From patchwork Tue May 12 10:14:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 38968 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 44DE33959C1C; Tue, 12 May 2020 10:15:17 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130040.outbound.protection.outlook.com [40.107.13.40]) by sourceware.org (Postfix) with ESMTPS id 25A003954419 for ; Tue, 12 May 2020 10:15:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 25A003954419 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wkOCO3okZOYWcUs84DjHRQr2Z2oDBDqGGVP1vtin/40=; b=PSZeiePuc4OeBPzsCeBamv0H6ceFtKECViDnmOY8viVItelj7NOJvCtSBfPbFqhegPRc2Wk21W9QZi/b9p6sG2evRBhmrUpG/lGh3jPU7GgX+tM38/gX1nsP9zzUGa+Y4fPTTcSFFEvr6D+Yd4kDezrUVNbLv6wUySBuuP3yvRI= Received: from AM6PR10CA0016.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:89::29) by DB6PR0802MB2213.eurprd08.prod.outlook.com (2603:10a6:4:84::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.34; Tue, 12 May 2020 10:15:09 +0000 Received: from AM5EUR03FT054.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:89:cafe::78) by AM6PR10CA0016.outlook.office365.com (2603:10a6:209:89::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.28 via Frontend Transport; Tue, 12 May 2020 10:15:09 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT054.mail.protection.outlook.com (10.152.16.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 10:15:08 +0000 Received: ("Tessian outbound 11763d234d54:v54"); Tue, 12 May 2020 10:15:08 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 5a6f34f1dd84f0b5 X-CR-MTA-TID: 64aa7808 Received: from 9c0e19bae1bc.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id F1FDAE2C-B95C-464C-8988-F3D36A4BAC51.1; Tue, 12 May 2020 10:15:02 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9c0e19bae1bc.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 12 May 2020 10:15:02 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OXnUrao5HCFnbkhbTFcVvAPcYYR5iB0tfijQ4XrFxWVB7GitKr1txjD04FT4vCcLS8WVMmlUq8RcvZXWnbmM2RQsbXirx38qazJIYizrcSGG9v8TfqMs7byG9wGQRrj7FPQKfoZZL8S3hsfbXvdLlVYlx/GQ+H9s8K3BNXq/l69Uar9BkRloWvhJIQBL6+hq1HRFNodwIy84FJb66A2yg7dHbPonfilycMqFZNYrbEHwYx5OLlWGgn49jxUAphBffpa9R/N5WOZpp0KlOevHAWHFe3xsARclWl1HGr1iowL8qMdGE2BFLEBaArTwOnnsH2fvwvxgVhCkeR77iGoQag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wkOCO3okZOYWcUs84DjHRQr2Z2oDBDqGGVP1vtin/40=; b=PkpftMwdCOEpadnXd8HqfLhHC1in5zw8eLZ9q7CTF9Qh/paDO9/RTOtAzQQDxq8Rwur1dhY5hKCk0/dWLVUBiapojG6yRpbvWr4wfLPt/HJm2TMNhIyIG9CfOGlwT6AOS6PwdilnWDlfwT0Wn1uxO+Ex97PImoYCFyNCdEu+hCZUUn8UhHQ80vpkKN19zScQmCEMz3dKZ+fBg2780bXowsmFNQF6uFIpYCxCbQJclHiiXtb5/nor8sGHHgfQU3VMqHrq1mpSs1wgeyrfUXDTdmgW1n+EhDnx9DCLzF2Rp7e+CFE4+nBM0L0TjxhojPPC/HEwZ1nGTSouyuEqOV/H+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wkOCO3okZOYWcUs84DjHRQr2Z2oDBDqGGVP1vtin/40=; b=PSZeiePuc4OeBPzsCeBamv0H6ceFtKECViDnmOY8viVItelj7NOJvCtSBfPbFqhegPRc2Wk21W9QZi/b9p6sG2evRBhmrUpG/lGh3jPU7GgX+tM38/gX1nsP9zzUGa+Y4fPTTcSFFEvr6D+Yd4kDezrUVNbLv6wUySBuuP3yvRI= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB2982.eurprd08.prod.outlook.com (2603:10a6:209:43::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.28; Tue, 12 May 2020 10:15:01 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::49fd:6ded:4da7:8862]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::49fd:6ded:4da7:8862%7]) with mapi id 15.20.2979.033; Tue, 12 May 2020 10:15:00 +0000 From: Szabolcs Nagy To: libc-alpha@sourceware.org Subject: [PATCH v2 10/13] aarch64: enable BTI at runtime Date: Tue, 12 May 2020 11:14:46 +0100 Message-Id: <029cbad4ed1c9338b87766fc8cd90ea7ef1401f7.1589277641.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: CWLP123CA0056.GBRP123.PROD.OUTLOOK.COM (2603:10a6:401:59::20) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.55) by CWLP123CA0056.GBRP123.PROD.OUTLOOK.COM (2603:10a6:401:59::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 10:14:59 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [217.140.106.55] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: d6212c7a-b3b3-45ca-47ce-08d7f65d594b X-MS-TrafficTypeDiagnostic: AM6PR08MB2982:|AM6PR08MB2982:|DB6PR0802MB2213: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-Forefront-PRVS: 0401647B7F X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: GO9jV2pLWY7WUx/VMzvVqoPk3As/itO5RO+/AKV/e/devnl3ZqUmX5GPD2a3yjyPa65q3HK6CdBhy11NGDWLxK3c7eVDG01YhK7g26iVEGhV+kb3iH41MUmIwruXTyGOiUmDMk21UFgYCmYGmg/UZuUUmmKgEhF4+a1G+3i5NRdi3L0fcVngRzpOffEkbcU53kzA+1BxlNdUl5zLlkqghWHwuVAHLHXkhOAXU+KsIb+o3ivcdNYlB6Qs2csU7LUE01m7CJm9y808nNNMtpSc+Q/6whVp5bBqAik+yzvluG4uwSBRiOd77SDK6w+3X6V+2hbiZ2y5tJ4KJUjroLAsFvUWTUkgbhqlpmL7tnNktGqYObMUXzRCwGOb0budAZv2ZUEfzSQImYJRPr7HvGdLVDhwncbVLUYLeejgIWfaqPjxB/8Mp+1UOS12/jVKPV+oXWsTxl970zuI8Wj7OCl9kIdGUhuM2IsmDXBy+Hk2r7Nqsms4e70QMzbL7OfEkMYXqVCJ4M2/pZLh593MUy7Ig0lHIDVnfIUy0hkMK33rP69yIMdGv99n4UBtqgR9psmvvlhxgzj2kYJHu5pn8oW0MMezVKh20wtwIkmooc/1YWyOG0apftG+SYBb0U3RVlx2cbdCcndTmVjk6rvV3rhtpnmo31GDQkokUNnGqQoYCwm2laqFJU+SJdcb3MMY8lyG X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(376002)(396003)(346002)(366004)(33430700001)(6916009)(16526019)(66556008)(66476007)(30864003)(36756003)(44832011)(5660300002)(52116002)(86362001)(956004)(8676002)(66946007)(69590400007)(2906002)(6486002)(186003)(316002)(2616005)(4326008)(33440700001)(6666004)(478600001)(6506007)(6512007)(8936002)(26005)(136400200001)(2004002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: pDusXzJUL4O14u1OEu3+W+6g1Wyjeca8L7wPGRcL9T9bHcSYjBEkThfgXMIXXM70/yHcup+58p7cz2ZkxBqli3Sy4tDsf7fiH42Xeb+mvD2MmSbOyjVO+s2P2uAa0NMJpNbifwBBjxy0CFWcxPPa0GVPAeEnemnVjf5HeQYBu21e2onJJeIFsKp1IfJ04scFuaV6O5e2lpVA9RdA30qydYHjeH0fuklAiv6/t1uOXFJzXKWfXmMGeZCLwtyaQHddYaL2cJRCLYjeyKtV5JoT9H2Qc8xZM1BSkDvC5J0nKQ8N05hF6ChXKMf7/TXWcLWo2EC9r4o3wo+ITQQIHfLxOjJm1yv0M5sd1JTUl0CrW7sw+uNd4UFham+3N+xRuW5Zos7q4tfk7C/lzOWcYB1sNuyT++Y+GoMa1IJJdrmQe1EJ1B9z1dPOdBuuWDbFeNi7qXDmEerIEFfTemIg39v4sm88jKzDoNv2qe/THvSRQ60= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB2982 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT054.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(346002)(39860400002)(136003)(396003)(376002)(46966005)(33430700001)(26005)(47076004)(30864003)(36756003)(82740400003)(5660300002)(8676002)(69590400007)(336012)(2906002)(6916009)(956004)(356005)(478600001)(70206006)(8936002)(6666004)(316002)(4326008)(36906005)(33440700001)(82310400002)(86362001)(70586007)(6506007)(186003)(81166007)(6486002)(2616005)(44832011)(16526019)(6512007)(136400200001)(2004002); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: eaba334d-3cec-41f8-b1c7-08d7f65d5403 X-Forefront-PRVS: 0401647B7F X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oUUb5kMSw4cW9MsdoBcOc7Vj2HXAdFOkGmnF9Na7kayje5kwGXgMX8y0Wjb4ycU2bwPQiaY1N1fKYkBo8iS8GwHDMFfB71Jqsb3vF2gY3grtV5Q+iiTBNAQnvcl9wDMUsVQDjLUwv5kBtL52A1mLYpWnH2lNfqeAovFKUpXV1grGParPyWcCWQEgZLpd4RW0Ztq2ZDC5xTVOnYfMcGXWwq+yZdasfaCDblBBis2CN6ibNMxc7dI+Fq7f4I2H6iMPHrrHUMpXJQRhx70jms3eIqSDTMOwFtUvfzQicPGmjg3WLd79t5TxKkBJydiVYgx58wnsWFbNczn6DiND0OIUDKlSQugcdyi579Coi4Xu+ywirViPxlilQEzhaHJPd2aZk9CU47Gkorb2bYPujSRYzcUtDL9uMhKGQBy8CRhEAdeMY5EUZ4JgNHYGRGQmTtEZbMyvXqGC6dVLCndxCisBASEvZJ1bfjh6/DqK1JlV/V9qwS7m0SgEdGGZi//hW5hXmfwm1QWPl0rqAOLuyCqar2aPA/obnpfBzPqXzac3djAm9nObPI4S8tvwTIsbBoHvJSPL4yJzzXfwsJnFeT6VsU3z0Z9BbbK1hbGAC79qNZbsoQJG9oQKH2K5SxtZS/hAp9DN9uoRQ21JGbfuyQ9pEdUrtMh77ylmeSO1Qr2e4KdSjaoGr+frtW5iJsP+EneNuzhdkuJ81wIU6aRypO8RPNEeHdVmV+61n8DGr7R6AWovhb/Pb48mZcZbmL4kzlrt X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2020 10:15:08.6002 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d6212c7a-b3b3-45ca-47ce-08d7f65d594b X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2213 X-Spam-Status: No, score=-19.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, KAM_SHORT, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sudakshina Das Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" From: Sudakshina Das Binaries can opt-in to using BTI via an ELF object file marking. The dynamic linker has to then mprotect the executable segments with PROT_BTI. In case of static linked executables or in case of the dynamic linker itself, PROT_BTI protection is done by the operating system. On AArch64 glibc uses PT_GNU_PROPERTY instead of PT_NOTE to check the properties of a binary because PT_NOTE can be unreliable with old linkers (old linkers just append the notes of input objects together and add them to the output without checking them for consistency which means multiple incompatible GNU property notes can be present in PT_NOTE). Otherwise the AArch64 logic follows the x86 logic for handling GNU properties. BTI property is handled in the loader even if glibc is not built with BTI support, so in theory user code can be BTI protected independently of glibc. In practice though user binaries are not marked with the BTI property if glibc has no support because the static linked libc objects (crt files, libc_nonshared.a) are unmarked. This patch affects x86 because _dl_process_pt_note is now called with PT_GNU_PROPERTY notes too, not just PT_NOTE, but x86 only checks the first NT_GNU_PROPERTY_TYPE_0 so the behaviour is unchanged. This patch relies on Linux userspace API that is scheduled to be merged in Linux 5.8 and now it is in the for-next/bti-user branch of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git. Co-authored-by: Szabolcs Nagy TODO: - separate PT_NOTE and PT_GNU_PROPERTY handling. - share property handling code between x86 and aarch64. --- elf/dl-load.c | 2 + elf/rtld.c | 2 + sysdeps/aarch64/Makefile | 4 + sysdeps/aarch64/dl-bti.c | 54 ++++++ sysdeps/aarch64/dl-prop.h | 170 ++++++++++++++++++ sysdeps/aarch64/linkmap.h | 3 + sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h | 1 + sysdeps/unix/sysv/linux/aarch64/bits/mman.h | 31 ++++ .../unix/sysv/linux/aarch64/cpu-features.c | 3 + .../unix/sysv/linux/aarch64/cpu-features.h | 2 + 10 files changed, 272 insertions(+) create mode 100644 sysdeps/aarch64/dl-bti.c create mode 100644 sysdeps/aarch64/dl-prop.h create mode 100644 sysdeps/unix/sysv/linux/aarch64/bits/mman.h diff --git a/elf/dl-load.c b/elf/dl-load.c index 06f2ba7264..36c7b8d2bc 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1146,6 +1146,8 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, l->l_relro_size = ph->p_memsz; break; + case PT_GNU_PROPERTY: + /* Fall through. PT_GNU_PROPERTY holds property notes. */ case PT_NOTE: if (_dl_process_pt_note (l, ph, fd, fbp)) { diff --git a/elf/rtld.c b/elf/rtld.c index 5ccc3c2dbb..623b46b226 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1506,6 +1506,8 @@ of this helper program; chances are you did not intend to run this program.\n\ main_map->l_relro_size = ph->p_memsz; break; + case PT_GNU_PROPERTY: + /* Fall through. PT_GNU_PROPERTY holds property notes. */ case PT_NOTE: if (_rtld_process_pt_note (main_map, ph)) _dl_error_printf ("\ diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index 9cb141004d..5ae8b082b0 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -1,5 +1,9 @@ long-double-fcts = yes +ifeq ($(subdir),elf) +sysdep-dl-routines += dl-bti +endif + ifeq ($(subdir),elf) sysdep-dl-routines += tlsdesc dl-tlsdesc gen-as-const-headers += dl-link.sym diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c new file mode 100644 index 0000000000..adb7ea9bcd --- /dev/null +++ b/sysdeps/aarch64/dl-bti.c @@ -0,0 +1,54 @@ +/* AArch64 BTI functions. + Copyright (C) 2020 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +enable_bti (struct link_map *map, const char *program) +{ + const ElfW(Phdr) *phdr; + unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI; + + for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr) + if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X)) + { + ElfW(Addr) start = phdr->p_vaddr + map->l_addr; + ElfW(Addr) len = phdr->p_memsz; + if (__mprotect ((void *) start, len, prot) < 0) + { + if (program) + _dl_fatal_printf ("%s: mprotect failed to turn on BTI\n", + map->l_name); + else + _dl_signal_error (EINVAL, map->l_name, "dlopen", + N_("mprotect failed to turn on BTI")); + } + } + return 0; +} + +/* Enable BTI for L if required. */ + +void +_dl_bti_check (struct link_map *l, const char *program) +{ + if (GLRO(dl_aarch64_cpu_features).bti && l->l_mach.bti_guarded) + enable_bti (l, program); +} diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h new file mode 100644 index 0000000000..ee10882440 --- /dev/null +++ b/sysdeps/aarch64/dl-prop.h @@ -0,0 +1,170 @@ +/* Support for GNU properties. AArch64 version. + Copyright (C) 2018-2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_PROP_H +#define _DL_PROP_H + +#include + +extern void _dl_bti_check (struct link_map *, const char *) + attribute_hidden; + +static inline void __attribute__ ((always_inline)) +_rtld_main_check (struct link_map *m, const char *program) +{ + _dl_bti_check (m, program); +} + +static inline void __attribute__ ((always_inline)) +_dl_open_check (struct link_map *m) +{ + _dl_bti_check (m, NULL); +} + +static inline void __attribute__ ((unused)) +_dl_process_aarch64_property (struct link_map *l, + const ElfW(Nhdr) *note, + const ElfW(Addr) size, + const ElfW(Addr) align) +{ + /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes in + 32-bit objects and to 8 bytes in 64-bit objects. Skip notes + with incorrect alignment. */ + if (align != (__ELF_NATIVE_CLASS / 8)) + return; + + const ElfW(Addr) start = (ElfW(Addr)) note; + + unsigned int feature_1 = 0; + unsigned int last_type = 0; + + while ((ElfW(Addr)) (note + 1) - start < size) + { + /* Find the NT_GNU_PROPERTY_TYPE_0 note. */ + if (note->n_namesz == 4 + && note->n_type == NT_GNU_PROPERTY_TYPE_0 + && memcmp (note + 1, "GNU", 4) == 0) + { + /* Check for invalid property. */ + if (note->n_descsz < 8 + || (note->n_descsz % sizeof (ElfW(Addr))) != 0) + return; + + /* Start and end of property array. */ + unsigned char *ptr = (unsigned char *) (note + 1) + 4; + unsigned char *ptr_end = ptr + note->n_descsz; + + do + { + unsigned int type = *(unsigned int *) ptr; + unsigned int datasz = *(unsigned int *) (ptr + 4); + + /* Property type must be in ascending order. */ + if (type < last_type) + return; + + ptr += 8; + if ((ptr + datasz) > ptr_end) + return; + + last_type = type; + + if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) + { + /* The size of GNU_PROPERTY_AARCH64_FEATURE_1_AND is 4 + bytes. When seeing GNU_PROPERTY_AARCH64_FEATURE_1_AND, + we stop the search regardless if its size is correct + or not. There is no point to continue if this note + is ill-formed. */ + if (datasz != 4) + return; + + feature_1 = *(unsigned int *) ptr; + if ((feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) + l->l_mach.bti_guarded = true; + + /* Stop if we found the property note. */ + return; + } + else if (type > GNU_PROPERTY_AARCH64_FEATURE_1_AND) + { + /* Stop since property type is in ascending order. */ + return; + } + + /* Check the next property item. */ + ptr += ALIGN_UP (datasz, sizeof (ElfW(Addr))); + } + while ((ptr_end - ptr) >= 8); + } + + /* NB: Note sections like .note.ABI-tag and .note.gnu.build-id are + aligned to 4 bytes in 64-bit ELF objects. */ + note = ((const void *) note + + ELF_NOTE_NEXT_OFFSET (note->n_namesz, note->n_descsz, + align)); + } +} + +#ifdef FILEBUF_SIZE +static inline int __attribute__ ((unused)) +_dl_process_pt_note (struct link_map *l, const ElfW(Phdr) *ph, + int fd, struct filebuf *fbp) +{ + if (ph->p_type != PT_GNU_PROPERTY) + return 0; + + const ElfW(Nhdr) *note; + ElfW(Nhdr) *note_malloced = NULL; + ElfW(Addr) size = ph->p_filesz; + + if (ph->p_offset + size <= (size_t) fbp->len) + note = (const void *) (fbp->buf + ph->p_offset); + else + { + if (size < __MAX_ALLOCA_CUTOFF) + note = alloca (size); + else + note = note_malloced = malloc (size); + if (note == NULL) + return -1; + if (__pread64_nocancel (fd, (void *) note, size, ph->p_offset) != size) + { + if (note_malloced) + free (note_malloced); + return -1; + } + } + _dl_process_aarch64_property (l, note, ph->p_filesz, ph->p_align); + if (note_malloced) + free (note_malloced); + return 0; +} +#endif + +static inline int __attribute__ ((unused)) +_rtld_process_pt_note (struct link_map *l, const ElfW(Phdr) *ph) +{ + if (ph->p_type != PT_GNU_PROPERTY) + return 0; + const ElfW(Nhdr) *note = (const void *) (ph->p_vaddr + l->l_addr); + _dl_process_aarch64_property (l, note, ph->p_memsz, ph->p_align); + return 0; +} + +#endif /* _DL_PROP_H */ diff --git a/sysdeps/aarch64/linkmap.h b/sysdeps/aarch64/linkmap.h index 943a9ee9e4..4b9be4202f 100644 --- a/sysdeps/aarch64/linkmap.h +++ b/sysdeps/aarch64/linkmap.h @@ -16,8 +16,11 @@ License along with the GNU C Library; if not, see . */ +#include + struct link_map_machine { ElfW(Addr) plt; /* Address of .plt */ void *tlsdesc_table; /* Address of TLS descriptor hash table. */ + bool bti_guarded; /* Branch Target Identification mechanism enabled. */ }; diff --git a/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h b/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h index 4ee14b4208..af90d8a626 100644 --- a/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h +++ b/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h @@ -72,3 +72,4 @@ #define HWCAP2_BF16 (1 << 14) #define HWCAP2_DGH (1 << 15) #define HWCAP2_RNG (1 << 16) +#define HWCAP2_BTI (1 << 17) diff --git a/sysdeps/unix/sysv/linux/aarch64/bits/mman.h b/sysdeps/unix/sysv/linux/aarch64/bits/mman.h new file mode 100644 index 0000000000..ecae046344 --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/bits/mman.h @@ -0,0 +1,31 @@ +/* Definitions for POSIX memory map interface. Linux/AArch64 version. + Copyright (C) 2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _SYS_MMAN_H +# error "Never use directly; include instead." +#endif + +/* AArch64 specific definitions, should be in sync with + arch/arm64/include/uapi/asm/mman.h. */ + +#define PROT_BTI 0x10 + +#include + +/* Include generic Linux declarations. */ +#include diff --git a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c index 896c588fee..0fc507058b 100644 --- a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c +++ b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c @@ -83,4 +83,7 @@ init_cpu_features (struct cpu_features *cpu_features) if ((dczid & DCZID_DZP_MASK) == 0) cpu_features->zva_size = 4 << (dczid & DCZID_BS_MASK); + + /* Check if BTI is enabled. */ + cpu_features->bti = GLRO (dl_hwcap2) & HWCAP2_BTI; } diff --git a/sysdeps/unix/sysv/linux/aarch64/cpu-features.h b/sysdeps/unix/sysv/linux/aarch64/cpu-features.h index 1389cea1b3..a81f186ec2 100644 --- a/sysdeps/unix/sysv/linux/aarch64/cpu-features.h +++ b/sysdeps/unix/sysv/linux/aarch64/cpu-features.h @@ -20,6 +20,7 @@ #define _CPU_FEATURES_AARCH64_H #include +#include #define MIDR_PARTNUM_SHIFT 4 #define MIDR_PARTNUM_MASK (0xfff << MIDR_PARTNUM_SHIFT) @@ -64,6 +65,7 @@ struct cpu_features { uint64_t midr_el1; unsigned zva_size; + bool bti; }; #endif /* _CPU_FEATURES_AARCH64_H */