Message ID | 20240930200822.1669666-1-adhemerval.zanella@linaro.org |
---|---|
Headers |
Return-Path: <binutils-bounces~patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 02AE6384602A for <patchwork@sourceware.org>; Mon, 30 Sep 2024 20:09:23 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) by sourceware.org (Postfix) with ESMTPS id 8DFE0384A808 for <binutils@sourceware.org>; Mon, 30 Sep 2024 20:08:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8DFE0384A808 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8DFE0384A808 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726914; cv=none; b=fz0nKGu2bjiHgxFOhaArajjcr9ZcGKyn2Lv1Wy3VS3Zt+fUAUXL7Cnumya17oBaUnAOOaRTRpKF2fbIy0zPkapetAhw+1k1+f3tghejQtZOusd3xsYNk/+wiOeLLPuhe/PbagsYq6LEeW+QZGAjJPLn7b4eX20tMqePKz0GXrA4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726914; c=relaxed/simple; bh=GCpQRETx/QubJfmDuA1wB5l4Q9kp5Olu7kla/5nco5k=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=uQHrypKGGD7KlXEBBPVLeFudTgwFKmRBMxqOJtrp46gBGNsgM3gC5vTQtqKuNOGpIDGLrRThk9BzdpJ1Rc7dkJlHnI8NnbrG1Zx6Rth0SdrRV1vMuJ1D3ZFAZ8/wYi9EZXGLOHuTGBKNveVcNwpe2l9zzALXT4jmm3POJK6XtsM= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x102f.google.com with SMTP id 98e67ed59e1d1-2db85775c43so3529021a91.0 for <binutils@sourceware.org>; Mon, 30 Sep 2024 13:08:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726911; x=1728331711; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=3hpTOsCRXCgkm8H1Q2GqGU4D9gG5dJ+GGtrDstT6Y0o=; b=a8tJ31aMaSioAbsUvClWcX+N1By9OSw6kpiapa07zHLiL/mTwKSesXwon9g1Nkf4R5 JSxjrWObCHqigWm9xtotfYCTtpCidWjsj+kWqiYU7GCiH1pmS47wQoHy+gW09vXqYQUH 5qsIjuSG0IQPgx9zWMACHmyg9kiap/8UWcm6ZtCVxOWkiCtAfsmk1IctRqhwibDgFzDW SPVJGiXzgo1/NwIbxqodOmdOjgu+LJMVU43FICV6inimUEArH+87QrHAYvZSfl/Nl6fi /K33QHnpip5xPi8tXlv2jNTF1DLxC408S3dkOak/nwx4yDuwqlrtdN7nSJGQHRqjzlXc mkMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726911; x=1728331711; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3hpTOsCRXCgkm8H1Q2GqGU4D9gG5dJ+GGtrDstT6Y0o=; b=byVDaIDV6P7hW5fUlkjxFZCrWBJnE3z0+pJzS2/POMWDebsjwab8tO2klKiOVpzb8a qLQfbdYDU4zzNqQoPDS7UsYYbVLp24VFz42jpMtAZEB0dyK9WE6ZK0N6yajIantXqvix Dgmc8YyFq9M/2bj1vG8+t0G8uo1OZWY2GNmIrGxOx1hkT7zZsB+Uxu5Q41CHGEVgMDph x7GjgYgryvWJCOvV4vqYYS7c2GF9+s5Dy7R7aw6aYAGMOqsETVUoNTpvXwTxR+VaK+kF DOPP1fKdcEMTrXeyoL4BDFluSNmlNGPLP8+prwITuPQiCj9aisbaftwgUVRMrYN+Fn+Y QWeQ== X-Gm-Message-State: AOJu0YxWUYUUKkB9Dqbxm567J4PkRRjD0MrMRSklxhcWBDvKc6s/X3aZ Xjboqh2tLuTWFQJZH77OCieoMxTKxhhEk7Jv6BSXHrCo6w2qENC91jcinTHQtZyD8hpKZB1G0kM MjSY= X-Google-Smtp-Source: AGHT+IHVwHEd1I9FC7zHBkkgiOjnq+fPs9mjj4jEzAW0FZgjGf2S6t0bo3GJ++reukxa4NQwPH5m+A== X-Received: by 2002:a17:90a:fd8c:b0:2c9:36bf:ba6f with SMTP id 98e67ed59e1d1-2e15a1b6980mr1136697a91.3.1727726911192; Mon, 30 Sep 2024 13:08:31 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c9b438sm8464787a91.28.2024.09.30.13.08.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:30 -0700 (PDT) From: Adhemerval Zanella <adhemerval.zanella@linaro.org> To: binutils@sourceware.org Cc: Stephen Roettger <sroettger@google.com>, Jeff Xu <jeffxu@google.com>, Florian Weimer <fweimer@redhat.com>, Mike Hommey <mh@glandium.org>, Adhemerval Zanella <adhemerval.zanella@linaro.org> Subject: [PATCH v2 0/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property Date: Mon, 30 Sep 2024 17:08:19 -0300 Message-Id: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list <binutils.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>, <mailto:binutils-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/binutils/> List-Post: <mailto:binutils@sourceware.org> List-Help: <mailto:binutils-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>, <mailto:binutils-request@sourceware.org?subject=subscribe> Errors-To: binutils-bounces~patchwork=sourceware.org@sourceware.org |
Series |
elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
|
|
Message
Adhemerval Zanella Netto
Sept. 30, 2024, 8:08 p.m. UTC
The new attribute indicates that an ET_EXEC or ET_DYN ELF object should be memory-sealed if the loader supports it. Memory sealing is useful as a hardening mechanism to avoid either remapping the memory segments or changing the memory protection segments layout by the dynamic loader (for instance, the RELRO hardening). The Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370) added the mseal syscall accomplishes it. A GNU property is used instead of a new dynamic section tag (like the one proposed for DT_GNU_FLAGS_1) because the memory sealing should be selectable for ET_EXEC and not only for ET_DYN. It also fits new opt-in security features like x86 CET or AArch64 BTI. The first patch adds the -Wl,memory-seal/-Wl,nomemory-seal options to ld.bfd. The GNU_PROPERTY_MEMORY_SEAL property is added only for ET_EXEC or ET_DYN objects. The second patch adds similar support for ld.gold. The third patch adds the ld --enable-memory-seal configure options to enable the memory sealing mark as default (similar to other security hardening as RELRO or non-executable stacks). Changes v1->v2: * Make the security hardening opt-in instead of opt-out. * Add gold support. Adhemerval Zanella (3): elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property ld: Add --enable-memory-seal configure option bfd/elf-properties.c | 72 +++++++++++++++++----- bfd/elfxx-x86.c | 3 +- binutils/readelf.c | 6 ++ binutils/testsuite/lib/binutils-common.exp | 22 +++++++ elfcpp/elfcpp.h | 1 + gold/NEWS | 3 + gold/layout.cc | 4 ++ gold/options.h | 3 + gold/testsuite/Makefile.am | 19 ++++++ gold/testsuite/Makefile.in | 26 +++++++- gold/testsuite/memory_seal_main.c | 5 ++ gold/testsuite/memory_seal_shared.c | 7 +++ gold/testsuite/memory_seal_test.sh | 45 ++++++++++++++ include/bfdlink.h | 3 + include/elf/common.h | 1 + ld/NEWS | 4 ++ ld/config.in | 3 + ld/configure | 28 ++++++++- ld/configure.ac | 17 +++++ ld/emultempl/elf.em | 5 ++ ld/ld.texi | 8 +++ ld/lexsup.c | 11 ++++ ld/testsuite/config/default.exp | 8 +++ ld/testsuite/ld-elf/property-seal-1.d | 15 +++++ ld/testsuite/ld-elf/property-seal-2.d | 14 +++++ ld/testsuite/ld-srec/srec.exp | 4 ++ ld/testsuite/lib/ld-lib.exp | 6 ++ 27 files changed, 320 insertions(+), 23 deletions(-) create mode 100644 gold/testsuite/memory_seal_main.c create mode 100644 gold/testsuite/memory_seal_shared.c create mode 100755 gold/testsuite/memory_seal_test.sh create mode 100644 ld/testsuite/ld-elf/property-seal-1.d create mode 100644 ld/testsuite/ld-elf/property-seal-2.d
Comments
On Mon, Sep 30, 2024 at 1:08 PM Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote: > > The new attribute indicates that an ET_EXEC or ET_DYN ELF object should > be memory-sealed if the loader supports it. Memory sealing is useful as > a hardening mechanism to avoid either remapping the memory segments or > changing the memory protection segments layout by the dynamic loader > (for instance, the RELRO hardening). The Linux 6.10 > (8be7258aad44b5e25977a98db136f677fa6f4370) added the mseal syscall > accomplishes it. > > A GNU property is used instead of a new dynamic section tag (like the > one proposed for DT_GNU_FLAGS_1) because the memory sealing should be > selectable for ET_EXEC and not only for ET_DYN. It also fits new opt-in > security features like x86 CET or AArch64 BTI. > > The first patch adds the -Wl,memory-seal/-Wl,nomemory-seal options to > ld.bfd. The GNU_PROPERTY_MEMORY_SEAL property is added only for ET_EXEC > or ET_DYN objects. > > The second patch adds similar support for ld.gold. > > The third patch adds the ld --enable-memory-seal configure options to > enable the memory sealing mark as default (similar to other security > hardening as RELRO or non-executable stacks). > --enable-memory-seal helps distribution that wants to enable sealing by default. I like this approach because it gives distributions a choice for their own strategies. As an example using chromeOS, I imagine that we can start with opt-in, testing it on a few apps, e.g. Chrome, then switch to opt-out and enable sealing for the entire system. > Changes v1->v2: > * Make the security hardening opt-in instead of opt-out. > * Add gold support. > > Adhemerval Zanella (3): > elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property > gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property > ld: Add --enable-memory-seal configure option > > bfd/elf-properties.c | 72 +++++++++++++++++----- > bfd/elfxx-x86.c | 3 +- > binutils/readelf.c | 6 ++ > binutils/testsuite/lib/binutils-common.exp | 22 +++++++ > elfcpp/elfcpp.h | 1 + > gold/NEWS | 3 + > gold/layout.cc | 4 ++ > gold/options.h | 3 + > gold/testsuite/Makefile.am | 19 ++++++ > gold/testsuite/Makefile.in | 26 +++++++- > gold/testsuite/memory_seal_main.c | 5 ++ > gold/testsuite/memory_seal_shared.c | 7 +++ > gold/testsuite/memory_seal_test.sh | 45 ++++++++++++++ > include/bfdlink.h | 3 + > include/elf/common.h | 1 + > ld/NEWS | 4 ++ > ld/config.in | 3 + > ld/configure | 28 ++++++++- > ld/configure.ac | 17 +++++ > ld/emultempl/elf.em | 5 ++ > ld/ld.texi | 8 +++ > ld/lexsup.c | 11 ++++ > ld/testsuite/config/default.exp | 8 +++ > ld/testsuite/ld-elf/property-seal-1.d | 15 +++++ > ld/testsuite/ld-elf/property-seal-2.d | 14 +++++ > ld/testsuite/ld-srec/srec.exp | 4 ++ > ld/testsuite/lib/ld-lib.exp | 6 ++ > 27 files changed, 320 insertions(+), 23 deletions(-) > create mode 100644 gold/testsuite/memory_seal_main.c > create mode 100644 gold/testsuite/memory_seal_shared.c > create mode 100755 gold/testsuite/memory_seal_test.sh > create mode 100644 ld/testsuite/ld-elf/property-seal-1.d > create mode 100644 ld/testsuite/ld-elf/property-seal-2.d > > -- > 2.34.1 >