> (CFLAGS-tst-cet-legacy-mod-4.c): Likewise.
> ($(objpfx)tst-cet-legacy-1): Likewise.
> ($(objpfx)tst-cet-legacy-2): Likewise.
> ($(objpfx)tst-cet-legacy-2.out): Likewise.
> ($(objpfx)tst-cet-legacy-2a): Likewise.
> ($(objpfx)tst-cet-legacy-2a.out): Likewise.
> ($(objpfx)tst-cet-legacy-4): Likewise.
> ($(objpfx)tst-cet-legacy-4.out): Likewise.
> ($(objpfx)tst-cet-legacy-4a): Likewise.
> ($(objpfx)tst-cet-legacy-4a.out): Likewise.
> (tst-cet-legacy-4a-ENV): Likewise.
> ($(objpfx)tst-cet-legacy-4b): Likewise.
> ($(objpfx)tst-cet-legacy-4b.out): Likewise.
> (tst-cet-legacy-4b-ENV): Likewise.
> ($(objpfx)tst-cet-legacy-4c): Likewise.
> ($(objpfx)tst-cet-legacy-4c.out): Likewise.
> (tst-cet-legacy-4c-ENV): Likewise.
> * sysdeps/x86/tst-cet-legacy-1.c: New file.
> * sysdeps/x86/tst-cet-legacy-2.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-2a.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-3.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-4.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-4a.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-4b.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-4c.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-mod-1.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-mod-2.c: Likewise.
> * sysdeps/x86/tst-cet-legacy-mod-4.c: Likewise.
OK for 2.28.
Reviewed that the gcc copied test is removed.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Cheers,
Carlos.
@@ -17,6 +17,44 @@ endif
ifeq ($(enable-cet),yes)
ifeq ($(subdir),elf)
sysdep-dl-routines += dl-cet
+
+tests += tst-cet-legacy-1 tst-cet-legacy-2 tst-cet-legacy-2a \
+ tst-cet-legacy-3 tst-cet-legacy-4
+ifneq (no,$(have-tunables))
+tests += tst-cet-legacy-4a tst-cet-legacy-4b tst-cet-legacy-4c
+endif
+modules-names += tst-cet-legacy-mod-1 tst-cet-legacy-mod-2 \
+ tst-cet-legacy-mod-4
+
+CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-2a.c += -fcf-protection
+CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none
+CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none
+CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none
+CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-4a.c += -fcf-protection
+CFLAGS-tst-cet-legacy-4b.c += -fcf-protection
+CFLAGS-tst-cet-legacy-mod-4.c += -fcf-protection=none
+
+$(objpfx)tst-cet-legacy-1: $(objpfx)tst-cet-legacy-mod-1.so \
+ $(objpfx)tst-cet-legacy-mod-2.so
+$(objpfx)tst-cet-legacy-2: $(objpfx)tst-cet-legacy-mod-2.so $(libdl)
+$(objpfx)tst-cet-legacy-2.out: $(objpfx)tst-cet-legacy-mod-1.so
+$(objpfx)tst-cet-legacy-2a: $(objpfx)tst-cet-legacy-mod-2.so $(libdl)
+$(objpfx)tst-cet-legacy-2a.out: $(objpfx)tst-cet-legacy-mod-1.so
+$(objpfx)tst-cet-legacy-4: $(libdl)
+$(objpfx)tst-cet-legacy-4.out: $(objpfx)tst-cet-legacy-mod-4.so
+ifneq (no,$(have-tunables))
+$(objpfx)tst-cet-legacy-4a: $(libdl)
+$(objpfx)tst-cet-legacy-4a.out: $(objpfx)tst-cet-legacy-mod-4.so
+tst-cet-legacy-4a-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=permissive
+$(objpfx)tst-cet-legacy-4b: $(libdl)
+$(objpfx)tst-cet-legacy-4b.out: $(objpfx)tst-cet-legacy-mod-4.so
+tst-cet-legacy-4b-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=on
+$(objpfx)tst-cet-legacy-4c: $(libdl)
+$(objpfx)tst-cet-legacy-4c.out: $(objpfx)tst-cet-legacy-mod-4.so
+tst-cet-legacy-4c-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=off
+endif
endif
# Add -fcf-protection to CFLAGS when CET is enabled.
new file mode 100644
@@ -0,0 +1,44 @@
+/* Check compatibility of CET-enabled executable linked with legacy
+ shared object.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+extern int in_dso_1 (void);
+extern int in_dso_2 (void);
+
+static int
+do_test (void)
+{
+ if (in_dso_1 () != 0x1234678)
+ {
+ puts ("in_dso_1 () != 0x1234678");
+ exit (1);
+ }
+
+ if (in_dso_2 () != 0xbadbeef)
+ {
+ puts ("in_dso_2 () != 0xbadbeef");
+ exit (1);
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>
new file mode 100644
@@ -0,0 +1,64 @@
+/* Check compatibility of CET-enabled executable with dlopened legacy
+ shared object.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+extern int in_dso_2 (void);
+
+static int
+do_test (void)
+{
+ static const char modname[] = "tst-cet-legacy-mod-1.so";
+ int (*fp) (void);
+ void *h;
+
+ h = dlopen (modname, RTLD_LAZY);
+ if (h == NULL)
+ {
+ printf ("cannot open '%s': %s\n", modname, dlerror ());
+ exit (1);
+ }
+
+ fp = dlsym (h, "in_dso_1");
+ if (fp == NULL)
+ {
+ printf ("cannot get symbol 'in_dso': %s\n", dlerror ());
+ exit (1);
+ }
+
+ if (fp () != 0x1234678)
+ {
+ puts ("in_dso_1 () != 0x1234678");
+ exit (1);
+ }
+
+ if (in_dso_2 () != 0xbadbeef)
+ {
+ puts ("in_dso_2 () != 0xbadbeef");
+ exit (1);
+ }
+
+ dlclose (h);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
new file mode 100644
@@ -0,0 +1 @@
+#include "tst-cet-legacy-2.c"
new file mode 100644
@@ -0,0 +1,37 @@
+/* Check compatibility of CET-enabled executable with dlopened legacy
+ shared object.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdio.h>
+
+int
+test (void)
+{
+ printf ("PASS\n");
+ return 0;
+}
+
+#ifndef TEST_MODULE
+static int
+do_test (void)
+{
+ return test ();
+}
+
+#include <support/test-driver.c>
+#endif
new file mode 100644
@@ -0,0 +1,56 @@
+/* Check compatibility of CET-enabled executable with dlopened legacy
+ shared object.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static int
+do_test (void)
+{
+ static const char modname[] = "tst-cet-legacy-mod-4.so";
+ int (*fp) (void);
+ void *h;
+
+ h = dlopen (modname, RTLD_LAZY);
+ if (h == NULL)
+ {
+ printf ("cannot open '%s': %s\n", modname, dlerror ());
+ exit (1);
+ }
+
+ fp = dlsym (h, "test");
+ if (fp == NULL)
+ {
+ printf ("cannot get symbol 'test': %s\n", dlerror ());
+ exit (1);
+ }
+
+ if (fp () != 0)
+ {
+ puts ("test () != 0");
+ exit (1);
+ }
+
+ dlclose (h);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
new file mode 100644
@@ -0,0 +1 @@
+#include "tst-cet-legacy-4.c"
new file mode 100644
@@ -0,0 +1 @@
+#include "tst-cet-legacy-4.c"
new file mode 100644
@@ -0,0 +1 @@
+#include "tst-cet-legacy-4.c"
new file mode 100644
@@ -0,0 +1,24 @@
+/* Check compatibility of CET-enabled executable with legacy shared
+ object.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+int
+in_dso_1 (void)
+{
+ return 0x1234678;
+}
new file mode 100644
@@ -0,0 +1,24 @@
+/* Check compatibility of CET-enabled executable with legacy shared
+ object.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+int
+in_dso_2 (void)
+{
+ return 0xbadbeef;
+}
new file mode 100644
@@ -0,0 +1,2 @@
+#define TEST_MODULE
+#include "tst-cet-legacy-3.c"