From patchwork Thu Dec 12 18:16:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 36794 Received: (qmail 44543 invoked by alias); 12 Dec 2019 18:16:34 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 44432 invoked by uid 89); 12 Dec 2019 18:16:33 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-21.8 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.1 spammy=telling, UD:ro X-HELO: mail-vk1-f181.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references; bh=3lWEW69jYpbijebuOLoPtSyD04JBUkeMOMByuWuzlTM=; b=ytIt46aBngUilsbfOvaNYpcpz39rhMi5UdfTp77wUZaDVw5eaoE1FIoThgXb0tZ+1n 8CRy36gbC8USijyA6cj09w27lVC6aPdJV8Kmxq8EKMfSwqr0vXNtp7awPx5KKLsUK9pP v2g6QHin5VMuRXjA7DjKqiVKeCqZFg2Qerio3xsDC2riw89iCyGYFdpMuYcedVVTCNss M+c/KWXxD1tdyP/YGpGCL4shXwnkI5TrjfdgXcy7UIVWziWIBtQNlDD+7beP1RjgdICu OLXKPnadt825dV5qykaMohSc0lM5IEYlpThD1EIOuqP0HpdAA8etkvr9j30jwZPCqUzk 1uxw== Return-Path: From: Adhemerval Zanella To: libc-alpha@sourceware.org Subject: [PATCH v2 06/12] elf: Enable relro for static build Date: Thu, 12 Dec 2019 15:16:08 -0300 Message-Id: <20191212181614.31782-6-adhemerval.zanella@linaro.org> In-Reply-To: <20191212181614.31782-1-adhemerval.zanella@linaro.org> References: <20191212181614.31782-1-adhemerval.zanella@linaro.org> Changes from previous version: - Added tests for partial and full relro. --- The code is similar to the one at elf/dl-reloc.c, where it checks for the l_relro_size from the link_map (obtained from PT_GNU_RELRO header from program headers) and calls_dl_protected_relro. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, aarch64-linux-gnu, s390x-linux-gnu, and sparc64-linux-gnu. I also check with --enable-static pie on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu which seems the only architectures where static PIE is actually working (as per 9d7a3741c9e, on arm-linux-gnueabihf, powerpc64{le}-linux-gnu, and s390x-linux-gnu I am seeing runtime issues not related to my patch). --- elf/Makefile | 11 +++++++-- elf/dl-support.c | 18 +++++++++++--- elf/tst-data-relro-lazy-static.c | 1 + elf/tst-data-relro-lazy.c | 1 + elf/tst-data-relro-now-static.c | 1 + elf/tst-data-relro-now.c | 1 + elf/tst-data-relro.c | 42 ++++++++++++++++++++++++++++++++ 7 files changed, 69 insertions(+), 6 deletions(-) create mode 100644 elf/tst-data-relro-lazy-static.c create mode 100644 elf/tst-data-relro-lazy.c create mode 100644 elf/tst-data-relro-now-static.c create mode 100644 elf/tst-data-relro-now.c create mode 100644 elf/tst-data-relro.c diff --git a/elf/Makefile b/elf/Makefile index b2b3be203f..45b5ad4ea6 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -154,7 +154,8 @@ endif tests-static-normal := tst-leaks1-static tst-array1-static tst-array5-static \ tst-dl-iter-static \ tst-tlsalign-static tst-tlsalign-extern-static \ - tst-linkall-static tst-env-setuid tst-env-setuid-tunables + tst-linkall-static tst-env-setuid tst-env-setuid-tunables \ + tst-data-relro-lazy-static tst-data-relro-now-static tests-static-internal := tst-tls1-static tst-tls2-static \ tst-ptrguard1-static tst-stackguard1-static \ tst-tls1-static-non-pie tst-libc_dlvsym-static @@ -205,7 +206,8 @@ tests-internal += loadtest unload unload2 circleload1 \ neededtest neededtest2 neededtest3 neededtest4 \ tst-tls3 tst-tls6 tst-tls7 tst-tls8 tst-dlmopen2 \ tst-ptrguard1 tst-stackguard1 tst-libc_dlvsym \ - tst-create_format1 + tst-create_format1 \ + tst-data-relro-now tst-data-relro-lazy tests-container += tst-pldd tst-dlopen-tlsmodid-container \ tst-dlopen-self-container test-srcs = tst-pathopt @@ -1627,3 +1629,8 @@ $(objpfx)tst-dlopenfailmod1.so: \ $(shared-thread-library) $(objpfx)tst-dlopenfaillinkmod.so LDFLAGS-tst-dlopenfaillinkmod.so = -Wl,-soname,tst-dlopenfail-missingmod.so $(objpfx)tst-dlopenfailmod2.so: $(shared-thread-library) + +LDFLAGS-tst-data-relro-lazy += -Wl,-z,relro -Wl,-z,lazy +LDFLAGS-tst-data-relro-lazy-static += -Wl,-z,relro -Wl,-z,lazy +LDFLAGS-tst-data-relro-now += -Wl,-z,relro -Wl,-z,now +LDFLAGS-tst-data-relro-now-static += -Wl,-z,relro -Wl,-z,now diff --git a/elf/dl-support.c b/elf/dl-support.c index 5526d5ee6e..b2b1b12f6f 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -367,14 +367,24 @@ _dl_non_dynamic_init (void) if (_dl_platform != NULL) _dl_platformlen = strlen (_dl_platform); - /* Scan for a program header telling us the stack is nonexecutable. */ if (_dl_phdr != NULL) - for (uint_fast16_t i = 0; i < _dl_phnum; ++i) - if (_dl_phdr[i].p_type == PT_GNU_STACK) + for (const ElfW(Phdr) *ph = _dl_phdr; ph < &_dl_phdr[_dl_phnum]; ++ph) + switch (ph->p_type) { - _dl_stack_flags = _dl_phdr[i].p_flags; + /* Check if the stack is nonexecutable. */ + case PT_GNU_STACK: + _dl_stack_flags = ph->p_flags; + break; + + case PT_GNU_RELRO: + _dl_main_map.l_relro_addr = ph->p_vaddr; + _dl_main_map.l_relro_size = ph->p_memsz; break; } + + /* Setup relro on the binary itself. */ + if (_dl_main_map.l_relro_size != 0) + _dl_protect_relro (&_dl_main_map); } #ifdef DL_SYSINFO_IMPLEMENTATION diff --git a/elf/tst-data-relro-lazy-static.c b/elf/tst-data-relro-lazy-static.c new file mode 100644 index 0000000000..364a206506 --- /dev/null +++ b/elf/tst-data-relro-lazy-static.c @@ -0,0 +1 @@ +#include diff --git a/elf/tst-data-relro-lazy.c b/elf/tst-data-relro-lazy.c new file mode 100644 index 0000000000..364a206506 --- /dev/null +++ b/elf/tst-data-relro-lazy.c @@ -0,0 +1 @@ +#include diff --git a/elf/tst-data-relro-now-static.c b/elf/tst-data-relro-now-static.c new file mode 100644 index 0000000000..364a206506 --- /dev/null +++ b/elf/tst-data-relro-now-static.c @@ -0,0 +1 @@ +#include diff --git a/elf/tst-data-relro-now.c b/elf/tst-data-relro-now.c new file mode 100644 index 0000000000..364a206506 --- /dev/null +++ b/elf/tst-data-relro-now.c @@ -0,0 +1 @@ +#include diff --git a/elf/tst-data-relro.c b/elf/tst-data-relro.c new file mode 100644 index 0000000000..bd63b24b3f --- /dev/null +++ b/elf/tst-data-relro.c @@ -0,0 +1,42 @@ +/* Test if variables places on relro section are not writable. + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +#include +#include + +static volatile int val __attribute__ ((section (".data.rel.ro"))); + +static void +callback (void *closure) +{ + /* It should trigger an invalid write. */ + val = 1; +} + +int do_test (void) +{ + struct support_capture_subprocess result + = support_capture_subprocess (callback, NULL); + support_capture_subprocess_check (&result, "tst-relro", -SIGSEGV, + sc_allow_stdout); + return 0; +} + +#include