public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/azanella/mseal] linux: Remove __stack_prot
@ 2024-06-04 22:57 Adhemerval Zanella
0 siblings, 0 replies; 3+ messages in thread
From: Adhemerval Zanella @ 2024-06-04 22:57 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cfeb34cb2ee473e43b2769b70a9ef581979dd0cf
commit cfeb34cb2ee473e43b2769b70a9ef581979dd0cf
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Sat Jun 1 11:15:34 2024 -0300
linux: Remove __stack_prot
The __stack_prot is used by Linux to make the stack executable if
a modules requires it. It is also marked as RELRO, which requires
to change the segment permission to RW to update it.
Also, there is no need to keep track of the flags: either the stack
will have the default permission of the ABI or should be change to
PROT_READ | PROT_WRITE | PROT_EXEC. The only additional flag,
PROT_GROWSDOWN or PROT_GROWSUP, is Linux only and can be deducted
from _STACK_GROWS_DOWN/_STACK_GROWS_UP.
Also, the check_consistency was alredy removed some time ago.
Checked on x86_64-linux-gnu and i686-linux-gnu.
Diff:
---
elf/dl-load.c | 46 +---------------------------------
sysdeps/unix/sysv/linux/dl-execstack.c | 25 ++++++++----------
2 files changed, 11 insertions(+), 60 deletions(-)
diff --git a/elf/dl-load.c b/elf/dl-load.c
index a34cb3559c..8a89b71016 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -88,16 +88,6 @@ struct filebuf
#define STRING(x) __STRING (x)
-int __stack_prot attribute_hidden attribute_relro
-#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
- = PROT_GROWSDOWN;
-#elif _STACK_GROWS_UP && defined PROT_GROWSUP
- = PROT_GROWSUP;
-#else
- = 0;
-#endif
-
-
/* This is the decomposed LD_LIBRARY_PATH search path. */
struct r_search_path_struct __rtld_env_path_list attribute_relro;
@@ -1308,41 +1298,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
{
/* The stack is presently not executable, but this module
- requires that it be executable. We must change the
- protection of the variable which contains the flags used in
- the mprotect calls. */
-#ifdef SHARED
- if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
- {
- const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
- const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
-
- struct link_map *const m = &GL(dl_rtld_map);
- const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
- + m->l_relro_size)
- & -GLRO(dl_pagesize));
- if (__glibc_likely (p + s <= relro_end))
- {
- /* The variable lies in the region protected by RELRO. */
- if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
- {
- errstring = N_("cannot change memory protections");
- goto lose_errno;
- }
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
- __mprotect ((void *) p, s, PROT_READ);
- }
- else
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
- }
- else
-#endif
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
-
-#ifdef check_consistency
- check_consistency ();
-#endif
-
+ requires that it be executable. */
#if PTHREAD_IN_LIBC
errval = _dl_make_stacks_executable (stack_endp);
#else
diff --git a/sysdeps/unix/sysv/linux/dl-execstack.c b/sysdeps/unix/sysv/linux/dl-execstack.c
index 3d8f3938da..b986898598 100644
--- a/sysdeps/unix/sysv/linux/dl-execstack.c
+++ b/sysdeps/unix/sysv/linux/dl-execstack.c
@@ -27,35 +27,30 @@
#include <sysdep.h>
#include <unistd.h>
-extern int __stack_prot attribute_relro attribute_hidden;
-
static int
make_main_stack_executable (void **stack_endp)
{
/* This gives us the highest/lowest page that needs to be changed. */
uintptr_t page = ((uintptr_t) *stack_endp
& -(intptr_t) GLRO(dl_pagesize));
- int result = 0;
- if (__builtin_expect (__mprotect ((void *) page, GLRO(dl_pagesize),
- __stack_prot) == 0, 1))
- goto return_success;
- result = errno;
- goto out;
+ if (__mprotect ((void *) page, GLRO(dl_pagesize),
+ PROT_READ | PROT_WRITE | PROT_EXEC
+#if _STACK_GROWS_DOWN
+ | PROT_GROWSDOWN
+#elif _STACK_GROWS_UP
+ | PROT_GROWSUP
+#endif
+ ) != 0)
+ return errno;
- return_success:
/* Clear the address. */
*stack_endp = NULL;
/* Remember that we changed the permission. */
GL(dl_stack_flags) |= PF_X;
- out:
-#ifdef check_consistency
- check_consistency ();
-#endif
-
- return result;
+ return 0;
}
int
^ permalink raw reply [flat|nested] 3+ messages in thread
* [glibc/azanella/mseal] linux: Remove __stack_prot
@ 2024-06-04 14:08 Adhemerval Zanella
0 siblings, 0 replies; 3+ messages in thread
From: Adhemerval Zanella @ 2024-06-04 14:08 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6720eff9a3534557db3583a23580257b51d0a301
commit 6720eff9a3534557db3583a23580257b51d0a301
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Sat Jun 1 11:15:34 2024 -0300
linux: Remove __stack_prot
The __stack_prot is used by Linux to make the stack executable if
a modules requires it. It is also marked as RELRO, which requires
to change the segment permission to RW to update it.
Also, there is no need to keep track of the flags: either the stack
will have the default permission of the ABI or should be change to
PROT_READ | PROT_WRITE | PROT_EXEC. The only additional flag,
PROT_GROWSDOWN or PROT_GROWSUP, is Linux only and can be deducted
from _STACK_GROWS_DOWN/_STACK_GROWS_UP.
Also, the check_consistency was alredy removed some time ago.
Checked on x86_64-linux-gnu and i686-linux-gnu.
Diff:
---
elf/dl-load.c | 46 +---------------------------------
sysdeps/unix/sysv/linux/dl-execstack.c | 25 ++++++++----------
2 files changed, 11 insertions(+), 60 deletions(-)
diff --git a/elf/dl-load.c b/elf/dl-load.c
index a34cb3559c..8a89b71016 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -88,16 +88,6 @@ struct filebuf
#define STRING(x) __STRING (x)
-int __stack_prot attribute_hidden attribute_relro
-#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
- = PROT_GROWSDOWN;
-#elif _STACK_GROWS_UP && defined PROT_GROWSUP
- = PROT_GROWSUP;
-#else
- = 0;
-#endif
-
-
/* This is the decomposed LD_LIBRARY_PATH search path. */
struct r_search_path_struct __rtld_env_path_list attribute_relro;
@@ -1308,41 +1298,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
{
/* The stack is presently not executable, but this module
- requires that it be executable. We must change the
- protection of the variable which contains the flags used in
- the mprotect calls. */
-#ifdef SHARED
- if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
- {
- const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
- const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
-
- struct link_map *const m = &GL(dl_rtld_map);
- const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
- + m->l_relro_size)
- & -GLRO(dl_pagesize));
- if (__glibc_likely (p + s <= relro_end))
- {
- /* The variable lies in the region protected by RELRO. */
- if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
- {
- errstring = N_("cannot change memory protections");
- goto lose_errno;
- }
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
- __mprotect ((void *) p, s, PROT_READ);
- }
- else
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
- }
- else
-#endif
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
-
-#ifdef check_consistency
- check_consistency ();
-#endif
-
+ requires that it be executable. */
#if PTHREAD_IN_LIBC
errval = _dl_make_stacks_executable (stack_endp);
#else
diff --git a/sysdeps/unix/sysv/linux/dl-execstack.c b/sysdeps/unix/sysv/linux/dl-execstack.c
index 3d8f3938da..b986898598 100644
--- a/sysdeps/unix/sysv/linux/dl-execstack.c
+++ b/sysdeps/unix/sysv/linux/dl-execstack.c
@@ -27,35 +27,30 @@
#include <sysdep.h>
#include <unistd.h>
-extern int __stack_prot attribute_relro attribute_hidden;
-
static int
make_main_stack_executable (void **stack_endp)
{
/* This gives us the highest/lowest page that needs to be changed. */
uintptr_t page = ((uintptr_t) *stack_endp
& -(intptr_t) GLRO(dl_pagesize));
- int result = 0;
- if (__builtin_expect (__mprotect ((void *) page, GLRO(dl_pagesize),
- __stack_prot) == 0, 1))
- goto return_success;
- result = errno;
- goto out;
+ if (__mprotect ((void *) page, GLRO(dl_pagesize),
+ PROT_READ | PROT_WRITE | PROT_EXEC
+#if _STACK_GROWS_DOWN
+ | PROT_GROWSDOWN
+#elif _STACK_GROWS_UP
+ | PROT_GROWSUP
+#endif
+ ) != 0)
+ return errno;
- return_success:
/* Clear the address. */
*stack_endp = NULL;
/* Remember that we changed the permission. */
GL(dl_stack_flags) |= PF_X;
- out:
-#ifdef check_consistency
- check_consistency ();
-#endif
-
- return result;
+ return 0;
}
int
^ permalink raw reply [flat|nested] 3+ messages in thread
* [glibc/azanella/mseal] linux: Remove __stack_prot
@ 2024-06-03 21:51 Adhemerval Zanella
0 siblings, 0 replies; 3+ messages in thread
From: Adhemerval Zanella @ 2024-06-03 21:51 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6720eff9a3534557db3583a23580257b51d0a301
commit 6720eff9a3534557db3583a23580257b51d0a301
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Sat Jun 1 11:15:34 2024 -0300
linux: Remove __stack_prot
The __stack_prot is used by Linux to make the stack executable if
a modules requires it. It is also marked as RELRO, which requires
to change the segment permission to RW to update it.
Also, there is no need to keep track of the flags: either the stack
will have the default permission of the ABI or should be change to
PROT_READ | PROT_WRITE | PROT_EXEC. The only additional flag,
PROT_GROWSDOWN or PROT_GROWSUP, is Linux only and can be deducted
from _STACK_GROWS_DOWN/_STACK_GROWS_UP.
Also, the check_consistency was alredy removed some time ago.
Checked on x86_64-linux-gnu and i686-linux-gnu.
Diff:
---
elf/dl-load.c | 46 +---------------------------------
sysdeps/unix/sysv/linux/dl-execstack.c | 25 ++++++++----------
2 files changed, 11 insertions(+), 60 deletions(-)
diff --git a/elf/dl-load.c b/elf/dl-load.c
index a34cb3559c..8a89b71016 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -88,16 +88,6 @@ struct filebuf
#define STRING(x) __STRING (x)
-int __stack_prot attribute_hidden attribute_relro
-#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
- = PROT_GROWSDOWN;
-#elif _STACK_GROWS_UP && defined PROT_GROWSUP
- = PROT_GROWSUP;
-#else
- = 0;
-#endif
-
-
/* This is the decomposed LD_LIBRARY_PATH search path. */
struct r_search_path_struct __rtld_env_path_list attribute_relro;
@@ -1308,41 +1298,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
{
/* The stack is presently not executable, but this module
- requires that it be executable. We must change the
- protection of the variable which contains the flags used in
- the mprotect calls. */
-#ifdef SHARED
- if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
- {
- const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
- const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
-
- struct link_map *const m = &GL(dl_rtld_map);
- const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
- + m->l_relro_size)
- & -GLRO(dl_pagesize));
- if (__glibc_likely (p + s <= relro_end))
- {
- /* The variable lies in the region protected by RELRO. */
- if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
- {
- errstring = N_("cannot change memory protections");
- goto lose_errno;
- }
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
- __mprotect ((void *) p, s, PROT_READ);
- }
- else
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
- }
- else
-#endif
- __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
-
-#ifdef check_consistency
- check_consistency ();
-#endif
-
+ requires that it be executable. */
#if PTHREAD_IN_LIBC
errval = _dl_make_stacks_executable (stack_endp);
#else
diff --git a/sysdeps/unix/sysv/linux/dl-execstack.c b/sysdeps/unix/sysv/linux/dl-execstack.c
index 3d8f3938da..b986898598 100644
--- a/sysdeps/unix/sysv/linux/dl-execstack.c
+++ b/sysdeps/unix/sysv/linux/dl-execstack.c
@@ -27,35 +27,30 @@
#include <sysdep.h>
#include <unistd.h>
-extern int __stack_prot attribute_relro attribute_hidden;
-
static int
make_main_stack_executable (void **stack_endp)
{
/* This gives us the highest/lowest page that needs to be changed. */
uintptr_t page = ((uintptr_t) *stack_endp
& -(intptr_t) GLRO(dl_pagesize));
- int result = 0;
- if (__builtin_expect (__mprotect ((void *) page, GLRO(dl_pagesize),
- __stack_prot) == 0, 1))
- goto return_success;
- result = errno;
- goto out;
+ if (__mprotect ((void *) page, GLRO(dl_pagesize),
+ PROT_READ | PROT_WRITE | PROT_EXEC
+#if _STACK_GROWS_DOWN
+ | PROT_GROWSDOWN
+#elif _STACK_GROWS_UP
+ | PROT_GROWSUP
+#endif
+ ) != 0)
+ return errno;
- return_success:
/* Clear the address. */
*stack_endp = NULL;
/* Remember that we changed the permission. */
GL(dl_stack_flags) |= PF_X;
- out:
-#ifdef check_consistency
- check_consistency ();
-#endif
-
- return result;
+ return 0;
}
int
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-06-04 22:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-06-04 22:57 [glibc/azanella/mseal] linux: Remove __stack_prot Adhemerval Zanella
-- strict thread matches above, loose matches on Subject: below --
2024-06-04 14:08 Adhemerval Zanella
2024-06-03 21:51 Adhemerval Zanella
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).