From patchwork Mon Sep 30 20:08:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 98184 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8BF12384A485 for ; Mon, 30 Sep 2024 20:13:52 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) by sourceware.org (Postfix) with ESMTPS id 3FA98384640D for ; Mon, 30 Sep 2024 20:09:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3FA98384640D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3FA98384640D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::d2e ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726952; cv=none; b=KgJxgHDJqqN86eUn30RuF1Gt13QX+OcBf6jzmlT263YiWRV3Cvj0cUfTrZmODTdhIkCWlibDslpj4RSsOCSwKKAMHx/S8YAVwOFC9vTC/5AiOZEO1KBuGWSGgVvvApJOOvGBV1dyBZ/UkBNAm+t9os/DmNHbwZ66HTGDR+ihWks= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726952; c=relaxed/simple; bh=bg5zXYalPjRMiswfRoUvK3/2LEBW3YjoJlynrDfRMTA=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=lv2Iysec4rq2gMgkro6ktH1Spo7XRyO3nZJotFPPqGY8ZgsEhrIrmMeJbUDsRmvQqbgYeuDEc5rT8qzrPPGAUkS/OfoXiJ6QpBXghmB/nEdaI7M14XhgcjJXW+5fMpDXSLJqTKOocEd68f2eLl3PKDmiRxKYqQ/DLaDhgM4CxPE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-io1-xd2e.google.com with SMTP id ca18e2360f4ac-82aef2c1e5fso180150239f.1 for ; Mon, 30 Sep 2024 13:09:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726939; x=1728331739; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ysqDXy3bOFwPmkl35bad/Fq5SjB5trgCjVFIaqVAByA=; b=ZEElqfSJmWgkuUOuh/rV2YmbicRsySqM1NvoVERxv1ZF1HLVO6nmThcUt49YGJCA71 2YcUzO92yvmSi7Y5WWamyez4Y7p63J1GhGAULGq5ELHK7I3r96GOBF1QUjIITmiKv1LK W0Ivu+uD59kvq4RekM+wyQM6Fiem4JGP+tzoP3NZ4qcBHNfcT1UlTwkDSFFZdlg5bWv5 /q0Q48dKe9g3tIjPbP7woslfhfllyoL32ILa0r2Ht6TWRqKNhfdcELaA+OSrQwR9gBCC o9hodSwORh8NsWvWyVVl6DSm6dRzhD7FzJD/hum3VZoOMA7XSMTg0Cqwab+zTKT++7ta uI0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726939; x=1728331739; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ysqDXy3bOFwPmkl35bad/Fq5SjB5trgCjVFIaqVAByA=; b=Q9/PEiTumwCPSGhwU0L7HKE0gNNGbG8AJafOlBuJzDxSJrvKgA0sp7N4De+QsNR6RM CpnlmFVUXRibmi2IIYT+oi9SDGQ9zbmJhmdu5BwSTGo/D/s/sMRaUfF+i63KHjUWyRhC fDngTq3PcQEA/2kgnVkin/dYzGJWuTt7OwKYmoMgzXQ9sw2miiOJpusxPTUQXNTV3QZa UOelDBTtcc0wfWaXGEF2hyB4H/q7X+a/dWcDHYPZguodI6jRPjHTRYtSCH6TsaMnQRhn yGMEDjvCryACN+6OkWXoXap/fJ9iRtB/HIZA4Yl9ydOfmfzO9vPJWO9qb/C3vhBP4beF 2qSw== X-Gm-Message-State: AOJu0YzuikaTDg5VDZqWKMq3DTqPhsqPwk0U5NR/rkWD5Vptkd+Sbmv9 M82QAe15OoPxnf1jmu6wQvCshnxNDH0choW+nyYHAebqD6wst7Ifc5MPswUjxtZdtzREyUQizbX VJu0= X-Google-Smtp-Source: AGHT+IHwauNvdF7unubRcArNRpQ/gPipuhO7sBXfG4+tVcqZkWBX777P50j8bEE9n0xlIHb7l22sbQ== X-Received: by 2002:a05:6602:6d13:b0:82c:ffb5:86ab with SMTP id ca18e2360f4ac-834931d4168mr1408340739f.5.1727726938789; Mon, 30 Sep 2024 13:08:58 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2c4845sm6869565a12.43.2024.09.30.13.08.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:58 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v3 7/9] Enable memory sealing automatically Date: Mon, 30 Sep 2024 17:08:29 -0300 Message-Id: <20240930200831.1669010-8-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> References: <20240930200831.1669010-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org All libraries, programs, and the testsuite in glibc are now build with memory sealing by default if the toochain supports it. A new configure option, --disable-default-memory-seal, disables it. Checked on aarch64-linux-gnu. --- INSTALL | 5 ++++ Makeconfig | 17 ++++++++++++++ Makerules | 2 ++ NEWS | 4 ++++ configure | 57 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 19 +++++++++++++++ elf/Makefile | 1 + manual/install.texi | 5 ++++ 8 files changed, 110 insertions(+) diff --git a/INSTALL b/INSTALL index 24e3c8d25b..2a340514c2 100644 --- a/INSTALL +++ b/INSTALL @@ -245,6 +245,11 @@ if 'CFLAGS' is specified it must enable optimization. For example: Disable using 'scv' instruction for syscalls. All syscalls will use 'sc' instead, even if the kernel supports 'scv'. PowerPC only. +'--disable-default-memory-seal' + Don't build glibc libraries, programs, and the testsuite with + memory sealing support (GNU_PROPERTY_MEMORY_SEAL). By default, + memory sealing is enabled if toolchain suports the linker option. + '--build=BUILD-SYSTEM' '--host=HOST-SYSTEM' These options are for cross-compiling. If you specify both options diff --git a/Makeconfig b/Makeconfig index a87ff7b1d3..953a8b1d1f 100644 --- a/Makeconfig +++ b/Makeconfig @@ -389,6 +389,21 @@ dt-relr-ldflag = no-dt-relr-ldflag = endif +# Linker options to enable and disable memory sealing (GNU_PROPERTY_MEMORY_SEAL), +# if --disable-default-memory-sealing is used explicit disable memory sealing for +# the case linker defaults to it. +ifeq ($(have-z-memory-seal),yes) +no-memory-seal-ldflag = -Wl,-z,nomemory-seal +ifeq ($(default-memory-seal),yes) +memory-seal-ldflag = -Wl,-z,memory-seal +else +memory-seal-ldflag = $(no-memory-seal-ldflag) +endif +else +memory-seal-ldflag = +no-memory-seal-ldflag = +endif + ifeq (no,$(build-pie-default)) pie-default = $(no-pie-ccflag) else # build-pie-default @@ -433,6 +448,7 @@ link-extra-libs-tests = $(libsupport) ifndef +link-pie +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -Wl,-O1 -nostdlib -nostartfiles \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ @@ -466,6 +482,7 @@ ifndef +link-static +link-static-before-inputs = -nostdlib -nostartfiles -static \ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(static-pie-dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \ $(+preinit) $(+prectorT) diff --git a/Makerules b/Makerules index 275110dda8..f2240ed2df 100644 --- a/Makerules +++ b/Makerules @@ -539,6 +539,7 @@ define build-shlib-helper $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \ $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \ -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \ @@ -555,6 +556,7 @@ define build-module-helper $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -B$(csu-objpfx) $(load-map-file) \ $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \ $(link-test-modules-rpath-link) \ diff --git a/NEWS b/NEWS index f103b4995b..ad1b05e015 100644 --- a/NEWS +++ b/NEWS @@ -41,6 +41,10 @@ Major new features: the binary, any preload and audit modules, and aby library loaded with RTLD_NODELETE. +* All libraries, progras, and the testsuite in glibc are now build with + memory sealing by default if the toochain supports it. A new configure + option, --disable-default-memory-seal, disables it. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/configure b/configure index ec0b62db36..74b56afbbf 100755 --- a/configure +++ b/configure @@ -808,6 +808,7 @@ enable_mathvec enable_cet enable_scv enable_fortify_source +enable_default_memory_sealing with_cpu ' ac_precious_vars='build_alias @@ -1491,6 +1492,9 @@ Optional Features: Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value supported by the build compiler. + --disable-default-memory-sealing + Do not build glibc libraries, programs, and the + testsuite with memory sealing [default=no] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -4855,6 +4859,16 @@ case "$enable_fortify_source" in *) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;; esac +# Check whether --enable-default-memory-sealing was given. +if test ${enable_default_memory_sealing+y} +then : + enableval=$enable_default_memory_sealing; default_memory_sealing=$enableval +else case e in #( + e) default_memory_sealing=yes ;; +esac +fi + + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -7102,6 +7116,49 @@ printf "%s\n" "$libc_linker_feature" >&6; } config_vars="$config_vars have-no-dynamic-linker = $libc_cv_no_dynamic_linker" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for linker that supports -z memory-seal" >&5 +printf %s "checking for linker that supports -z memory-seal... " >&6; } +libc_linker_feature=no +cat > conftest.c <&5 + (eval $ac_try) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then + if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -Wl,-z,memory-seal -nostdlib \ + -nostartfiles -fPIC -shared -o conftest.so conftest.c 2>&1 \ + | grep "warning: -z memory-seal ignored" > /dev/null 2>&1; then + true + else + libc_linker_feature=yes + fi +fi +rm -f conftest* +if test $libc_linker_feature = yes; then + libc_cv_z_memory_seal=yes +else + libc_cv_z_memory_seal=no +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_linker_feature" >&5 +printf "%s\n" "$libc_linker_feature" >&6; } + +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +config_vars="$config_vars +have-z-memory-seal = $libc_cv_z_memory_seal" +config_vars="$config_vars +default-memory-seal = $default_memory_sealing" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -static-pie" >&5 printf %s "checking for -static-pie... " >&6; } if test ${libc_cv_static_pie+y} diff --git a/configure.ac b/configure.ac index 7c9b57789e..0a7776a7bb 100644 --- a/configure.ac +++ b/configure.ac @@ -426,6 +426,12 @@ case "$enable_fortify_source" in *) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);; esac +AC_ARG_ENABLE([default-memory-sealing], + AS_HELP_STRING([--disable-default-memory-sealing], + [Do not build glibc libraries, programs, and the testsuite with memory sealing @<:@default=no@:>@]), + [default_memory_sealing=$enableval], + [default_memory_sealing=yes]) + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -1278,6 +1284,19 @@ LIBC_LINKER_FEATURE([--no-dynamic-linker], [libc_cv_no_dynamic_linker=no]) LIBC_CONFIG_VAR([have-no-dynamic-linker], [$libc_cv_no_dynamic_linker]) +LIBC_LINKER_FEATURE([-z memory-seal], + [-Wl,-z,memory-seal], + [libc_cv_z_memory_seal=yes], + [libc_cv_z_memory_seal=no]) + +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +LIBC_CONFIG_VAR([have-z-memory-seal], [$libc_cv_z_memory_seal]) +LIBC_CONFIG_VAR([default-memory-seal], [$default_memory_sealing]) + AC_CACHE_CHECK(for -static-pie, libc_cv_static_pie, [dnl LIBC_TRY_CC_OPTION([-static-pie], [libc_cv_static_pie=yes], diff --git a/elf/Makefile b/elf/Makefile index 09d77093a7..942761d9c6 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -1392,6 +1392,7 @@ $(objpfx)ld.so: $(objpfx)librtld.os $(ld-map) $(LINK.o) -nostdlib -nostartfiles -shared -o $@.new \ $(LDFLAGS-rtld) -Wl,-z,defs $(z-now-$(bind-now)) \ $(dt-relr-ldflag) \ + $(memory-seal-ldflag) \ $(filter-out $(map-file),$^) $(load-map-file) \ -Wl,-soname=$(rtld-installed-name) $(call after-link,$@.new) diff --git a/manual/install.texi b/manual/install.texi index 3e68a3d823..58363e8a9c 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -272,6 +272,11 @@ C++ libraries. Disable using @code{scv} instruction for syscalls. All syscalls will use @code{sc} instead, even if the kernel supports @code{scv}. PowerPC only. +@item --disable-default-memory-seal +Don't build glibc libraries, programs, and the testsuite with +memory sealing support (@code{GNU_PROPERTY_MEMORY_SEAL}). By default, +memory sealing is enabled if toolchain suports the linker option. + @item --build=@var{build-system} @itemx --host=@var{host-system} These options are for cross-compiling. If you specify both options and