From patchwork Thu Apr 28 14:15:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Liebler X-Patchwork-Id: 53319 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0AE503856DE2 for ; Thu, 28 Apr 2022 14:16:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0AE503856DE2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1651155361; bh=SKW8e0GxTEVlWyfXt7LCMEFaewskMSSZhib7nPHj9K8=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=w/bgUW6/WQ3SHNDeKF5tLpjlR1EW9hc5dxaczcfNmGIRBGZIf+TBOQbB7IVTkCp6u kciT+5KX3C+LhXtGFmpSdo0B8Xt/BsN5kmKEBFktocnOTKSRYiAu+49oMnVa2tyfpK qaUzoLefYyt2aQlHa/nVWqwS5UiLVY5RZiVCM+C0= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by sourceware.org (Postfix) with ESMTPS id 29D593857346 for ; Thu, 28 Apr 2022 14:15:38 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 29D593857346 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 23SDtl6v031941 for ; Thu, 28 Apr 2022 14:15:37 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3fqtqv3201-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 Apr 2022 14:15:37 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 23SE8kOP003615 for ; Thu, 28 Apr 2022 14:15:35 GMT Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by ppma01fra.de.ibm.com with ESMTP id 3fm938x1b9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 Apr 2022 14:15:35 +0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 23SEFWUq7864672 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 28 Apr 2022 14:15:32 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D56E04C046; Thu, 28 Apr 2022 14:15:32 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AFA5F4C040; Thu, 28 Apr 2022 14:15:32 +0000 (GMT) Received: from t3560005.lnxne.boe (unknown [9.152.108.100]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 28 Apr 2022 14:15:32 +0000 (GMT) To: libc-alpha@sourceware.org Subject: [PATCH] S390: Enable static PIE Date: Thu, 28 Apr 2022 16:15:30 +0200 Message-Id: <20220428141530.567838-1-stli@linux.ibm.com> X-Mailer: git-send-email 2.33.1 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: NKrMwj9sAt88vmFKnwCbHukwTLqw3WtW X-Proofpoint-ORIG-GUID: NKrMwj9sAt88vmFKnwCbHukwTLqw3WtW X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-28_01,2022-04-28_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 spamscore=0 clxscore=1015 mlxscore=0 suspectscore=0 mlxlogscore=999 phishscore=0 malwarescore=0 adultscore=0 impostorscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2204280086 X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_EF, GIT_PATCH_0, KAM_LOTSOFHASH, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Stefan Liebler via Libc-alpha From: Stefan Liebler Reply-To: Stefan Liebler Cc: Stefan Liebler Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" This commit enables static PIE on 64bit. On 31bit, static PIE is not supported. A new configure check in sysdeps/s390/s390-64/configure.ac also performs a minimal test for requirements in ld: Ensure you also have those patches for: - binutils (ld) - "[PR ld/22263] s390: Avoid dynamic TLS relocs in PIE" https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=26b1426577b5dcb32d149c64cca3e603b81948a9 (Tested by configure check above) Otherwise there will be a R_390_TLS_TPOFF relocation, which fails to be processed in _dl_relocate_static_pie() as static TLS map is not setup. - "s390: Add DT_JMPREL pointing to .rela.[i]plt with static-pie" https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d942d8db12adf4c9e5c7d9ed6496a779ece7149e (We can't test it in configure as we are not able to link a static PIE executable if the system glibc lacks static PIE support) Otherwise there won't be DT_JMPREL, DT_PLTRELA, DT_PLTRELASZ entries and the IFUNC symbols are not processed, which leads to crashes. - kernel (the mentioned links to the commits belong to 5.19 merge window): - "s390/mmap: increase stack/mmap gap to 128MB" https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=features&id=f2f47d0ef72c30622e62471903ea19446ea79ee2 - "s390/vdso: move vdso mapping to its own function" https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=features&id=57761da4dc5cd60bed2c81ba0edb7495c3c740b8 - "s390/vdso: map vdso above stack" https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=features&id=9e37a2e8546f9e48ea76c839116fa5174d14e033 - "s390/vdso: add vdso randomization" https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=features&id=41cd81abafdc4e58a93fcb677712a76885e3ca25 (We can't test the kernel of the target system) Otherwise if /proc/sys/kernel/randomize_va_space is turned off (0), static PIE executables like ldconfig will crash. While startup sbrk is used to enlarge the HEAP. Unfortunately the underlying brk syscall fails as there is not enough space after the HEAP. Then the address of the TLS image is invalid and the following memcpy in __libc_setup_tls() leads to a segfault. If /proc/sys/kernel/randomize_va_space is activated (default: 2), there is enough space after HEAP. This commit also adjusts startup code in start.S to be ready for static PIE. We have to add a wrapper function for main as we are not allowed to use GOT relocations before __libc_start_main is called. (Compare also to: - commit 14d886edbd3d80b771e1c42fbd9217f9074de9c6 "aarch64: fix start code for static pie" - commit 3d1d79283e6de4f7c434cb67fb53a4fd28359669 "aarch64: fix static pie enabled libc when main is in a shared library" ) --- sysdeps/s390/s390-64/configure | 104 ++++++++++++++++++++++++++++++ sysdeps/s390/s390-64/configure.ac | 74 +++++++++++++++++++++ sysdeps/s390/s390-64/start.S | 28 ++++++++ 3 files changed, 206 insertions(+) create mode 100644 sysdeps/s390/s390-64/configure create mode 100644 sysdeps/s390/s390-64/configure.ac diff --git a/sysdeps/s390/s390-64/configure b/sysdeps/s390/s390-64/configure new file mode 100644 index 0000000000..1235523721 --- /dev/null +++ b/sysdeps/s390/s390-64/configure @@ -0,0 +1,104 @@ +# This file is generated from configure.ac by Autoconf. DO NOT EDIT! + # Local configure fragment for sysdeps/s390/s390-64. + +# Minimal checking for static PIE support in ld. +# Compare to ld testcase/bugzilla: +# /ld/testsuite/ld-elf/pr22263-1.rd +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for s390-specific static PIE requirements" >&5 +$as_echo_n "checking for s390-specific static PIE requirements... " >&6; } +if { as_var=\ +libc_cv_s390x_staticpie_req; eval \${$as_var+:} false; }; then : + $as_echo_n "(cached) " >&6 +else + cat > conftest1.c < conftest2.c <&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } \ + && { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -fPIE -c conftest2.c -o conftest2.o' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } \ + && { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -pie -o conftest conftest1.o conftest2.o' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } \ + && { ac_try='! readelf -Wr conftest | grep R_390_TLS_TPOFF' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } + then + libc_cv_s390x_staticpie_req=yes + fi + rm -rf conftest.* +fi +eval ac_res=\$\ +libc_cv_s390x_staticpie_req + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if test $libc_cv_s390x_staticpie_req = yes; then + # Static PIE is supported only on 64bit. + # Ensure you also have those patches for: + # - binutils (ld) + # - "[PR ld/22263] s390: Avoid dynamic TLS relocs in PIE" + # https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=26b1426577b5dcb32d149c64cca3e603b81948a9 + # (Tested by configure check above) + # Otherwise there will be a R_390_TLS_TPOFF relocation, which fails to + # be processed in _dl_relocate_static_pie() as static TLS map is not setup. + # - "s390: Add DT_JMPREL pointing to .rela.[i]plt with static-pie" + # https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d942d8db12adf4c9e5c7d9ed6496a779ece7149e + # (We can't test it in configure as we are not able to link a static PIE + # executable if the system glibc lacks static PIE support) + # Otherwise there won't be DT_JMPREL, DT_PLTRELA, DT_PLTRELASZ entries + # and the IFUNC symbols are not processed, which leads to crashes. + # + # - kernel (the mentioned links to the commits belong to 5.19 merge window): + # - "s390/mmap: increase stack/mmap gap to 128MB" + # https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=features&id=f2f47d0ef72c30622e62471903ea19446ea79ee2 + # - "s390/vdso: move vdso mapping to its own function" + # https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=features&id=57761da4dc5cd60bed2c81ba0edb7495c3c740b8 + # - "s390/vdso: map vdso above stack" + # https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=features&id=9e37a2e8546f9e48ea76c839116fa5174d14e033 + # - "s390/vdso: add vdso randomization" + # https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=features&id=41cd81abafdc4e58a93fcb677712a76885e3ca25 + # (We can't test the kernel of the target system) + # Otherwise if /proc/sys/kernel/randomize_va_space is turned off (0), + # static PIE executables like ldconfig will crash. While startup sbrk is + # used to enlarge the HEAP. Unfortunately the underlying brk syscall fails + # as there is not enough space after the HEAP. Then the address of the TLS + # image is invalid and the following memcpy in __libc_setup_tls() leads + # to a segfault. + # If /proc/sys/kernel/randomize_va_space is activated (default: 2), there + # is enough space after HEAP. + $as_echo "#define SUPPORT_STATIC_PIE 1" >>confdefs.h + +fi diff --git a/sysdeps/s390/s390-64/configure.ac b/sysdeps/s390/s390-64/configure.ac new file mode 100644 index 0000000000..9f6da565f9 --- /dev/null +++ b/sysdeps/s390/s390-64/configure.ac @@ -0,0 +1,74 @@ +GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory. +# Local configure fragment for sysdeps/s390/s390-64. + +# Minimal checking for static PIE support in ld. +# Compare to ld testcase/bugzilla: +# /ld/testsuite/ld-elf/pr22263-1.rd +AC_CACHE_CHECK([for s390-specific static PIE requirements], \ +[libc_cv_s390x_staticpie_req], [dnl + cat > conftest1.c < conftest2.c < Scrt1.o */ larl %r2,main@GOTENT # load pointer to main lg %r2,0(%r2) +# else + /* Used for dynamic linked position dependent executable. + => crt1.o (glibc configured without --disable-default-pie: + PIC is defined) + Or for static linked position independent executable. + => rcrt1.o (only available if glibc configured without + --disable-default-pie: PIC is defined) */ + larl %r2,__wrap_main +# endif brasl %r14,__libc_start_main@plt #else + /* Used for dynamic/static linked position dependent executable. + => crt1.o (glibc configured with --disable-default-pie: + PIC and SHARED are not defined) */ larl %r2,main # load pointer to main brasl %r14,__libc_start_main #endif @@ -97,6 +112,19 @@ _start: cfi_endproc +#if defined PIC && !defined SHARED + /* When main is not defined in the executable but in a shared library + then a wrapper is needed in crt1.o of the static-pie enabled libc, + because crt1.o and rcrt1.o share code and the later must avoid the + use of GOT relocations before __libc_start_main is called. */ +__wrap_main: + cfi_startproc + larl %r1,main@GOTENT # load pointer to main + lg %r1,0(%r1) + br %r1 + cfi_endproc +#endif + /* Define a symbol for the first piece of initialized data. */ .data .globl __data_start