From fddcd003776ce242526e809ebfbdcccf31e486c6 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Wed, 25 Jul 2018 04:46:53 -0700 Subject: x86/CET: Add tests with legacy non-CET shared objects Check binary compatibility of CET-enabled executables: 1. When CET-enabled executable is used with legacy non-CET shared object at run-time, ld.so should disable SHSTK and put legacy non-CET shared objects in legacy bitmap. 2. When IBT-enabled executable dlopens legacy non-CET shared object, ld.so should put legacy shared object in legacy bitmap. 3. Use GLIBC_TUNABLES=glibc.tune.x86_shstk=[on|off|permissive] to control how SHSTK is enabled. * sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1, tst-cet-legacy-2, tst-cet-legacy-2a, tst-cet-legacy-3, tst-cet-legacy-4, tst-cet-legacy-4a, tst-cet-legacy-4b and tst-cet-legacy-4c. (modules-names): Add tst-cet-legacy-mod-1, tst-cet-legacy-mod-2 and tst-cet-legacy-mod-4. (CFLAGS-tst-cet-legacy-2.c): New. (CFLAGS-tst-cet-legacy-mod-1.c): Likewise. (CFLAGS-tst-cet-legacy-mod-2.c): Likewise. (CFLAGS-tst-cet-legacy-3.c): Likewise. (CFLAGS-tst-cet-legacy-4.c): Likewise. (CFLAGS-tst-cet-legacy-mod-4.c): Likewise. ($(objpfx)tst-cet-legacy-1): Likewise. ($(objpfx)tst-cet-legacy-2): Likewise. ($(objpfx)tst-cet-legacy-2.out): Likewise. ($(objpfx)tst-cet-legacy-2a): Likewise. ($(objpfx)tst-cet-legacy-2a.out): Likewise. ($(objpfx)tst-cet-legacy-4): Likewise. ($(objpfx)tst-cet-legacy-4.out): Likewise. ($(objpfx)tst-cet-legacy-4a): Likewise. ($(objpfx)tst-cet-legacy-4a.out): Likewise. (tst-cet-legacy-4a-ENV): Likewise. ($(objpfx)tst-cet-legacy-4b): Likewise. ($(objpfx)tst-cet-legacy-4b.out): Likewise. (tst-cet-legacy-4b-ENV): Likewise. ($(objpfx)tst-cet-legacy-4c): Likewise. ($(objpfx)tst-cet-legacy-4c.out): Likewise. (tst-cet-legacy-4c-ENV): Likewise. * sysdeps/x86/tst-cet-legacy-1.c: New file. * sysdeps/x86/tst-cet-legacy-2.c: Likewise. * sysdeps/x86/tst-cet-legacy-2a.c: Likewise. * sysdeps/x86/tst-cet-legacy-3.c: Likewise. * sysdeps/x86/tst-cet-legacy-4.c: Likewise. * sysdeps/x86/tst-cet-legacy-4a.c: Likewise. * sysdeps/x86/tst-cet-legacy-4b.c: Likewise. * sysdeps/x86/tst-cet-legacy-4c.c: Likewise. * sysdeps/x86/tst-cet-legacy-mod-1.c: Likewise. * sysdeps/x86/tst-cet-legacy-mod-2.c: Likewise. * sysdeps/x86/tst-cet-legacy-mod-4.c: Likewise. --- ChangeLog | 42 +++++++++++++++++++++++++ sysdeps/x86/Makefile | 38 ++++++++++++++++++++++ sysdeps/x86/tst-cet-legacy-1.c | 44 ++++++++++++++++++++++++++ sysdeps/x86/tst-cet-legacy-2.c | 64 ++++++++++++++++++++++++++++++++++++++ sysdeps/x86/tst-cet-legacy-2a.c | 1 + sysdeps/x86/tst-cet-legacy-3.c | 37 ++++++++++++++++++++++ sysdeps/x86/tst-cet-legacy-4.c | 56 +++++++++++++++++++++++++++++++++ sysdeps/x86/tst-cet-legacy-4a.c | 1 + sysdeps/x86/tst-cet-legacy-4b.c | 1 + sysdeps/x86/tst-cet-legacy-4c.c | 1 + sysdeps/x86/tst-cet-legacy-mod-1.c | 24 ++++++++++++++ sysdeps/x86/tst-cet-legacy-mod-2.c | 24 ++++++++++++++ sysdeps/x86/tst-cet-legacy-mod-4.c | 2 ++ 13 files changed, 335 insertions(+) create mode 100644 sysdeps/x86/tst-cet-legacy-1.c create mode 100644 sysdeps/x86/tst-cet-legacy-2.c create mode 100644 sysdeps/x86/tst-cet-legacy-2a.c create mode 100644 sysdeps/x86/tst-cet-legacy-3.c create mode 100644 sysdeps/x86/tst-cet-legacy-4.c create mode 100644 sysdeps/x86/tst-cet-legacy-4a.c create mode 100644 sysdeps/x86/tst-cet-legacy-4b.c create mode 100644 sysdeps/x86/tst-cet-legacy-4c.c create mode 100644 sysdeps/x86/tst-cet-legacy-mod-1.c create mode 100644 sysdeps/x86/tst-cet-legacy-mod-2.c create mode 100644 sysdeps/x86/tst-cet-legacy-mod-4.c diff --git a/ChangeLog b/ChangeLog index fb4a45bacc..d387465f29 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,45 @@ +2018-07-25 H.J. Lu + + * sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1, + tst-cet-legacy-2, tst-cet-legacy-2a, tst-cet-legacy-3, + tst-cet-legacy-4, tst-cet-legacy-4a, tst-cet-legacy-4b + and tst-cet-legacy-4c. + (modules-names): Add tst-cet-legacy-mod-1, tst-cet-legacy-mod-2 + and tst-cet-legacy-mod-4. + (CFLAGS-tst-cet-legacy-2.c): New. + (CFLAGS-tst-cet-legacy-mod-1.c): Likewise. + (CFLAGS-tst-cet-legacy-mod-2.c): Likewise. + (CFLAGS-tst-cet-legacy-3.c): Likewise. + (CFLAGS-tst-cet-legacy-4.c): Likewise. + (CFLAGS-tst-cet-legacy-mod-4.c): Likewise. + ($(objpfx)tst-cet-legacy-1): Likewise. + ($(objpfx)tst-cet-legacy-2): Likewise. + ($(objpfx)tst-cet-legacy-2.out): Likewise. + ($(objpfx)tst-cet-legacy-2a): Likewise. + ($(objpfx)tst-cet-legacy-2a.out): Likewise. + ($(objpfx)tst-cet-legacy-4): Likewise. + ($(objpfx)tst-cet-legacy-4.out): Likewise. + ($(objpfx)tst-cet-legacy-4a): Likewise. + ($(objpfx)tst-cet-legacy-4a.out): Likewise. + (tst-cet-legacy-4a-ENV): Likewise. + ($(objpfx)tst-cet-legacy-4b): Likewise. + ($(objpfx)tst-cet-legacy-4b.out): Likewise. + (tst-cet-legacy-4b-ENV): Likewise. + ($(objpfx)tst-cet-legacy-4c): Likewise. + ($(objpfx)tst-cet-legacy-4c.out): Likewise. + (tst-cet-legacy-4c-ENV): Likewise. + * sysdeps/x86/tst-cet-legacy-1.c: New file. + * sysdeps/x86/tst-cet-legacy-2.c: Likewise. + * sysdeps/x86/tst-cet-legacy-2a.c: Likewise. + * sysdeps/x86/tst-cet-legacy-3.c: Likewise. + * sysdeps/x86/tst-cet-legacy-4.c: Likewise. + * sysdeps/x86/tst-cet-legacy-4a.c: Likewise. + * sysdeps/x86/tst-cet-legacy-4b.c: Likewise. + * sysdeps/x86/tst-cet-legacy-4c.c: Likewise. + * sysdeps/x86/tst-cet-legacy-mod-1.c: Likewise. + * sysdeps/x86/tst-cet-legacy-mod-2.c: Likewise. + * sysdeps/x86/tst-cet-legacy-mod-4.c: Likewise. + 2018-07-25 H.J. Lu * sysdeps/i386/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New. diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile index e9b2d0b35d..672bb19489 100644 --- a/sysdeps/x86/Makefile +++ b/sysdeps/x86/Makefile @@ -17,6 +17,44 @@ endif ifeq ($(enable-cet),yes) ifeq ($(subdir),elf) sysdep-dl-routines += dl-cet + +tests += tst-cet-legacy-1 tst-cet-legacy-2 tst-cet-legacy-2a \ + tst-cet-legacy-3 tst-cet-legacy-4 +ifneq (no,$(have-tunables)) +tests += tst-cet-legacy-4a tst-cet-legacy-4b tst-cet-legacy-4c +endif +modules-names += tst-cet-legacy-mod-1 tst-cet-legacy-mod-2 \ + tst-cet-legacy-mod-4 + +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-2a.c += -fcf-protection +CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none +CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none +CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-4a.c += -fcf-protection +CFLAGS-tst-cet-legacy-4b.c += -fcf-protection +CFLAGS-tst-cet-legacy-mod-4.c += -fcf-protection=none + +$(objpfx)tst-cet-legacy-1: $(objpfx)tst-cet-legacy-mod-1.so \ + $(objpfx)tst-cet-legacy-mod-2.so +$(objpfx)tst-cet-legacy-2: $(objpfx)tst-cet-legacy-mod-2.so $(libdl) +$(objpfx)tst-cet-legacy-2.out: $(objpfx)tst-cet-legacy-mod-1.so +$(objpfx)tst-cet-legacy-2a: $(objpfx)tst-cet-legacy-mod-2.so $(libdl) +$(objpfx)tst-cet-legacy-2a.out: $(objpfx)tst-cet-legacy-mod-1.so +$(objpfx)tst-cet-legacy-4: $(libdl) +$(objpfx)tst-cet-legacy-4.out: $(objpfx)tst-cet-legacy-mod-4.so +ifneq (no,$(have-tunables)) +$(objpfx)tst-cet-legacy-4a: $(libdl) +$(objpfx)tst-cet-legacy-4a.out: $(objpfx)tst-cet-legacy-mod-4.so +tst-cet-legacy-4a-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=permissive +$(objpfx)tst-cet-legacy-4b: $(libdl) +$(objpfx)tst-cet-legacy-4b.out: $(objpfx)tst-cet-legacy-mod-4.so +tst-cet-legacy-4b-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=on +$(objpfx)tst-cet-legacy-4c: $(libdl) +$(objpfx)tst-cet-legacy-4c.out: $(objpfx)tst-cet-legacy-mod-4.so +tst-cet-legacy-4c-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=off +endif endif # Add -fcf-protection to CFLAGS when CET is enabled. diff --git a/sysdeps/x86/tst-cet-legacy-1.c b/sysdeps/x86/tst-cet-legacy-1.c new file mode 100644 index 0000000000..861c09a26e --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-1.c @@ -0,0 +1,44 @@ +/* Check compatibility of CET-enabled executable linked with legacy + shared object. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include + +extern int in_dso_1 (void); +extern int in_dso_2 (void); + +static int +do_test (void) +{ + if (in_dso_1 () != 0x1234678) + { + puts ("in_dso_1 () != 0x1234678"); + exit (1); + } + + if (in_dso_2 () != 0xbadbeef) + { + puts ("in_dso_2 () != 0xbadbeef"); + exit (1); + } + + return 0; +} + +#include diff --git a/sysdeps/x86/tst-cet-legacy-2.c b/sysdeps/x86/tst-cet-legacy-2.c new file mode 100644 index 0000000000..e039a16797 --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-2.c @@ -0,0 +1,64 @@ +/* Check compatibility of CET-enabled executable with dlopened legacy + shared object. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +extern int in_dso_2 (void); + +static int +do_test (void) +{ + static const char modname[] = "tst-cet-legacy-mod-1.so"; + int (*fp) (void); + void *h; + + h = dlopen (modname, RTLD_LAZY); + if (h == NULL) + { + printf ("cannot open '%s': %s\n", modname, dlerror ()); + exit (1); + } + + fp = dlsym (h, "in_dso_1"); + if (fp == NULL) + { + printf ("cannot get symbol 'in_dso': %s\n", dlerror ()); + exit (1); + } + + if (fp () != 0x1234678) + { + puts ("in_dso_1 () != 0x1234678"); + exit (1); + } + + if (in_dso_2 () != 0xbadbeef) + { + puts ("in_dso_2 () != 0xbadbeef"); + exit (1); + } + + dlclose (h); + + return 0; +} + +#include diff --git a/sysdeps/x86/tst-cet-legacy-2a.c b/sysdeps/x86/tst-cet-legacy-2a.c new file mode 100644 index 0000000000..d5aead4303 --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-2a.c @@ -0,0 +1 @@ +#include "tst-cet-legacy-2.c" diff --git a/sysdeps/x86/tst-cet-legacy-3.c b/sysdeps/x86/tst-cet-legacy-3.c new file mode 100644 index 0000000000..bab9faa8b0 --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-3.c @@ -0,0 +1,37 @@ +/* Check compatibility of CET-enabled executable with dlopened legacy + shared object. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +int +test (void) +{ + printf ("PASS\n"); + return 0; +} + +#ifndef TEST_MODULE +static int +do_test (void) +{ + return test (); +} + +#include +#endif diff --git a/sysdeps/x86/tst-cet-legacy-4.c b/sysdeps/x86/tst-cet-legacy-4.c new file mode 100644 index 0000000000..3ead63dd24 --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-4.c @@ -0,0 +1,56 @@ +/* Check compatibility of CET-enabled executable with dlopened legacy + shared object. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +static int +do_test (void) +{ + static const char modname[] = "tst-cet-legacy-mod-4.so"; + int (*fp) (void); + void *h; + + h = dlopen (modname, RTLD_LAZY); + if (h == NULL) + { + printf ("cannot open '%s': %s\n", modname, dlerror ()); + exit (1); + } + + fp = dlsym (h, "test"); + if (fp == NULL) + { + printf ("cannot get symbol 'test': %s\n", dlerror ()); + exit (1); + } + + if (fp () != 0) + { + puts ("test () != 0"); + exit (1); + } + + dlclose (h); + + return 0; +} + +#include diff --git a/sysdeps/x86/tst-cet-legacy-4a.c b/sysdeps/x86/tst-cet-legacy-4a.c new file mode 100644 index 0000000000..b9bb18c36b --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-4a.c @@ -0,0 +1 @@ +#include "tst-cet-legacy-4.c" diff --git a/sysdeps/x86/tst-cet-legacy-4b.c b/sysdeps/x86/tst-cet-legacy-4b.c new file mode 100644 index 0000000000..b9bb18c36b --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-4b.c @@ -0,0 +1 @@ +#include "tst-cet-legacy-4.c" diff --git a/sysdeps/x86/tst-cet-legacy-4c.c b/sysdeps/x86/tst-cet-legacy-4c.c new file mode 100644 index 0000000000..b9bb18c36b --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-4c.c @@ -0,0 +1 @@ +#include "tst-cet-legacy-4.c" diff --git a/sysdeps/x86/tst-cet-legacy-mod-1.c b/sysdeps/x86/tst-cet-legacy-mod-1.c new file mode 100644 index 0000000000..09762bce13 --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-mod-1.c @@ -0,0 +1,24 @@ +/* Check compatibility of CET-enabled executable with legacy shared + object. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int +in_dso_1 (void) +{ + return 0x1234678; +} diff --git a/sysdeps/x86/tst-cet-legacy-mod-2.c b/sysdeps/x86/tst-cet-legacy-mod-2.c new file mode 100644 index 0000000000..1c8de443f6 --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-mod-2.c @@ -0,0 +1,24 @@ +/* Check compatibility of CET-enabled executable with legacy shared + object. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int +in_dso_2 (void) +{ + return 0xbadbeef; +} diff --git a/sysdeps/x86/tst-cet-legacy-mod-4.c b/sysdeps/x86/tst-cet-legacy-mod-4.c new file mode 100644 index 0000000000..a93c2fe4a7 --- /dev/null +++ b/sysdeps/x86/tst-cet-legacy-mod-4.c @@ -0,0 +1,2 @@ +#define TEST_MODULE +#include "tst-cet-legacy-3.c" -- cgit v1.2.3