From patchwork Tue Jul 6 14:58:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 44174 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4657E388A826 for ; Tue, 6 Jul 2021 15:11:41 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4657E388A826 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1625584301; bh=Hn68e9QCzMfsuszC6kuLzDrxgtBrxOqTXwvCA8H/GQs=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=XsrhVZk37JPv/zYgGwV7S6pnTHSuWHxq7443/Wn9uwB0T139qYyMPjm15SzVMyRFH 7QF4UamdFJ9u99aSUztGp5Oe0wHKZWt0r5hASUym+zSlUqJ5pWF99o0t0fzWr0pTwL JThsPqksOZelPWxZ50KnKa4UeSmR+AEg7n1X1IyY= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by sourceware.org (Postfix) with ESMTPS id 390E13888C58 for ; Tue, 6 Jul 2021 14:58:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 390E13888C58 Received: by mail-pf1-x433.google.com with SMTP id y4so19676555pfi.9 for ; Tue, 06 Jul 2021 07:58:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Hn68e9QCzMfsuszC6kuLzDrxgtBrxOqTXwvCA8H/GQs=; b=Og5dHar0hdl0Aw6zMH6dZZf5ll1nAQ5ahlm84+V9/Yqxp/svNEjsMBl7m6QqkZku/s 6snnzmH6dCd8X2GQGwTTzckQM1wjbaamCAG35EX7BxyiM5eP5zpLDD1iVawh0IueZsQ4 w1crpeRcOjcP+k1ZsyV9ciqQaMv5Y7iJiCI83LhBXX87D/jj0QIv6GhlhypvYbOptLXm 8SFFLf7drxS2PLBSZJUWRP1LNZScLUDjM05Wa7dxHiGDBOCTdk12waNcy/6FCuK82Ved o5gsRJgVeDirwmB6yqLIMVkYC8SJsg9SWNxerau4dtC5lzvJ8Z/9sjeL1C5DvwRuNzf3 Nmlw== X-Gm-Message-State: AOAM533NfbXXgJfQcoAChd5B19rAwwpF/hDbmVHu7q0dcf5ubjgpfGXZ pzVoxjVanvufE98A3l2pOzy2xla71BEu7w== X-Google-Smtp-Source: ABdhPJy/RVtOoQFBGNFFCE4mjQN9r+O5fkdb7xzn1o8VBHkqGg0+ufihsBvZRUEvOYjZapuBPBX+Lw== X-Received: by 2002:a62:bd15:0:b029:31c:a584:5f97 with SMTP id a21-20020a62bd150000b029031ca5845f97mr14387272pff.33.1625583526051; Tue, 06 Jul 2021 07:58:46 -0700 (PDT) Received: from birita.. ([177.194.59.218]) by smtp.gmail.com with ESMTPSA id n23sm19018488pgv.76.2021.07.06.07.58.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jul 2021 07:58:45 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH v7 1/4] support: Add support_stack_alloc Date: Tue, 6 Jul 2021 11:58:36 -0300 Message-Id: <20210706145839.1658623-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210706145839.1658623-1-adhemerval.zanella@linaro.org> References: <20210706145839.1658623-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Adhemerval Zanella via Libc-alpha From: Adhemerval Zanella Reply-To: Adhemerval Zanella Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Changes from previous version: - Handle executable stacks. This is required on architecture where the PT_GNU_STACK is not fully supported (such as hppa). Ideally the function should use GL (dl_stack_flags) to check if the stack should be executable, however accessing the information would required a larger refactor on ldsodefs.h to provide the required prototypes for libsupport. --- The code to allocate a stack from xsigstack is refactored so it can be more generic. The new support_stack_alloc() also set PROT_EXEC if DEFAULT_STACK_PERMS has PF_X. This is required on some architectures (hppa for instance) and trying to access the rtld global from testsuite will require more intrusive refactoring in the ldsodefs.h header. Checked on x86_64-linux-gnu and i686-linux-gnu. I also ran tst-xsigstack on both hppa and ia64. --- support/Makefile | 1 + support/support.h | 19 +++++++++ support/support_stack_alloc.c | 79 +++++++++++++++++++++++++++++++++++ support/xsigstack.c | 43 +++---------------- 4 files changed, 104 insertions(+), 38 deletions(-) create mode 100644 support/support_stack_alloc.c diff --git a/support/Makefile b/support/Makefile index 5c69f0de4b..a462781718 100644 --- a/support/Makefile +++ b/support/Makefile @@ -39,6 +39,7 @@ libsupport-routines = \ resolv_response_context_free \ resolv_test \ set_fortify_handler \ + support_stack_alloc \ support-xfstat \ support-xfstat-time64 \ support-xstat \ diff --git a/support/support.h b/support/support.h index 9ec8ecb8d7..dbd270c78d 100644 --- a/support/support.h +++ b/support/support.h @@ -164,6 +164,25 @@ timer_t support_create_timer (uint64_t sec, long int nsec, bool repeat, /* Disable the timer TIMER. */ void support_delete_timer (timer_t timer); +struct support_stack +{ + void *stack; + size_t size; + size_t guardsize; +}; + +/* Allocate stack suitable to used with xclone or sigaltstack call. The stack + will have a minimum size of SIZE + MINSIGSTKSZ bytes, rounded up to a whole + number of pages. There will be a large (at least 1 MiB) inaccessible guard + bands on either side of it. + The returned value on ALLOC_BASE and ALLOC_SIZE will be the usable stack + region, excluding the GUARD_SIZE allocated area. + It also terminates the process on error. */ +struct support_stack support_stack_alloc (size_t size); + +/* Deallocate the STACK. */ +void support_stack_free (struct support_stack *stack); + __END_DECLS #endif /* SUPPORT_H */ diff --git a/support/support_stack_alloc.c b/support/support_stack_alloc.c new file mode 100644 index 0000000000..db0d522f2f --- /dev/null +++ b/support/support_stack_alloc.c @@ -0,0 +1,79 @@ +/* Allocate a stack suitable to be used with xclone or xsigaltstack. + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include /* roundup, MAX */ + +#ifndef MAP_NORESERVE +# define MAP_NORESERVE 0 +#endif +#ifndef MAP_STACK +# define MAP_STACK 0 +#endif + +struct support_stack +support_stack_alloc (size_t size) +{ + size_t pagesize = sysconf (_SC_PAGESIZE); + if (pagesize == -1) + FAIL_EXIT1 ("sysconf (_SC_PAGESIZE): %m\n"); + + /* Always supply at least MINSIGSTKSZ space; passing 0 as size means + only that much space. No matter what the number is, round it up + to a whole number of pages. */ + size_t stacksize = roundup (size + MINSIGSTKSZ, pagesize); + + /* The guard bands need to be large enough to intercept offset + accesses from a stack address that might otherwise hit another + mapping. Make them at least twice as big as the stack itself, to + defend against an offset by the entire size of a large + stack-allocated array. The minimum is 1MiB, which is arbitrarily + chosen to be larger than any "typical" wild pointer offset. + Again, no matter what the number is, round it up to a whole + number of pages. */ + size_t guardsize = roundup (MAX (2 * stacksize, 1024 * 1024), pagesize); + size_t alloc_size = guardsize + stacksize + guardsize; + /* Use MAP_NORESERVE so that RAM will not be wasted on the guard + bands; touch all the pages of the actual stack before returning, + so we know they are allocated. */ + void *alloc_base = xmmap (0, + alloc_size, + PROT_NONE, + MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_STACK, + -1); + /* PF_X can be overridden if PT_GNU_STACK is present. */ + int prot = PROT_READ | PROT_WRITE + | (DEFAULT_STACK_PERMS & PF_X ? PROT_EXEC : 0); + xmprotect (alloc_base + guardsize, stacksize, prot); + memset (alloc_base + guardsize, 0xA5, stacksize); + return (struct support_stack) { alloc_base + guardsize, stacksize, guardsize }; +} + +void +support_stack_free (struct support_stack *stack) +{ + void *alloc_base = (void *)((uintptr_t) stack->stack - stack->guardsize); + size_t alloc_size = stack->size + 2 * stack->guardsize; + xmunmap (alloc_base, alloc_size); +} diff --git a/support/xsigstack.c b/support/xsigstack.c index a2f0e3269a..a471c853cb 100644 --- a/support/xsigstack.c +++ b/support/xsigstack.c @@ -37,8 +37,7 @@ structures. */ struct sigstack_desc { - void *alloc_base; /* Base address of the complete allocation. */ - size_t alloc_size; /* Size of the complete allocation. */ + struct support_stack stack; stack_t alt_stack; /* The address and size of the stack itself. */ stack_t old_stack; /* The previous signal stack. */ }; @@ -46,43 +45,11 @@ struct sigstack_desc void * xalloc_sigstack (size_t size) { - size_t pagesize = sysconf (_SC_PAGESIZE); - if (pagesize == -1) - FAIL_EXIT1 ("sysconf (_SC_PAGESIZE): %m\n"); - - /* Always supply at least MINSIGSTKSZ space; passing 0 as size means - only that much space. No matter what the number is, round it up - to a whole number of pages. */ - size_t stacksize = roundup (size + MINSIGSTKSZ, pagesize); - - /* The guard bands need to be large enough to intercept offset - accesses from a stack address that might otherwise hit another - mapping. Make them at least twice as big as the stack itself, to - defend against an offset by the entire size of a large - stack-allocated array. The minimum is 1MiB, which is arbitrarily - chosen to be larger than any "typical" wild pointer offset. - Again, no matter what the number is, round it up to a whole - number of pages. */ - size_t guardsize = roundup (MAX (2 * stacksize, 1024 * 1024), pagesize); - struct sigstack_desc *desc = xmalloc (sizeof (struct sigstack_desc)); - desc->alloc_size = guardsize + stacksize + guardsize; - /* Use MAP_NORESERVE so that RAM will not be wasted on the guard - bands; touch all the pages of the actual stack before returning, - so we know they are allocated. */ - desc->alloc_base = xmmap (0, - desc->alloc_size, - PROT_READ|PROT_WRITE, - MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_STACK, - -1); - - xmprotect (desc->alloc_base, guardsize, PROT_NONE); - xmprotect (desc->alloc_base + guardsize + stacksize, guardsize, PROT_NONE); - memset (desc->alloc_base + guardsize, 0xA5, stacksize); - - desc->alt_stack.ss_sp = desc->alloc_base + guardsize; + desc->stack = support_stack_alloc (size); + desc->alt_stack.ss_sp = desc->stack.stack; desc->alt_stack.ss_flags = 0; - desc->alt_stack.ss_size = stacksize; + desc->alt_stack.ss_size = desc->stack.size; if (sigaltstack (&desc->alt_stack, &desc->old_stack)) FAIL_EXIT1 ("sigaltstack (new stack: sp=%p, size=%zu, flags=%u): %m\n", @@ -101,7 +68,7 @@ xfree_sigstack (void *stack) FAIL_EXIT1 ("sigaltstack (restore old stack: sp=%p, size=%zu, flags=%u): " "%m\n", desc->old_stack.ss_sp, desc->old_stack.ss_size, desc->old_stack.ss_flags); - xmunmap (desc->alloc_base, desc->alloc_size); + support_stack_free (&desc->stack); free (desc); }