From patchwork Wed Jan 20 15:30:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 41772 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 239C4396EC65; Wed, 20 Jan 2021 15:30:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 239C4396EC65 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1611156658; bh=KA199iensiCqNoHViABo7DqsWTK/yTw0d2vu4x32JOY=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=fhyRLp+kCFAOj3Nt3SLWxc5hh/ClPAuoqCY/h6LUcbV/6P0A5HohRoIxsCnb6BTDU 4klL4gPAlqtS/oRR+biuQCksHIN6GEbjqU42L0dWzya8OI8YO4FGCdpfy+B8zGYeIo kk6nb/P3dmhYxwv7bF8f2JV5Alm3wYlxmIFj7BkE= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60063.outbound.protection.outlook.com [40.107.6.63]) by sourceware.org (Postfix) with ESMTPS id 2F44D396EC34 for ; Wed, 20 Jan 2021 15:30:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 2F44D396EC34 Received: from AS8PR04CA0001.eurprd04.prod.outlook.com (2603:10a6:20b:310::6) by AM6PR08MB3511.eurprd08.prod.outlook.com (2603:10a6:20b:4b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.9; Wed, 20 Jan 2021 15:30:49 +0000 Received: from AM5EUR03FT018.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:310:cafe::ab) by AS8PR04CA0001.outlook.office365.com (2603:10a6:20b:310::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.12 via Frontend Transport; Wed, 20 Jan 2021 15:30:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;sourceware.org; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT018.mail.protection.outlook.com (10.152.16.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.11 via Frontend Transport; Wed, 20 Jan 2021 15:30:49 +0000 Received: ("Tessian outbound 4d8113405d55:v71"); Wed, 20 Jan 2021 15:30:49 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 4f8cf66df6452a18 X-CR-MTA-TID: 64aa7808 Received: from 0fccba8710cc.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 09DFC465-1BF1-4159-A717-1C3D560B8798.1; Wed, 20 Jan 2021 15:30:39 +0000 Received: from EUR02-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0fccba8710cc.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 20 Jan 2021 15:30:39 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EeWyame/jLDxx8wiTy6X7DUl1Q4Oy+99xjpqoZW4TwaViK+GL5EojKG+OhoTe1FU1q0MPxsB0cIz2Cn+gMGHx+UoCbLmUGoOuymUWhcUxAmCgpp9z1w6r6HIhZwQd7inzDOos0HoQ9f3rAzKYOk85tGWgsmvpz5G66Vak2mIkvuQQmSpdqFPTVXWu8yGClktmE3eHhlM0xC1mhys1qvHdossYoJsnBN6lD77GXXhAQmOsFnuj0TCdvLTbu2fcir7LOUTznfWtH3XPbRWhWvu8PFl4n1ZbY6cnhoDm/aYf2BiiWJBvCUMSL84xXPiHh9bc+a1BTqhulhaQif0ouvN2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KA199iensiCqNoHViABo7DqsWTK/yTw0d2vu4x32JOY=; b=AHW4m9EUv7o+Uf5U6heqRbW0rkv2Z4o7d5QUz8PlqI8jtBh/sWtVa2HOLkljPKvMsfg2Z1KE1+QdV2dH1Wxrcbbvx5HJK0ZmIKwpoaR/NxrmONsS9ZirXnFK+YzkYWUxJUUsq3gpaFLoVdYE3t8eQPj3UJuTPEPoJMNwtA5a8kxDDdmDolZL8DGQUoFQ+bM0AveCm5gIPqZF8UicG1NdDKL36bdOQqnS9m6e39asfD2L/BWn+6Up9RWQh43Bgq1d/z0ISX5CRJMR4Zv4eq7A9klEqNv9B1Ec7eLT/BYadrddmbfIfD3WwisuLhF5kpl9is2dqLMnwC4QN8cccb2O4g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) by PR3PR08MB5577.eurprd08.prod.outlook.com (2603:10a6:102:81::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.11; Wed, 20 Jan 2021 15:30:37 +0000 Received: from PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::700f:ddbe:a347:ee4f]) by PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::700f:ddbe:a347:ee4f%7]) with mapi id 15.20.3763.014; Wed, 20 Jan 2021 15:30:37 +0000 To: libc-alpha@sourceware.org Subject: [PATCH v5 2/7] elf: Avoid RELATIVE relocs in __tunables_init Date: Wed, 20 Jan 2021 15:30:31 +0000 Message-Id: <1dcd94e2f6a0bbec766a276d70e2000b9afbf215.1611155254.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [217.140.106.51] X-ClientProxiedBy: LO4P123CA0482.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1a8::19) To PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.51) by LO4P123CA0482.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1a8::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.12 via Frontend Transport; Wed, 20 Jan 2021 15:30:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2d184bec-a4a5-4eb3-4c7b-08d8bd585d83 X-MS-TrafficTypeDiagnostic: PR3PR08MB5577:|AM6PR08MB3511: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508;OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: F/mdD+fjhAb499TVUmZN7Z7WsiIodneUlWhbWt2xLWHGl32fqy1zl7dHuudLI+nIATwmYEG4iNbMuK+S177I3SPIeyd6wIP4XBkaSjdBlxNm0ci4CfzGSfNyDhR3kCFNFIjfUOErty7pZy8DOz0zq58pLLhLaA1fdA41EpfJlq0d9MOI8njlAIzBD6hYtdZC406Ijwp62bPTuxe+ii45GToUHnGwB1T7S+sZcO0ybJ6rMFUITOz0pthn5cXwRwqL17Cgua6DC+vcGOEqo6LfqLIMHvOVECrDb7QgPqdYweNiV1AZYFMBpcRZjVrSfQP6JBBCaq21ipJnApRFc3k49iU/oRc6Q/NIVKLyVg0sR7D03j9m0JxD1EY6u2NbSA2VTu+1PyCGnehkXAPaeXdw7Cq0KerdoCY9VnclJDptC/P9ViO1XA0OEQzfKllvKamBWP6SgOJDHHIL3S3w0ab9iw== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR08MB6320.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(376002)(396003)(39860400002)(366004)(66476007)(2906002)(316002)(52116002)(6666004)(186003)(16526019)(66556008)(83380400001)(36756003)(86362001)(6486002)(2616005)(478600001)(26005)(44832011)(8936002)(6512007)(6916009)(66946007)(69590400011)(956004)(8676002)(5660300002)(6506007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: aMElcFxZaUjMAXdS4dYcAWBJGVqDdAl2GzoJflGExU5mO+DlKQyViPYSA6StgluBSEW+hHbYXapPRxw0QP1N3MDcOh/p5sskdgpcHYb2yYIfY3Jq7Y9HcmHbPQ6Cuuw7kcFvXAj4svk5Npu8tjhNdOC9NImi70+ZQoFrbHl63qahi++iVniGKTDkRUC97GCdk0gg7Iyjhx6pjukCCguopiKFnzGn7x1JVW9+FE94BG1E03m7pmH3cUX7X90NS6GRKaJIxmWfcEJZBf8yMQwsMWBu2zfT4+hBJb7/uYMH83uVroXl1ho4ahS3ag+L3xj1Dc+Kv1NSUYmzZju0oKxpMvLDupxGgz1FDTfdOQWyi3kU0SMZWql+4Cg4OVzqQCNtN6vd1yrdVDL40c1qNd+PIyzMWniBPx7y4VG3sDQ2mY4bEKHZ5pd6Hz7RS+VaIkUFnzKqdtKBINrrl+UGTT6rBGpEyUT5iDEZbOkpKJpuYmy0o+asVAF4xPzjXKLjHaJg4IdVZ78YqnOIo28SO/AE1VttSNAR2M0bRr4XQc2s2cPiybK0c5LrG3oLq035xrtMIk2ZptIONTSsvB2Vanf8Z3J8srV9zy8le8/XBpw4F4BpcyN+VGP7duGEp6ZAkCk1PDV2Zcpd86fMdkcsuywLZgnLxZdnsmCDxzhF6x/Nl8Ep/9qKl/VQnwJTax57P1QbvWdeQdSxfoXGevEfHOsHHJlapPmNmo9EVDFJgQ7NrEXtp7/1ZP5BFTcx96mdXa26pgNcfdwAv8D3W/Y/tAIipOnj8DHbDTeJFdqaK1WIu6mG4CFiv1dHC5A2QGb+6UDHqhwff7Lqsy7V41MEByjVf0t9l+jI3yILKUKTBv0ScrpBYjqt2mDFOx+dKWJM6eGJdpjUYFldFiXkoNr883UWqO160p+j2YD1+xY815FbaPpE0Vozt1XqjKnRNYGlwBWfLXuqwrsQuDkQqi7B5pmop4TTW3akgYvJdHX/EmdFnf6KxWUP6KmebI3uI1/GRiQY X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5577 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT018.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 29f50e4f-c389-48d3-38e4-08d8bd58563e X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fAgmfBwawpEbEp8QW/gfgi0LqUgJMSzcDTLWacZ5tYxAz5yJFp/Y2f1qk0zXCI5+eb+ZSXjEW32zteCxmePXViHnwa92iJVAEIIQGafYQxJpCSPqfgFHh2K6oKoAH+CtZTAMJafntE5PsciZpRjI/t2FkoNwmv6GlR4UNQnkzt3C3pQ5MWUV929EMGN1VtNWmK8c7KTIBa8gFGt7AJvxfutG97GSP5JZuV6Ef4jqvYXDjv0YMZprmEelLYOeUemzHdKR44N96JUYnlE2kxr0FWHIDboYxQMgagqm/MWTT4UIqiIPhIfg09Aese+OhfDujXb4f1WebW/InKUXq2RBehIHgc0LZzlOwcYAR8fGCqRfFHKroE75SjXbVt3cqE5YIx+dHPyozNl7WQ0yaGst8kzTa5O1h2YRSkHF1TD1Or86OxCmg3zmBkq9elJDITZNwp+SVP2K0FSX3M5BUIvY34x3p0IAT4x5Hr2OiSLEOWdU0qic0ExsLpgDRPPC/WGv X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(136003)(39860400002)(376002)(396003)(46966006)(16526019)(956004)(8936002)(2906002)(70586007)(316002)(356005)(83380400001)(81166007)(2616005)(69590400011)(82310400003)(6486002)(6916009)(6512007)(336012)(82740400003)(86362001)(8676002)(36756003)(70206006)(186003)(5660300002)(26005)(478600001)(44832011)(47076005)(6666004)(6506007); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2021 15:30:49.5923 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2d184bec-a4a5-4eb3-4c7b-08d8bd585d83 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT018.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3511 X-Spam-Status: No, score=-14.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Szabolcs Nagy via Libc-alpha From: Szabolcs Nagy Reply-To: Szabolcs Nagy Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" With static pie linking pointers in the tunables list need RELATIVE relocs since the absolute address is not known at link time. We want to avoid relocations so the static pie self relocation can be done after tunables are initialized. This is a simple fix that embeds the tunable strings into the tunable list instead of using pointers. It is possible to have a more compact representation of tunables with some additional complexity in the generator and tunable parser logic. Such optimization will be useful if the list of tunables grows. There is still an issue that tunables_strdup allocates and the failure handling code path is sufficiently complex that it can easily have RELATIVE relocations. It is possible to avoid the early allocation and only change environment variables in a setuid exe after relocations are processed. But that is a bigger change and early failure is fatal anyway so it is not as critical to fix right away. This is bug 27181. Reviewed-by: Adhemerval Zanella --- elf/dl-tunable-types.h | 4 ++-- elf/dl-tunables.c | 2 +- scripts/gen-tunables.awk | 12 +++++++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/elf/dl-tunable-types.h b/elf/dl-tunable-types.h index 05d4958e1c..3fcc0806f5 100644 --- a/elf/dl-tunable-types.h +++ b/elf/dl-tunable-types.h @@ -59,7 +59,7 @@ typedef enum /* A tunable. */ struct _tunable { - const char *name; /* Internal name of the tunable. */ + const char name[TUNABLE_NAME_MAX]; /* Internal name of the tunable. */ tunable_type_t type; /* Data type of the tunable. */ tunable_val_t val; /* The value. */ bool initialized; /* Flag to indicate that the tunable is @@ -75,7 +75,7 @@ struct _tunable target module if the value is considered unsafe. */ /* Compatibility elements. */ - const char *env_alias; /* The compatibility environment + const char env_alias[TUNABLE_ALIAS_MAX]; /* The compatibility environment variable name. */ }; diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 33be00e447..e44476f204 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -351,7 +351,7 @@ __tunables_init (char **envp) /* Skip over tunables that have either been set already or should be skipped. */ - if (cur->initialized || cur->env_alias == NULL) + if (cur->initialized || cur->env_alias[0] == '\0') continue; const char *name = cur->env_alias; diff --git a/scripts/gen-tunables.awk b/scripts/gen-tunables.awk index cda12ef62e..fa63e86d1a 100644 --- a/scripts/gen-tunables.awk +++ b/scripts/gen-tunables.awk @@ -12,6 +12,8 @@ BEGIN { tunable="" ns="" top_ns="" + max_name_len=0 + max_alias_len=0 } # Skip over blank lines and comments. @@ -57,11 +59,14 @@ $1 == "}" { maxvals[top_ns,ns,tunable] = max_of[types[top_ns,ns,tunable]] } if (!env_alias[top_ns,ns,tunable]) { - env_alias[top_ns,ns,tunable] = "NULL" + env_alias[top_ns,ns,tunable] = "{0}" } if (!security_level[top_ns,ns,tunable]) { security_level[top_ns,ns,tunable] = "SXID_ERASE" } + len = length(top_ns"."ns"."tunable) + if (len > max_name_len) + max_name_len = len tunable = "" } @@ -109,6 +114,9 @@ $1 == "}" { } else if (attr == "env_alias") { env_alias[top_ns,ns,tunable] = sprintf("\"%s\"", val) + len = length(val) + if (len > max_alias_len) + max_alias_len = len } else if (attr == "security_level") { if (val == "SXID_ERASE" || val == "SXID_IGNORE" || val == "NONE") { @@ -158,6 +166,8 @@ END { print "\n#ifdef TUNABLES_INTERNAL" # Internal definitions. + print "# define TUNABLE_NAME_MAX " (max_name_len + 1) + print "# define TUNABLE_ALIAS_MAX " (max_alias_len + 1) print "# include \"dl-tunable-types.h\"" # Finally, the tunable list. print "static tunable_t tunable_list[] attribute_relro = {"