From patchwork Tue Jul 16 11:15:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dragan Mladjenovic X-Patchwork-Id: 33696 Received: (qmail 87918 invoked by alias); 16 Jul 2019 11:16:00 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 87884 invoked by uid 89); 16 Jul 2019 11:15:59 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-18.3 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB, SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=lesser, structures X-HELO: NAM01-BY2-obe.outbound.protection.outlook.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mGgmSK0zieYVRmIE4dL+pjw8u1fiXFTVvAqFn6lUzKyzAHCpYthL6Y3s8U3UZ6ubYc0BuiuhLrFie5K25bsR1xtttMg50GD6YCrO9eFQ9OiyuRzhBCg3xIEXyYGnKInhGMbA4ZVWkEgnG/zMLRaKzIHhscaFOz5nFMO3rivYvqOmcAlu7r7M1hXR1XM9JKd9H5+QKC3nqhvaxH5wzjfm/ks2/hpIAyM+/Gm75Rr1F/llkHXzoGYNoDTVGpHvpr+TbwLhvx7rdj5JmASTeioxDEOCQSVw5S4ZV1NCYbbrpv1A/td+KtpJznwkxqd9uK1GvhB1BDA5TsEvxekLQ+s5Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=95GOQ6fOXjB4kJo7RvT5o9kUKjmGGdmiOC2UYkgpc5U=; b=WT5dhc48DqS/LsfitmJcb9fgMqELvNtwc/Ve4oi918b3WECzuHNCTByu1sM9trr9S6vkg+dZbL5Cv1Zjw0HwkVaZTwjt99AeIDwOHz4wQmyfTuTGCL2LRkJKob20vfykogHkcPtjHi5NBcHKBhRU40ewUXyQFpB4X6kZIA87BDkkmSaaYnl9beK/DtEl1UsD6nWDSJmx6BeMCOVUGAuZb+mA2gJSFswf0JHzIbTM+fkly+uZeBfrJa8GfRmsm9isOb1DBSuUGeYWRpBHSbJAHf5nuxxr9+ZXpMYcA7F5j5YaIAeFp6S4ekUXnpijMezVLqRnxJV/WDl0rkEtstpoTw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=wavecomp.com;dmarc=pass action=none header.from=wavecomp.com;dkim=pass header.d=wavecomp.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wavesemi.onmicrosoft.com; s=selector1-wavesemi-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=95GOQ6fOXjB4kJo7RvT5o9kUKjmGGdmiOC2UYkgpc5U=; b=bj0Y5q0dW3dleXmuIo4wkEGfm8drI0esSIMDKghuAWhyXKUut/f7g88KSMoojtvncLwxmNQFt6E8NUSdhQZrsbGwkXLQg2MH85FziBkwhGfEoecxYEXo8lVHRyB1KV/zvbsiMQ0Fglr18osuVft4p3NThFcs8qUN+Czxz6+X3NM= From: Dragan Mladjenovic To: "libc-alpha@sourceware.org" CC: Joseph Myers , Carlos O'Donell , "Maciej W. Rozycki" , Faraz Shahbazker , Dragan Mladjenovic Subject: [PATCH v2 1/3] [ELF] Allow the machine support to enforce executable stack Date: Tue, 16 Jul 2019 11:15:52 +0000 Message-ID: <1563275697-30825-1-git-send-email-dmladjenovic@wavecomp.com> References: <1563214941-16203-1-git-send-email-dmladjenovic@wavecomp.com> In-Reply-To: <1563214941-16203-1-git-send-email-dmladjenovic@wavecomp.com> authentication-results: spf=none (sender IP is ) smtp.mailfrom=dmladjenovic@wavecomp.com; x-ms-exchange-purlcount: 1 x-ms-oob-tlc-oobclassifiers: OLM:8882; received-spf: None (protection.outlook.com: wavecomp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dmladjenovic@wavecomp.com This patch allows the machine-dependent code to override non-executable stack permissions by defining DL_EXEC_STACK_OVERRIDE to the condition under which the stack should be made executable. * elf/dl-exec-stack-override.h: New file. * elf/dl-support.c (_dl_non_dynamic_init): Call _dl_exec_stack_override. * elf/rtld.c (dl_main): Likewise. * sysdeps/generic/ldsodefs.h: Default DL_EXEC_STACK_OVERRIDE to false. --- elf/dl-exec-stack-override.h | 36 ++++++++++++++++++++++++++++++++++++ elf/dl-support.c | 3 +++ elf/rtld.c | 3 +++ sysdeps/generic/ldsodefs.h | 4 ++++ 4 files changed, 46 insertions(+) create mode 100644 elf/dl-exec-stack-override.h diff --git a/elf/dl-exec-stack-override.h b/elf/dl-exec-stack-override.h new file mode 100644 index 0000000..10401a8 --- /dev/null +++ b/elf/dl-exec-stack-override.h @@ -0,0 +1,36 @@ +/* Make stack executable if the machine requires it. Generic version. + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +extern int __stack_prot attribute_relro attribute_hidden; + +static __always_inline void +_dl_exec_stack_override (void) +{ + if (__glibc_unlikely ((GL(dl_stack_flags) & PF_X) == 0 + && DL_EXEC_STACK_OVERRIDE)) + { + __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC; + + void *stack_end = __libc_stack_end; + int err = _dl_make_stack_executable (&stack_end); + if (__glibc_unlikely (err)) + _dl_fatal_printf ("cannot enable executable stack as machine requires\n"); + } +} diff --git a/elf/dl-support.c b/elf/dl-support.c index 0a8b636..923aa4c 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -375,6 +376,8 @@ _dl_non_dynamic_init (void) _dl_stack_flags = _dl_phdr[i].p_flags; break; } + + _dl_exec_stack_override (); } #ifdef DL_SYSINFO_IMPLEMENTATION diff --git a/elf/rtld.c b/elf/rtld.c index c9490ff..f3e00f9 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -1542,6 +1543,8 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]); DL_SYSDEP_OSCHECK (_dl_fatal_printf); #endif + _dl_exec_stack_override (); + /* Initialize the data structures for the search paths for shared objects. */ _dl_init_paths (library_path); diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index b1fc5c3..70e96c0 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -119,6 +119,10 @@ dl_symbol_visibility_binds_local_p (const ElfW(Sym) *sym) # define DL_STATIC_INIT(map) #endif +#ifndef DL_EXEC_STACK_OVERRIDE +# define DL_EXEC_STACK_OVERRIDE false +#endif + /* Reloc type classes as returned by elf_machine_type_class(). ELF_RTYPE_CLASS_PLT means this reloc should not be satisfied by some PLT symbol, ELF_RTYPE_CLASS_COPY means this reloc should not be