From patchwork Tue Jan 12 17:22:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 41700 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 670C83896C39; Tue, 12 Jan 2021 17:23:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 670C83896C39 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1610472181; bh=zFJix3JNi7JO3EWdkKyie+NxKGO3KHvB85rTSiy3cLE=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=J40WKSGLfLVTHpGlh+VRIjCM+Q++HittKnCM3ZToolGoxLeBdgIxDSOxGD+dBWKIK gLnpKnEag5pXlz5S4yDfAVvvXuDZncMS4wLBZ+BOpSi3CG20+oiA5i3c03DeT1rANY lDFttLErVO0Xj0LXpJTwKNwnUB2zAAWSAL4l2QNc= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60043.outbound.protection.outlook.com [40.107.6.43]) by sourceware.org (Postfix) with ESMTPS id 4888F3896C36 for ; Tue, 12 Jan 2021 17:22:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 4888F3896C36 Received: from AM5PR0301CA0025.eurprd03.prod.outlook.com (2603:10a6:206:14::38) by AM5PR0801MB1988.eurprd08.prod.outlook.com (2603:10a6:203:48::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.9; Tue, 12 Jan 2021 17:22:56 +0000 Received: from AM5EUR03FT041.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:14:cafe::7a) by AM5PR0301CA0025.outlook.office365.com (2603:10a6:206:14::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Tue, 12 Jan 2021 17:22:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;sourceware.org; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT041.mail.protection.outlook.com (10.152.17.186) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Tue, 12 Jan 2021 17:22:55 +0000 Received: ("Tessian outbound e989e14f9207:v71"); Tue, 12 Jan 2021 17:22:55 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: c7255f6e068ce82b X-CR-MTA-TID: 64aa7808 Received: from 43a56d4301fd.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 2BEA5AFA-EE0D-4207-B827-40D3A6A2E29D.1; Tue, 12 Jan 2021 17:22:49 +0000 Received: from EUR01-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 43a56d4301fd.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 12 Jan 2021 17:22:49 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mS6L2iHn2Syy/I+IN/lr01/sAvwDjObVXpCUuOvJiHQg0WXf1yCRWglRDv3NcVhr2PrCkvggsJsKcJJH0dsDuLWmq/UOkth6rg9V077wFAxrpP3GUJnVaOAUaLk6ErgNJgfqqd2T66LEfjaUj9a2V3Fpg4EPdR3mjUsRG0j0sUlCgTntdWZ4Qr/gy4S4+GZpDQWbBVsB6xZdMJ7kIv0lMbSrQzIJD/M3TYpoDjnR/4sMzvc+Gw5V0geHTA+GM3JjuxrB56y41XxxkJY67h6V+C4anwRhvkBpSbtU4bD3K0KUN8DvnrILQIgOlTuGL2pe8yoaVj7zeKqafTFNSTl/wQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zFJix3JNi7JO3EWdkKyie+NxKGO3KHvB85rTSiy3cLE=; b=ilqVY6vp6mz6q+XkKCiGK6rWbNghsOO7zD8bUpCfPseT9iiW0ptJgsi3JR4cKfLEDFq2r9FRuZKfB6oHOtgraG4iYJ16bGod3LQNjilvCF2Bwv0f/FsUYGcq1P1bqpIk4ztO268y9McAMwsbH7BvSwQXhDFjL7tGF38xJH3xMGMhj99NsXDi7nmlLAYl6LhNL2kPy68v3s7tKAwY/lpHNeb5n18hqQFAlI6tAnX4oqFr4edWxlYT7dFav5qiDnwpFIItdmBaYf8icQKy1FYXjf6Vv3J2dOGAA8NAteFtVgfBviChOexBwgpjOuUjtp7jakwo8AsLTLb4MUfLkgMz2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) by PR3PR08MB5753.eurprd08.prod.outlook.com (2603:10a6:102:87::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6; Tue, 12 Jan 2021 17:22:48 +0000 Received: from PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::700f:ddbe:a347:ee4f]) by PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::700f:ddbe:a347:ee4f%6]) with mapi id 15.20.3742.012; Tue, 12 Jan 2021 17:22:48 +0000 To: libc-alpha@sourceware.org Subject: [PATCH v3 4/5] elf: Avoid RELATIVE relocs in __tunables_init Date: Tue, 12 Jan 2021 17:22:42 +0000 Message-Id: <387267b5cd50f268056db8c89e68fac800959c15.1610471272.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [217.140.106.50] X-ClientProxiedBy: LO3P123CA0011.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:ba::16) To PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.50) by LO3P123CA0011.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:ba::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.9 via Frontend Transport; Tue, 12 Jan 2021 17:22:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: bc76a3df-4a85-4fc7-158b-08d8b71eb335 X-MS-TrafficTypeDiagnostic: PR3PR08MB5753:|AM5PR0801MB1988: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508;OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: A3ipyKy0yBrpSOO8KmN3grfISkLPS9ZiEiN2/Mh7tGjUrxgzjVMBsdSoKfclrUtme6K0PLAjzdmDBW93ZMxJAcwdRh03SFJjRiY3Lsn6wnLvJAhIogZ4BLSkgKRrVIMy8NwZY5gLyOQhS54pt351Td9cC05bgMaz0lNOpFcQnxoeHRJJ/nE1o49UE9C0HGWTveWtl7ujdQSxIUAlUErMpMSnu2HTpTV4p4dwKpmZdcO4YdQ98YEGap38P9Xa903nPCtvUrbOOSp55ZwZUWkFG1WcltqLWvZ+rJJYB7/O4T0bWvFNVbnRJf96cDrF/qECaaSex/ndEAAzNkG5nikNWOcRRP4Oc77j/bTLmUyg+rPR3z13fgRhrvNjDVAmIxYOvQJjDA3mBKwNXa7utEoM2RzLDU+66TRdXicAp/BSLYoHdmrkFg2A92Hh5jweg2H/Mhd/IgWJQ+1JKEwY8/vNyg== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR08MB6320.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(136003)(39850400004)(346002)(366004)(396003)(16526019)(26005)(6916009)(86362001)(6506007)(956004)(36756003)(83380400001)(69590400011)(478600001)(2906002)(8936002)(186003)(66476007)(6512007)(2616005)(6486002)(316002)(5660300002)(66946007)(44832011)(6666004)(66556008)(52116002)(8676002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: d99Og5MK5knskdHrw7XukGrry1dAc9a0cHEn+QUA61yJ65mgL1wS0muYiMQMhowGIHU+H0IBQDZJ4xNILm0nBCkz93i6QqweWNSVB+h3n5IBAlvJtDJrydONIgyZA533Yfoxcjdptb0qZHcVQB9JvFAPq2aMvaRaS/s4DC57BxgrNTGOL99iEBkFrrxKaFQyZeYTz3EvaSR6+OoMydq3xPbs6s9BGYEyXYKW4aPG2SYMcfBwHfdFg1DQwhA8xnK3UkwPtoV9I7ugd5DIN5uchJDcZtHMHfV8Hu3+J8Pm9JFkODcYvp6Xif3MCYSeUA2ZRAcoRykW6YAkp1UhHOn0p2U5+Yh4HzAxvOSxC9fvlbfwXPo+rz+4dhQ5M9kzL2KDfeJ5icSSMQOFq3sQYw9w5OhjpeCj+Mzg8RbrxhEX/3pWGTZtPjysjTQIk2jDrH5ynw57dIwCpMSWjjPhnhdCmjuamI+DMb3GxwqHXEYaTY+h4iQqBXVSVeCMbNH0GuArjGC/HZ74MogT6UAN+z1zikCKlWf5q+Kr0Rs7niBGokfK8w7bWN9ji4mQo2WEiCfQh8HcBqBZskxU/wNm/Jb5sjZNR0KP0v8gffEPT2pchy9PMl8hKxVX54dyu/XOCANrab3Tgzrnn+PQk0GDqxs+u+I497B2YTFhmcF6PZE2d6Ou3JuQ5eH1xSIDiac0u/8IV2Ojtlg0thiC0bnlE+PqXgHgMR9gJ5iVql7nRZeKh+Dp5THRmSALYuisQhqndQbnQuZeb4cTp2cUckhvgyr6MHh4oznzJRf4NCTGYPMoOwUg2U1FpbPQYE2V0XQABOoO8lDKcSJEy80ue6dvF/VAbhookm16DbpGm3NwJ7IVA32Be9oDoxu2Jma8JB47v0QZ4rBRHWVquVv/I6C+mcDfY0m1zbY/hBiiJhHTS1DyJdIfa+9xJ7/kVEBlvFbW3fSySyM6BLAnLgMnl1oBUkpJe78d54Ai/RjBL+OAXyaHVA6drUOmqXUolizie60L/Zoa X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5753 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT041.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: a09b77f8-6937-4d28-0636-08d8b71eaef6 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wm2JQNl9mbiluNNVfKjXIekShY4TZlIEtqPbWeNpXpntrJvejqBRM3Gr3zgrpFBKScZ8A7JpZQNOqR3osdwZ750D5zeZ37Lm1jFiz/NwvU3NKs5ZEA78F/EOec8KtZm9AgLo92RnWc9FKPbzlXY/5d+8sMRRJC5B5jtnZu9N05dBieYDux6aRTmRAYbDfRrTsznmmk/k2fhUCf36LhEKY4RJHRLsLsC1IzGdxvnO3EyW9j1XtpVfQszt+U5s13YU2/bd+U7+1C/VOQ1H8zwXna7rTOZAUnr1V/kqEghy0xheYDlZ+pLtcpiGMb+Br6PuGVfomKQwKe6M2nlMRnHTUDOvYSWO/7DMG2he8Pm6fkqrgVIda3qE1RXehQfZMsxq+Y3tWoIoVgrfqxXl9FRrbcsWXilTjWnZu67F+5yIJaLMj48smPei+rw9KkfSzX+M019sMVzT3b0b65646FqmE5h8+svlQkAPt+F/90ChnZBY1DLC5//1GbbaFlq6xSBnZJXy1SJr4rnaxUKhBSagkw== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(136003)(346002)(39850400004)(396003)(376002)(46966006)(478600001)(36756003)(82310400003)(44832011)(336012)(6486002)(34020700004)(2616005)(8936002)(316002)(8676002)(86362001)(956004)(6512007)(26005)(82740400003)(70586007)(16526019)(70206006)(186003)(356005)(81166007)(47076005)(83380400001)(69590400011)(6666004)(2906002)(6506007)(6916009)(5660300002); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jan 2021 17:22:55.5827 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bc76a3df-4a85-4fc7-158b-08d8b71eb335 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT041.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0801MB1988 X-Spam-Status: No, score=-14.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Szabolcs Nagy via Libc-alpha From: Szabolcs Nagy Reply-To: Szabolcs Nagy Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" With static pie linking pointers in the tunables list need RELATIVE relocs since the absolute address is not known at link time. We want to avoid relocations so the static pie self relocation can be done after tunables are initialized. This is a simple fix that embeds the tunable strings into the tunable list instead of using pointers. It is possible to have a more compact representation of tunables with some additional complexity in the generator and tunable parser logic. Such optimization will be useful if the list of tunables grows. There is still an issue that tunables_strdup allocates and the failure handling code path is sufficiently complex that it can easily have RELATIVE relocations. It is possible to avoid the early allocation and only change environment variables in a setuid exe after relocations are processed. But that is a bigger change and early failure is fatal anyway so it is not as critical to fix right away. Reviewed-by: Adhemerval Zanella --- elf/dl-tunable-types.h | 4 ++-- elf/dl-tunables.c | 2 +- scripts/gen-tunables.awk | 12 +++++++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/elf/dl-tunable-types.h b/elf/dl-tunable-types.h index 05d4958e1c..3fcc0806f5 100644 --- a/elf/dl-tunable-types.h +++ b/elf/dl-tunable-types.h @@ -59,7 +59,7 @@ typedef enum /* A tunable. */ struct _tunable { - const char *name; /* Internal name of the tunable. */ + const char name[TUNABLE_NAME_MAX]; /* Internal name of the tunable. */ tunable_type_t type; /* Data type of the tunable. */ tunable_val_t val; /* The value. */ bool initialized; /* Flag to indicate that the tunable is @@ -75,7 +75,7 @@ struct _tunable target module if the value is considered unsafe. */ /* Compatibility elements. */ - const char *env_alias; /* The compatibility environment + const char env_alias[TUNABLE_ALIAS_MAX]; /* The compatibility environment variable name. */ }; diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 9b4d737fb8..3845b2c04e 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -350,7 +350,7 @@ __tunables_init (char **envp) /* Skip over tunables that have either been set already or should be skipped. */ - if (cur->initialized || cur->env_alias == NULL) + if (cur->initialized || cur->env_alias[0] == '\0') continue; const char *name = cur->env_alias; diff --git a/scripts/gen-tunables.awk b/scripts/gen-tunables.awk index cda12ef62e..fa63e86d1a 100644 --- a/scripts/gen-tunables.awk +++ b/scripts/gen-tunables.awk @@ -12,6 +12,8 @@ BEGIN { tunable="" ns="" top_ns="" + max_name_len=0 + max_alias_len=0 } # Skip over blank lines and comments. @@ -57,11 +59,14 @@ $1 == "}" { maxvals[top_ns,ns,tunable] = max_of[types[top_ns,ns,tunable]] } if (!env_alias[top_ns,ns,tunable]) { - env_alias[top_ns,ns,tunable] = "NULL" + env_alias[top_ns,ns,tunable] = "{0}" } if (!security_level[top_ns,ns,tunable]) { security_level[top_ns,ns,tunable] = "SXID_ERASE" } + len = length(top_ns"."ns"."tunable) + if (len > max_name_len) + max_name_len = len tunable = "" } @@ -109,6 +114,9 @@ $1 == "}" { } else if (attr == "env_alias") { env_alias[top_ns,ns,tunable] = sprintf("\"%s\"", val) + len = length(val) + if (len > max_alias_len) + max_alias_len = len } else if (attr == "security_level") { if (val == "SXID_ERASE" || val == "SXID_IGNORE" || val == "NONE") { @@ -158,6 +166,8 @@ END { print "\n#ifdef TUNABLES_INTERNAL" # Internal definitions. + print "# define TUNABLE_NAME_MAX " (max_name_len + 1) + print "# define TUNABLE_ALIAS_MAX " (max_alias_len + 1) print "# include \"dl-tunable-types.h\"" # Finally, the tunable list. print "static tunable_t tunable_list[] attribute_relro = {"