From patchwork Thu Oct 7 19:56:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 45965 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 79D383857C65 for ; Thu, 7 Oct 2021 19:57:05 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 79D383857C65 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1633636625; bh=j15HLpt06tdKj4J6pdFKfArXp88RF3xhDzfndPUxHsI=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=RYj8kQ0uavaPH2MPJsE8YELWnq3NQquHytixzlAGQQT3u+4DCqYhQHsfoznrVDAsb d1xRZjJ08Yn89iY29SDeWLwIOIwnOoD02gfXghjhZ4ee0vOCdZpTf01XzDtQLbfla8 MyDTSvYU+gYm3uUEISlwnjyU/Z6M8gjc8pgxT0YA= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) by sourceware.org (Postfix) with ESMTPS id BBA72385840C for ; Thu, 7 Oct 2021 19:56:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BBA72385840C Received: by mail-pg1-x536.google.com with SMTP id 75so839928pga.3 for ; Thu, 07 Oct 2021 12:56:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=j15HLpt06tdKj4J6pdFKfArXp88RF3xhDzfndPUxHsI=; b=rZF55Jxa3movuzggBeCi/UO4fdlgpZxyBsqlzSudD7pGCHfkxggoSauVPry7Uav0uP M59acApZ5i4kP6raoHhzY9BPp8IMFvmnkHCrF7XqCS5h1U2DKdqzwxnrRWt42WMcJx0D kHGfLe6geosa99ZmxMh08tL09m1p/BDk9XanzZJpB1bvrJsbXJnF0uu+LFcFoGFoPqHt jxpsK4X8ptn00Lure7U8f7ZQweEFF+ssWOZlcgLPApKIVTnJs+vXBIbm0//3Jf4ozbCX WyvNb21rln+jy3IL6YKMh1eanovWSaqldkvoHwZW1eWKy+374Zby3uKg7ykI2w9HBM1Y Mzrw== X-Gm-Message-State: AOAM532nZYqQe/HJFep+y3S9kW2XFXBcBbb3jbeBc8T+czj7va1qGhdI fRla5yDjEqnksszDWVG2Z36K9XWozR4= X-Google-Smtp-Source: ABdhPJzGmvQft9wnmJN6678x3erAkH2JkqvtDBeJgaNFiDPUSE+RFfL7/blrNwbVPZNGyMDKvNz77w== X-Received: by 2002:a63:1665:: with SMTP id 37mr1219726pgw.261.1633636603504; Thu, 07 Oct 2021 12:56:43 -0700 (PDT) Received: from gnu-cfl-2.localdomain ([172.58.39.6]) by smtp.gmail.com with ESMTPSA id d2sm8774045pjg.35.2021.10.07.12.56.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Oct 2021 12:56:43 -0700 (PDT) Received: from gnu-cfl-2.. (localhost [IPv6:::1]) by gnu-cfl-2.localdomain (Postfix) with ESMTP id 1458AC02C6 for ; Thu, 7 Oct 2021 12:56:42 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH] ld.so: Check protected symbols Date: Thu, 7 Oct 2021 12:56:42 -0700 Message-Id: <20211007195642.433693-1-hjl.tools@gmail.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-Spam-Status: No, score=-3032.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: "H.J. Lu via Libc-alpha" From: "H.J. Lu" Reply-To: "H.J. Lu" Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Add LD_DEBUG=protected to check copy relocations against protected data and non-canonical reference to protected function. --- elf/rtld.c | 2 ++ sysdeps/generic/dl-protected.h | 24 +++++++++++++++++------ sysdeps/generic/ldsodefs.h | 1 + sysdeps/x86/Makefile | 13 +++++++++++++ sysdeps/x86/tst-protected3.c | 34 +++++++++++++++++++++++++++++++++ sysdeps/x86/tst-protected3mod.c | 25 ++++++++++++++++++++++++ 6 files changed, 93 insertions(+), 6 deletions(-) create mode 100644 sysdeps/x86/tst-protected3.c create mode 100644 sysdeps/x86/tst-protected3mod.c diff --git a/elf/rtld.c b/elf/rtld.c index 5eee9e1091..9d7d7533a9 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2560,6 +2560,8 @@ process_dl_debug (struct dl_main_state *state, const char *dl_debug) DL_DEBUG_STATISTICS }, { LEN_AND_STR ("unused"), "determined unused DSOs", DL_DEBUG_UNUSED }, + { LEN_AND_STR ("protected"), "check protected symbols", + DL_DEBUG_PROTECTED }, { LEN_AND_STR ("help"), "display this help message and exit", DL_DEBUG_HELP }, }; diff --git a/sysdeps/generic/dl-protected.h b/sysdeps/generic/dl-protected.h index 244d020dc4..c6cf46e434 100644 --- a/sysdeps/generic/dl-protected.h +++ b/sysdeps/generic/dl-protected.h @@ -26,17 +26,18 @@ _dl_check_protected_symbol (const char *undef_name, const struct link_map *map, int type_class) { - if (undef_map != NULL - && undef_map->l_type == lt_executable - && !(undef_map->l_1_needed - & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS) + if (undef_map == NULL || undef_map->l_type != lt_executable) + return; + + if (!(undef_map->l_1_needed + & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS) && (map->l_1_needed & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS)) { if ((type_class & ELF_RTYPE_CLASS_COPY)) /* Disallow copy relocations in executable against protected - data symbols in a shared object which needs indirect external - access. */ + data symbols in a shared object which needs indirect + external access. */ _dl_signal_error (0, map->l_name, undef_name, N_("copy relocation against non-copyable protected symbol")); else if (ref->st_value != 0 @@ -49,6 +50,17 @@ _dl_check_protected_symbol (const char *undef_name, _dl_signal_error (0, map->l_name, undef_name, N_("non-canonical reference to canonical protected function")); } + else if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_PROTECTED)) + { + if ((type_class & ELF_RTYPE_CLASS_COPY)) + _dl_debug_printf ("%s: copy relocation against protected symbol `%s' in %s\n", + RTLD_PROGNAME, undef_name, map->l_name); + else if (ref->st_value != 0 + && ref->st_shndx == SHN_UNDEF + && (type_class & ELF_RTYPE_CLASS_PLT)) + _dl_debug_printf ("%s: non-canonical reference to protected function `%s' in %s\n", + RTLD_PROGNAME, undef_name, map->l_name); + } } #endif /* _DL_PROTECTED_H */ diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 9ec1511bb0..89ad7b5099 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -545,6 +545,7 @@ struct rtld_global_ro /* These two are used only internally. */ #define DL_DEBUG_HELP (1 << 10) #define DL_DEBUG_PRELINK (1 << 11) +#define DL_DEBUG_PROTECTED (1 << 12) /* OS version. */ EXTERN unsigned int _dl_osversion; diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile index 402986ff68..f4f3a0fc73 100644 --- a/sysdeps/x86/Makefile +++ b/sysdeps/x86/Makefile @@ -68,6 +68,19 @@ ifneq ($(have-tunables),no) tst-ifunc-isa-2-ENV = GLIBC_TUNABLES=glibc.cpu.hwcaps=-SSE4_2,-AVX,-AVX2,-AVX512F tst-ifunc-isa-2-static-ENV = $(tst-ifunc-isa-2-ENV) endif + +ifeq (yes,$(build-shared)) +tests += tst-protected3 +modules-names += tst-protected3mod + +$(objpfx)tst-protected3: $(objpfx)tst-protected3mod.so + +tst-protected3-ENV = LD_DEBUG=protected LD_DEBUG_OUTPUT=$(objpfx)tst-protected3.debug.out + +ifeq (yes,$(have-fno-direct-extern-access)) +CFLAGS-tst-protected3.c += -fdirect-extern-access +endif +endif endif ifeq ($(subdir),math) diff --git a/sysdeps/x86/tst-protected3.c b/sysdeps/x86/tst-protected3.c new file mode 100644 index 0000000000..87d3cd2a45 --- /dev/null +++ b/sysdeps/x86/tst-protected3.c @@ -0,0 +1,34 @@ +/* Test warnings on protected function and data symbols. + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include + +extern int protected_data; +extern int protected_func (void) __attribute__((weak)); + +static int +do_test (void) +{ + TEST_COMPARE (protected_data, 30); + TEST_VERIFY_EXIT (protected_func != NULL); + protected_func (); + return 0; +} + +#include diff --git a/sysdeps/x86/tst-protected3mod.c b/sysdeps/x86/tst-protected3mod.c new file mode 100644 index 0000000000..b9588e9015 --- /dev/null +++ b/sysdeps/x86/tst-protected3mod.c @@ -0,0 +1,25 @@ +/* Test warnings on protected function and data symbols. + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int protected_data __attribute__ ((visibility("protected"))) = 30; + +__attribute__ ((visibility("protected"))) +void +protected_func (void) +{ +}