From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id D4C403858D33 for ; Wed, 22 Feb 2023 21:23:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D4C403858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1677101026; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ieE+nYutqyw8P5Ld+0I4rl3RMU3ugB1urLIK57jh4iA=; b=WDzaGPh5h/m5itBTYodikx2p0Vs0X2TFehELikdmN6Kh3nnHVhRP+768kvwzlEVu4hylQs rSLKwfLZjV3JUO4q26J58kYSfc+WdQnaqHmE7WAA0lanI95kjDL5Juwuiay3tKq/ULYdui ulO9/RMBfN8TgIvbcZRaNTtK25sGB7A= Received: from mail-io1-f72.google.com (mail-io1-f72.google.com [209.85.166.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-512-SQaFUQkQP3O62wpUQ4_mfQ-1; Wed, 22 Feb 2023 16:23:45 -0500 X-MC-Unique: SQaFUQkQP3O62wpUQ4_mfQ-1 Received: by mail-io1-f72.google.com with SMTP id p25-20020a5d9c99000000b00745dfcf1ed3so5784077iop.1 for ; Wed, 22 Feb 2023 13:23:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ieE+nYutqyw8P5Ld+0I4rl3RMU3ugB1urLIK57jh4iA=; b=y/x3KKyB5GTWeTHay+aiEToYPCkVaR8J0dC818LQCuW4Ti2QXw2J9qPbRlSXUjXO0M 2+qfkWpXM2LCUT3R0N9DKpC8Xk21jZ9OM4KwRbkchdA1u4rpeYPXyhBauaZ1imJ8X6AN bMK72uHtBYgJvLrrN6hKawRBzEdQ5VNGJL62Qrs48n55wLQITLjYK1HDlOAXNqHVzqIp kp8XVMKVzCc05czIcV898dce666oamt0aKIzCOkdHxbNxHeohMDtcA6dt4H+gQzn9knx KBZ+kc3MMx10X0AJ6GxGzv43HZA/N8XDpc7f1AYsvLqVmh8QS6CNOdwc4j/n3w8kwC4L L4MA== X-Gm-Message-State: AO0yUKU+kjhs3/xHFMuI++CD4WWxv21BBtJLHYZ2PC+9adC0Tt4SIE9T V6wfeoyiQMcVQSEiNpsi+MYtWwgYuGv4GGPOWZCjHtaXJNIVJ5JTYcQIgr8+Gt+RybaDUUm+BYP 09X1j1I9MYeWAc5bmqB1u X-Received: by 2002:a92:4403:0:b0:315:459a:8ae with SMTP id r3-20020a924403000000b00315459a08aemr7170293ila.13.1677101024348; Wed, 22 Feb 2023 13:23:44 -0800 (PST) X-Google-Smtp-Source: AK7set9ohxFK/zNUp1w2MbAQM60/+KoRmbl4dxGa728xOpZCpF+eJVV95QWgILEDy+tWv7mjRtnCzA== X-Received: by 2002:a92:4403:0:b0:315:459a:8ae with SMTP id r3-20020a924403000000b00315459a08aemr7170284ila.13.1677101024001; Wed, 22 Feb 2023 13:23:44 -0800 (PST) Received: from [192.168.0.241] ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id g18-20020a0566380bd200b003a607dccd1bsm1604544jad.17.2023.02.22.13.23.42 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 22 Feb 2023 13:23:43 -0800 (PST) Message-ID: Date: Wed, 22 Feb 2023 16:23:42 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH] ld.so: Check protected symbols To: "H.J. Lu" , libc-alpha@sourceware.org References: <20211007195642.433693-1-hjl.tools@gmail.com> From: Carlos O'Donell Organization: Red Hat In-Reply-To: <20211007195642.433693-1-hjl.tools@gmail.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-12.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,KAM_SHORT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 10/7/21 15:56, H.J. Lu via Libc-alpha wrote: > Add LD_DEBUG=protected to check copy relocations against protected data > and non-canonical reference to protected function. This review is part of my backlog patch review (SLI-driven patch review). This patch doesn't apply anymore due to changes in dl-protected.h. This is because of 7374c02b683b7110b853a32496a619410364d70b and the addition of similar diagnostics. I'm marking this at Changes Requested in patchwork. If some of this still applies we should rework the diagnostics. Thank you! > --- > elf/rtld.c | 2 ++ > sysdeps/generic/dl-protected.h | 24 +++++++++++++++++------ > sysdeps/generic/ldsodefs.h | 1 + > sysdeps/x86/Makefile | 13 +++++++++++++ > sysdeps/x86/tst-protected3.c | 34 +++++++++++++++++++++++++++++++++ > sysdeps/x86/tst-protected3mod.c | 25 ++++++++++++++++++++++++ > 6 files changed, 93 insertions(+), 6 deletions(-) > create mode 100644 sysdeps/x86/tst-protected3.c > create mode 100644 sysdeps/x86/tst-protected3mod.c > > diff --git a/elf/rtld.c b/elf/rtld.c > index 5eee9e1091..9d7d7533a9 100644 > --- a/elf/rtld.c > +++ b/elf/rtld.c > @@ -2560,6 +2560,8 @@ process_dl_debug (struct dl_main_state *state, const char *dl_debug) > DL_DEBUG_STATISTICS }, > { LEN_AND_STR ("unused"), "determined unused DSOs", > DL_DEBUG_UNUSED }, > + { LEN_AND_STR ("protected"), "check protected symbols", > + DL_DEBUG_PROTECTED }, > { LEN_AND_STR ("help"), "display this help message and exit", > DL_DEBUG_HELP }, > }; > diff --git a/sysdeps/generic/dl-protected.h b/sysdeps/generic/dl-protected.h > index 244d020dc4..c6cf46e434 100644 > --- a/sysdeps/generic/dl-protected.h > +++ b/sysdeps/generic/dl-protected.h > @@ -26,17 +26,18 @@ _dl_check_protected_symbol (const char *undef_name, > const struct link_map *map, > int type_class) > { > - if (undef_map != NULL > - && undef_map->l_type == lt_executable > - && !(undef_map->l_1_needed > - & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS) > + if (undef_map == NULL || undef_map->l_type != lt_executable) > + return; > + > + if (!(undef_map->l_1_needed > + & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS) > && (map->l_1_needed > & GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS)) > { > if ((type_class & ELF_RTYPE_CLASS_COPY)) > /* Disallow copy relocations in executable against protected > - data symbols in a shared object which needs indirect external > - access. */ > + data symbols in a shared object which needs indirect > + external access. */ > _dl_signal_error (0, map->l_name, undef_name, > N_("copy relocation against non-copyable protected symbol")); > else if (ref->st_value != 0 > @@ -49,6 +50,17 @@ _dl_check_protected_symbol (const char *undef_name, > _dl_signal_error (0, map->l_name, undef_name, > N_("non-canonical reference to canonical protected function")); > } > + else if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_PROTECTED)) > + { > + if ((type_class & ELF_RTYPE_CLASS_COPY)) > + _dl_debug_printf ("%s: copy relocation against protected symbol `%s' in %s\n", > + RTLD_PROGNAME, undef_name, map->l_name); > + else if (ref->st_value != 0 > + && ref->st_shndx == SHN_UNDEF > + && (type_class & ELF_RTYPE_CLASS_PLT)) > + _dl_debug_printf ("%s: non-canonical reference to protected function `%s' in %s\n", > + RTLD_PROGNAME, undef_name, map->l_name); > + } > } > > #endif /* _DL_PROTECTED_H */ > diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h > index 9ec1511bb0..89ad7b5099 100644 > --- a/sysdeps/generic/ldsodefs.h > +++ b/sysdeps/generic/ldsodefs.h > @@ -545,6 +545,7 @@ struct rtld_global_ro > /* These two are used only internally. */ > #define DL_DEBUG_HELP (1 << 10) > #define DL_DEBUG_PRELINK (1 << 11) > +#define DL_DEBUG_PROTECTED (1 << 12) > > /* OS version. */ > EXTERN unsigned int _dl_osversion; > diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile > index 402986ff68..f4f3a0fc73 100644 > --- a/sysdeps/x86/Makefile > +++ b/sysdeps/x86/Makefile > @@ -68,6 +68,19 @@ ifneq ($(have-tunables),no) > tst-ifunc-isa-2-ENV = GLIBC_TUNABLES=glibc.cpu.hwcaps=-SSE4_2,-AVX,-AVX2,-AVX512F > tst-ifunc-isa-2-static-ENV = $(tst-ifunc-isa-2-ENV) > endif > + > +ifeq (yes,$(build-shared)) > +tests += tst-protected3 > +modules-names += tst-protected3mod > + > +$(objpfx)tst-protected3: $(objpfx)tst-protected3mod.so > + > +tst-protected3-ENV = LD_DEBUG=protected LD_DEBUG_OUTPUT=$(objpfx)tst-protected3.debug.out > + > +ifeq (yes,$(have-fno-direct-extern-access)) > +CFLAGS-tst-protected3.c += -fdirect-extern-access > +endif > +endif > endif > > ifeq ($(subdir),math) > diff --git a/sysdeps/x86/tst-protected3.c b/sysdeps/x86/tst-protected3.c > new file mode 100644 > index 0000000000..87d3cd2a45 > --- /dev/null > +++ b/sysdeps/x86/tst-protected3.c > @@ -0,0 +1,34 @@ > +/* Test warnings on protected function and data symbols. > + Copyright (C) 2021 Free Software Foundation, Inc. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + . */ > + > +#include > +#include > + > +extern int protected_data; > +extern int protected_func (void) __attribute__((weak)); > + > +static int > +do_test (void) > +{ > + TEST_COMPARE (protected_data, 30); > + TEST_VERIFY_EXIT (protected_func != NULL); > + protected_func (); > + return 0; > +} > + > +#include > diff --git a/sysdeps/x86/tst-protected3mod.c b/sysdeps/x86/tst-protected3mod.c > new file mode 100644 > index 0000000000..b9588e9015 > --- /dev/null > +++ b/sysdeps/x86/tst-protected3mod.c > @@ -0,0 +1,25 @@ > +/* Test warnings on protected function and data symbols. > + Copyright (C) 2021 Free Software Foundation, Inc. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + . */ > + > +int protected_data __attribute__ ((visibility("protected"))) = 30; > + > +__attribute__ ((visibility("protected"))) > +void > +protected_func (void) > +{ > +} -- Cheers, Carlos.