From patchwork Wed Apr 13 13:00:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 52853 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 3CDAF385741A for ; Wed, 13 Apr 2022 13:01:33 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3CDAF385741A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1649854893; bh=PU9uWdG5PN+8CVamUl+w7cjdU0wR0+lM0tJlkccPpcQ=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=wdbLujDnjmCOcLwv248TcPVJRdy0uxX1whFShQe25xZBfXF2Kr5jrpmvPf8ffG4lR /SYia2KG/D5r71/FDX9itryP1QtXsSe5tQO80utHpEMYLLyc6rD1nq3+N8IdCW09DW rb+5k9tCkCh4xm8UqG9EKEgfErMlo9ArZEjp/VTc= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40077.outbound.protection.outlook.com [40.107.4.77]) by sourceware.org (Postfix) with ESMTPS id 647B93858430 for ; Wed, 13 Apr 2022 13:00:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 647B93858430 Received: from AM0PR02CA0192.eurprd02.prod.outlook.com (2603:10a6:20b:28e::29) by HE1PR0802MB2396.eurprd08.prod.outlook.com (2603:10a6:3:dc::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5144.29; Wed, 13 Apr 2022 13:00:34 +0000 Received: from VE1EUR03FT060.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:28e:cafe::b6) by AM0PR02CA0192.outlook.office365.com (2603:10a6:20b:28e::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20 via Frontend Transport; Wed, 13 Apr 2022 13:00:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT060.mail.protection.outlook.com (10.152.19.187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.19 via Frontend Transport; Wed, 13 Apr 2022 13:00:34 +0000 Received: ("Tessian outbound 9613c00560a5:v118"); Wed, 13 Apr 2022 13:00:33 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 69c5287c1dc01af0 X-CR-MTA-TID: 64aa7808 Received: from de155937144a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id CFA22A1D-0585-4C74-AACB-6D45190EE84B.1; Wed, 13 Apr 2022 13:00:27 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id de155937144a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 13 Apr 2022 13:00:27 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gQnmcNWOLyeMmP0ZXuN2Y0XCjz6oWJjbE/P3SGWx/lS0j49ODh2ZAC8/aHAIz8A07nRrX3DZeMwKGubPZFMR+d5JrHceItnO3idn1zHKWrMwO/CIDWzMroknlLrQWhz/YE/eLYNTjBLHK8H9iJMt7OMVfN/y6n34Y4kKsVGRYV2L27sue/liFGy2G6lgmLu3RVNUhZEO0F0cA8HICGPVByRL5UTUjNMQ7Fu/YOV1X7ythVDXDyGSuWl02WXGVPeIQLC4A0rnIEr1uWo4MslWF+aMUYHr/94NKvRyGhdx5ciBIsCC2CiPdzZrz9ruD0GztDaN10/ppFYwXOn1tUpcWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PU9uWdG5PN+8CVamUl+w7cjdU0wR0+lM0tJlkccPpcQ=; b=dBm4QJHsDL6CnaCuEeSC8dhUBdZAmXdJx+Ry7bMzM+T9xrAWtXh9HoeMnmjdRihQdAfEFfOlBfMtAA95ZfwYlt/RXCXwJOniDhX6XlIX6J4NC8sQgFJ4bhsZVsdTxFgomanss2b9k7nhpmNql74cmLAas1qrgRDrDFN+gg4gjiUc8FMcbfbnDvqUVasU6NohK5Xcac+8yGXSWrl3E7qAFEK7TAx6lwu2k8Urif5NQmyMLNF1X3VQ8jbXrJwgZXdRtiWl08Q8dzgls8LdyrtMEfEe8CfWRqZtUmxcjDJsmD6vwOh6DwOkmyYRedD/F52xKIJpi23U3qYmy+M5HDYz3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none Received: from DB6PR07CA0010.eurprd07.prod.outlook.com (2603:10a6:6:2d::20) by VI1PR08MB3887.eurprd08.prod.outlook.com (2603:10a6:803:c2::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5144.29; Wed, 13 Apr 2022 13:00:24 +0000 Received: from DB5EUR03FT035.eop-EUR03.prod.protection.outlook.com (2603:10a6:6:2d:cafe::d2) by DB6PR07CA0010.outlook.office365.com (2603:10a6:6:2d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20 via Frontend Transport; Wed, 13 Apr 2022 13:00:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; Received: from nebula.arm.com (40.67.248.234) by DB5EUR03FT035.mail.protection.outlook.com (10.152.20.65) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5164.19 via Frontend Transport; Wed, 13 Apr 2022 13:00:24 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Wed, 13 Apr 2022 13:00:30 +0000 Received: from armchair.cambridge.arm.com (10.2.80.71) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.2308.27 via Frontend Transport; Wed, 13 Apr 2022 13:00:30 +0000 To: Subject: [PATCH v3 1/2] aarch64: Use generic argv adjustment in ld.so [BZ #23293] Date: Wed, 13 Apr 2022 14:00:22 +0100 Message-ID: <4a157fa95462503bd1b6c3218644a0334ae52325.1649854695.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-Correlation-Id: 302d1841-9416-4b2d-91a1-08da1d4d98e1 X-MS-TrafficTypeDiagnostic: VI1PR08MB3887:EE_|VE1EUR03FT060:EE_|HE1PR0802MB2396:EE_ X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: JI3zS2BaWs1hWTzVmPI+e/MfLT0nLooYp7ka9V455ln/StyZHprtcKpAgKD25euuRxr4XJBInwuneoIA7oMAWN+txNCIUvJiaTj8Os4PDb09yKoFGS375H35LkPM6QfarYIx2/Dcss4NYsjbtebBd431bGfpZa7K6ul/BgRP8iFbyNhO6PjFYW+tRhKIQJXdGcdhKeEeqViMQW1Nmdie3dKZSnqM/FffpaSLJNU4Zuq19KUQPhGOLIee8h8PpqMvAOe+lgFKSZ3lAKnnVMfk9MjWhYbv/fDDVLnsAsdQEykgijceCPAieJ781uEJ3GjQLh+RyQIEppg6NAt+I7T8JxPgKKtbZPp+nnAuwRdbGnY1NGgl7IPhgsXd+BPmu3BXZIDZs08Aa1l136+Det+CNcPdqEV3lZi+EHkm033pDOPTvI5Pifb7ConMmg6AUIitDRHUVs7AwbVfbGfJqSC8qJwr0qkkShARxg2EFbxCn/pzh3Srg6p7GtEzLxZYYJeYT86WYjTBfqUBZ0MKifBvvzkyXTnyMv4MmkU2dx4NQE+7SPVCcsdomi8P/bFSm3R2Ha/6jXZfIaHEsE7HVswRXxK77+dYAtK1XDo2uusBTn+STX8BliZBQJUMd0DUAl34KlJhPSWgvZTVCixpFVhnmlQHhCmV3ENFaRFtxugDltbKQ3l0HaOfle2X6KJNpMJ7e/6Q0Sgu/iTgeVNZ8NuDXe3N/uVqg5xLF/NG+ntxE24= X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(46966006)(36840700001)(426003)(336012)(6916009)(83380400001)(2616005)(70206006)(36756003)(70586007)(81166007)(5660300002)(82310400005)(8676002)(8936002)(44832011)(6666004)(2906002)(7696005)(86362001)(498600001)(47076005)(186003)(356005)(26005)(40460700003)(36860700001)(41533002)(36900700001); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3887 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT060.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 0cf0df09-9b51-4117-5d4a-08da1d4d92ec X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lcNDYwC1QYmfhBq5V9ufbyoXEVrDoY4iZabZX54mUW46Su6oGJnHDUXP7vLghsWPgnJo3OGOpGyxme88EhQu4+33WaC3Ieo3QJpA75w8QuCC5Xxn+0FduJ//qw3tsOIsDLVpmOU3rC1Oo5aEShCH99j5uk5zovnEqV2A2lAnEvOBdl6zne00or1/K0U4E8vt1ycSXWhrbvYDDMBu/R7a0RzAErbPgTz95sJj/xuSEafc8DC7yI2qBWZbz3SQcNICrA1HSBJ92XVApYgYMfmfXmg586L7zX2GvZIc0fsoShmiqSFOYHOmntaLclEofJ+hrZ49Vl+HwkRPkeNW5IvJRdq+k/KddaOTfPPZkeQwls4WZE6gd92CKJ7f2EGouQAI08wkBQjO4zjIZi+UhfbraHuOvDaZEvR5gv5OSKNcOaPBeeExBlZx/pYVbQ2wTsSvY91bFM/tNVZKGdmN+a6g5c67KbFFDsj5AdAnbFKd6rTdXFb4GUgcz1vAQTuE9wwFodHg3bAihtshl1IlB5w4XkIdvFPJ0cmjFZTOBUkApQwaDur79BsJOW1IMmoceDdKIswA72FlQGQxTKjUEVz2QnBbKGNXG2kdYS2uDoviMkoF9EUr9G0pMe+WoNoVh5a/HtcAbHLnFfJSO+QpJYUWhpPv8tdBLiPz6q+d2YByBsdkC1EEtXr1szJSjl33fGbKEBS3OmpDsV+Ui9T/8KosCQ== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(8676002)(8936002)(70206006)(2616005)(6916009)(47076005)(186003)(82310400005)(5660300002)(26005)(336012)(2906002)(40460700003)(36756003)(36860700001)(426003)(83380400001)(70586007)(86362001)(498600001)(44832011)(7696005)(6666004)(81166007)(41533002); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Apr 2022 13:00:34.0016 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 302d1841-9416-4b2d-91a1-08da1d4d98e1 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT060.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2396 X-Spam-Status: No, score=-12.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Szabolcs Nagy via Libc-alpha From: Szabolcs Nagy Reply-To: Szabolcs Nagy Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" When an executable is invoked as ./ld.so [ld.so-args] ./exe [exe-args] then the argv is adujusted in ld.so before calling the entry point of the executable so ld.so args are not visible to it. On most targets this requires moving argv, env and auxv on the stack to ensure correct stack alignment at the entry point. This had several issues: - The code for this adjustment on the stack is written in asm as part of the target specific ld.so _start code which is hard to maintain. - The adjustment is done after _dl_start returns, where it's too late to update GLRO(dl_auxv), as it is already readonly, so it points to memory that was clobbered by the adjustment. This is bug 23293. - _environ is also wrong in ld.so after the adjustment, but it is likely not used after _dl_start returns so this is not user visible. - _dl_argv was updated, but for this it was moved out of relro, which changes security properties across targets unnecessarily. This patch introduces a generic _dl_start_args_adjust function that handles the argument adjustments after ld.so processed its own args and before relro protection is applied. It sets _dl_skip_args to 0 so the existing adjustment in asm is not invoked. Each target has to opt-in to use this new adjustment since some targets don't need it. Once all targets are updated, _dl_argv declaration can be simplified. A new _dl_start_argptr was introduced because the original sp is not passed to dl_main which now has to do the adjustments. Reviewed-by: Florian Weimer --- v2: - use p != NULL, and a_type != AT_NULL - remove the confusing paragraph from the commit message. --- elf/rtld.c | 58 +++++++++++++++++++++++++++++ sysdeps/aarch64/dl-sysdep.h | 2 +- sysdeps/generic/ldsodefs.h | 3 ++ sysdeps/unix/sysv/linux/dl-sysdep.c | 10 +++++ 4 files changed, 72 insertions(+), 1 deletion(-) diff --git a/elf/rtld.c b/elf/rtld.c index 19e328f89e..bc4d59f5d6 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1311,6 +1311,60 @@ rtld_setup_main_map (struct link_map *main_map) return has_interp; } +#ifdef DL_NEED_START_ARGS_ADJUST +static void +_dl_start_args_adjust (void) +{ + void **sp; + void **p; + long argc; + char **argv; + ElfW(auxv_t) *auxv; + + if (_dl_skip_args == 0) + return; + + sp = _dl_start_argptr; + + /* Adjust argc on stack. */ + argc = (long) sp[0] - _dl_skip_args; + sp[0] = (void *) argc; + + argv = (char **) (sp + 1); /* Necessary aliasing violation. */ + p = sp + _dl_skip_args; + /* Shuffle argv down. */ + do + *++sp = *++p; + while (*p != NULL); + + /* Shuffle envp down. */ + do + *++sp = *++p; + while (*p != NULL); + + auxv = (ElfW(auxv_t) *) (sp + 1); /* Necessary aliasing violation. */ + /* Shuffle auxv down. */ + void *a, *b; /* Use a pair of pointers for an auxv entry. */ + unsigned long a_type; + do + { + a_type = ((ElfW(auxv_t) *) (p + 1))->a_type; + a = *++p; + b = *++p; + *++sp = a; + *++sp = b; + } + while (a_type != AT_NULL); + + /* Update globals in rtld. */ + _dl_argv = argv; + _environ = argv + argc + 1; + GLRO(dl_auxv) = auxv; + /* No longer need to skip args. */ + _dl_skip_args = 0; +} +#endif + static void dl_main (const ElfW(Phdr) *phdr, ElfW(Word) phnum, @@ -1615,6 +1669,10 @@ dl_main (const ElfW(Phdr) *phdr, /* Set the argv[0] string now that we've processed the executable. */ if (argv0 != NULL) _dl_argv[0] = argv0; +#ifdef DL_NEED_START_ARGS_ADJUST + /* Adjust arguments for the application entry point. */ + _dl_start_args_adjust (); +#endif } else { diff --git a/sysdeps/aarch64/dl-sysdep.h b/sysdeps/aarch64/dl-sysdep.h index 667786671c..1df4c2c528 100644 --- a/sysdeps/aarch64/dl-sysdep.h +++ b/sysdeps/aarch64/dl-sysdep.h @@ -20,6 +20,6 @@ /* _dl_argv cannot be attribute_relro, because _dl_start_user might write into it after _dl_start returns. */ -#define DL_ARGV_NOT_RELRO 1 +#define DL_NEED_START_ARGS_ADJUST 1 #define DL_EXTERN_PROTECTED_DATA diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 29f005499b..f322d36570 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -785,6 +785,9 @@ extern unsigned int _dl_skip_args attribute_hidden attribute_relro # endif ; +# ifdef DL_NEED_START_ARGS_ADJUST +extern void **_dl_start_argptr attribute_hidden attribute_relro; +# endif #endif #define rtld_progname _dl_argv[0] diff --git a/sysdeps/unix/sysv/linux/dl-sysdep.c b/sysdeps/unix/sysv/linux/dl-sysdep.c index c90f109b11..66f003e2a3 100644 --- a/sysdeps/unix/sysv/linux/dl-sysdep.c +++ b/sysdeps/unix/sysv/linux/dl-sysdep.c @@ -58,6 +58,12 @@ void *__libc_stack_end attribute_relro = NULL; rtld_hidden_data_def(__libc_stack_end) void *_dl_random attribute_relro = NULL; +#ifdef DL_NEED_START_ARGS_ADJUST +/* Original sp at ELF entry, used when rtld is executed explicitly + and needs to adjust arg components for the actual application. */ +void **_dl_start_argptr attribute_hidden attribute_relro = NULL; +#endif + #ifndef DL_STACK_END # define DL_STACK_END(cookie) ((void *) (cookie)) #endif @@ -114,6 +120,10 @@ _dl_sysdep_start (void **start_argptr, __brk (0); /* Initialize the break. */ +#ifdef DL_NEED_START_ARGS_ADJUST + _dl_start_argptr = start_argptr; +#endif + #ifdef DL_PLATFORM_INIT DL_PLATFORM_INIT; #endif