From f753fa7dea3367bd3eb7b543103ff8cda182a3fa Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Mon, 16 Jul 2018 14:08:15 -0700 Subject: x86: Support IBT and SHSTK in Intel CET [BZ #21598] Intel Control-flow Enforcement Technology (CET) instructions: https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-en forcement-technology-preview.pdf includes Indirect Branch Tracking (IBT) and Shadow Stack (SHSTK). GNU_PROPERTY_X86_FEATURE_1_IBT is added to GNU program property to indicate that all executable sections are compatible with IBT when ENDBR instruction starts each valid target where an indirect branch instruction can land. Linker sets GNU_PROPERTY_X86_FEATURE_1_IBT on output only if it is set on all relocatable inputs. On an IBT capable processor, the following steps should be taken: 1. When loading an executable without an interpreter, enable IBT and lock IBT if GNU_PROPERTY_X86_FEATURE_1_IBT is set on the executable. 2. When loading an executable with an interpreter, enable IBT if GNU_PROPERTY_X86_FEATURE_1_IBT is set on the interpreter. a. If GNU_PROPERTY_X86_FEATURE_1_IBT isn't set on the executable, disable IBT. b. Lock IBT. 3. If IBT is enabled, when loading a shared object without GNU_PROPERTY_X86_FEATURE_1_IBT: a. If legacy interwork is allowed, then mark all pages in executable PT_LOAD segments in legacy code page bitmap. Failure of legacy code page bitmap allocation causes an error. b. If legacy interwork isn't allowed, it causes an error. GNU_PROPERTY_X86_FEATURE_1_SHSTK is added to GNU program property to indicate that all executable sections are compatible with SHSTK where return address popped from shadow stack always matches return address popped from normal stack. Linker sets GNU_PROPERTY_X86_FEATURE_1_SHSTK on output only if it is set on all relocatable inputs. On a SHSTK capable processor, the following steps should be taken: 1. When loading an executable without an interpreter, enable SHSTK if GNU_PROPERTY_X86_FEATURE_1_SHSTK is set on the executable. 2. When loading an executable with an interpreter, enable SHSTK if GNU_PROPERTY_X86_FEATURE_1_SHSTK is set on interpreter. a. If GNU_PROPERTY_X86_FEATURE_1_SHSTK isn't set on the executable or any shared objects loaded via the DT_NEEDED tag, disable SHSTK. b. Otherwise lock SHSTK. 3. After SHSTK is enabled, it is an error to load a shared object without GNU_PROPERTY_X86_FEATURE_1_SHSTK. To enable CET support in glibc, --enable-cet is required to configure glibc. When CET is enabled, both compiler and assembler must support CET. Otherwise, it is a configure-time error. To support CET run-time control, 1. _dl_x86_feature_1 is added to the writable ld.so namespace to indicate if IBT or SHSTK are enabled at run-time. It should be initialized by init_cpu_features. 2. For dynamic executables: a. A l_cet field is added to struct link_map to indicate if IBT or SHSTK is enabled in an ELF module. _dl_process_pt_note or _rtld_process_pt_note is called to process PT_NOTE segment for GNU program property and set l_cet. b. _dl_open_check is added to check IBT and SHSTK compatibilty when dlopening a shared object. 3. Replace i386 _dl_runtime_resolve and _dl_runtime_profile with _dl_runtime_resolve_shstk and _dl_runtime_profile_shstk, respectively if SHSTK is enabled. CET run-time control can be changed via GLIBC_TUNABLES with $ export GLIBC_TUNABLES=glibc.tune.x86_shstk=[permissive|on|off] $ export GLIBC_TUNABLES=glibc.tune.x86_ibt=[permissive|on|off] 1. permissive: SHSTK is disabled when dlopening a legacy ELF module. 2. on: IBT or SHSTK are always enabled, regardless if there are IBT or SHSTK bits in GNU program property. 3. off: IBT or SHSTK are always disabled, regardless if there are IBT or SHSTK bits in GNU program property. from CET-enabled GCC is automatically included by assembly codes to add GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK to GNU program property. _CET_ENDBR is added at the entrance of all assembly functions whose address may be taken. _CET_NOTRACK is used to insert NOTRACK prefix with indirect jump table to support IBT. It is defined as notrack when _CET_NOTRACK is defined in . [BZ #21598] * configure.ac: Add --enable-cet. * configure: Regenerated. * elf/Makefille (all-built-dso): Add a comment. * elf/dl-load.c (filebuf): Moved before "dynamic-link.h". Include . (_dl_map_object_from_fd): Call _dl_process_pt_note on PT_NOTE segment. * elf/dl-open.c: Include . (dl_open_worker): Call _dl_open_check. * elf/rtld.c: Include . (dl_main): Call _rtld_process_pt_note on PT_NOTE segment. Call _rtld_main_check. * sysdeps/generic/dl-prop.h: New file. * sysdeps/i386/dl-cet.c: Likewise. * sysdeps/unix/sysv/linux/x86/cpu-features.c: Likewise. * sysdeps/unix/sysv/linux/x86/dl-cet.h: Likewise. * sysdeps/x86/cet-tunables.h: Likewise. * sysdeps/x86/check-cet.awk: Likewise. * sysdeps/x86/configure: Likewise. * sysdeps/x86/configure.ac: Likewise. * sysdeps/x86/dl-cet.c: Likewise. * sysdeps/x86/dl-procruntime.c: Likewise. * sysdeps/x86/dl-prop.h: Likewise. * sysdeps/x86/libc-start.h: Likewise. * sysdeps/x86/link_map.h: Likewise. * sysdeps/i386/dl-trampoline.S (_dl_runtime_resolve): Add _CET_ENDBR. (_dl_runtime_profile): Likewise. (_dl_runtime_resolve_shstk): New. (_dl_runtime_profile_shstk): Likewise. * sysdeps/linux/x86/Makefile (sysdep-dl-routines): Add dl-cet if CET is enabled. (CFLAGS-.o): Add -fcf-protection if CET is enabled. (CFLAGS-.os): Likewise. (CFLAGS-.op): Likewise. (CFLAGS-.oS): Likewise. (asm-CPPFLAGS): Add -fcf-protection -include cet.h if CET is enabled. (tests-special): Add $(objpfx)check-cet.out. (cet-built-dso): New. (+$(cet-built-dso:=.note)): Likewise. (common-generated): Add $(cet-built-dso:$(common-objpfx)%=%.note). ($(objpfx)check-cet.out): New. (generated): Add check-cet.out. * sysdeps/x86/cpu-features.c: Include and . (TUNABLE_CALLBACK (set_x86_ibt)): New prototype. (TUNABLE_CALLBACK (set_x86_shstk)): Likewise. (init_cpu_features): Call get_cet_status to check CET status and update dl_x86_feature_1 with CET status. Call TUNABLE_CALLBACK (set_x86_ibt) and TUNABLE_CALLBACK (set_x86_shstk). Disable and lock CET in libc.a. * sysdeps/x86/cpu-tunables.c: Include . (TUNABLE_CALLBACK (set_x86_ibt)): New function. (TUNABLE_CALLBACK (set_x86_shstk)): Likewise. * sysdeps/x86/sysdep.h (_CET_NOTRACK): New. (_CET_ENDBR): Define if not defined. (ENTRY): Add _CET_ENDBR. * sysdeps/x86/dl-tunables.list (glibc.tune): Add x86_ibt and x86_shstk. * sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve): Add _CET_ENDBR. (_dl_runtime_profile): Likewise. --- sysdeps/x86/dl-prop.h | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 sysdeps/x86/dl-prop.h (limited to 'sysdeps/x86/dl-prop.h') diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h new file mode 100644 index 0000000000..d56e20a6dc --- /dev/null +++ b/sysdeps/x86/dl-prop.h @@ -0,0 +1,153 @@ +/* Support for GNU properties. x86 version. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_PROP_H +#define _DL_PROP_H + +#include + +extern void _dl_cet_check (struct link_map *, const char *) + attribute_hidden; +extern void _dl_cet_open_check (struct link_map *) + attribute_hidden; + +static inline void __attribute__ ((always_inline)) +_rtld_main_check (struct link_map *m, const char *program) +{ +#if CET_ENABLED + _dl_cet_check (m, program); +#endif +} + +static inline void __attribute__ ((always_inline)) +_dl_open_check (struct link_map *m) +{ +#if CET_ENABLED + _dl_cet_open_check (m); +#endif +} + +static inline void __attribute__ ((unused)) +_dl_process_cet_property_note (struct link_map *l, + const ElfW(Nhdr) *note, + const ElfW(Addr) size, + const ElfW(Addr) align) +{ +#if CET_ENABLED + /* The NT_GNU_PROPERTY_TYPE_0 note must be aliged to 4 bytes in + 32-bit objects and to 8 bytes in 64-bit objects. Skip notes + with incorrect alignment. */ + if (align != (__ELF_NATIVE_CLASS / 8)) + return; + + const ElfW(Addr) start = (ElfW(Addr)) note; + + while ((ElfW(Addr)) (note + 1) - start < size) + { + /* Find the NT_GNU_PROPERTY_TYPE_0 note. */ + if (note->n_namesz == 4 + && note->n_type == NT_GNU_PROPERTY_TYPE_0 + && memcmp (note + 1, "GNU", 4) == 0) + { + /* Check for invalid property. */ + if (note->n_descsz < 8 + || (note->n_descsz % sizeof (ElfW(Addr))) != 0) + break; + + /* Start and end of property array. */ + unsigned char *ptr = (unsigned char *) (note + 1) + 4; + unsigned char *ptr_end = ptr + note->n_descsz; + + while (1) + { + unsigned int type = *(unsigned int *) ptr; + unsigned int datasz = *(unsigned int *) (ptr + 4); + + ptr += 8; + if ((ptr + datasz) > ptr_end) + break; + + if (type == GNU_PROPERTY_X86_FEATURE_1_AND + && datasz == 4) + { + unsigned int feature_1 = *(unsigned int *) ptr; + if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_IBT)) + l->l_cet |= lc_ibt; + if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_SHSTK)) + l->l_cet |= lc_shstk; + break; + } + } + } + + /* NB: Note sections like .note.ABI-tag and .note.gnu.build-id are + aligned to 4 bytes in 64-bit ELF objects. */ + note = ((const void *) note + + ELF_NOTE_NEXT_OFFSET (note->n_namesz, note->n_descsz, + align)); + } +#endif +} + +#ifdef FILEBUF_SIZE +static inline int __attribute__ ((unused)) +_dl_process_pt_note (struct link_map *l, const ElfW(Phdr) *ph, + int fd, struct filebuf *fbp) +{ +# if CET_ENABLED + const ElfW(Nhdr) *note; + ElfW(Nhdr) *note_malloced = NULL; + ElfW(Addr) size = ph->p_filesz; + + if (ph->p_offset + size <= (size_t) fbp->len) + note = (const void *) (fbp->buf + ph->p_offset); + else + { + if (size < __MAX_ALLOCA_CUTOFF) + note = alloca (size); + else + { + note_malloced = malloc (size); + note = note_malloced; + } + __lseek (fd, ph->p_offset, SEEK_SET); + if (__read_nocancel (fd, (void *) note, size) != size) + { + if (note_malloced) + free (note_malloced); + return -1; + } + } + + _dl_process_cet_property_note (l, note, size, ph->p_align); + if (note_malloced) + free (note_malloced); +# endif + return 0; +} +#endif + +static inline int __attribute__ ((unused)) +_rtld_process_pt_note (struct link_map *l, const ElfW(Phdr) *ph) +{ + const ElfW(Nhdr) *note = (const void *) (ph->p_vaddr + l->l_addr); + _dl_process_cet_property_note (l, note, ph->p_memsz, ph->p_align); + return 0; +} + +#endif /* _DL_PROP_H */ -- cgit v1.2.3 From 4591b7db23bf5f58f6dbd81a5d9f926bf765cd09 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Fri, 27 Jul 2018 13:20:51 -0700 Subject: x86/CET: Don't parse beyond the note end Simply check if "ptr < ptr_end" since "ptr" is always incremented by 8. Reviewed-by: Carlos O'Donell * sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't parse beyond the note end. --- ChangeLog | 5 +++++ sysdeps/x86/dl-prop.h | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'sysdeps/x86/dl-prop.h') diff --git a/ChangeLog b/ChangeLog index 50fc501865..15b112266b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2018-07-27 H.J. Lu + + * sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't + parse beyond the note end. + 2018-07-27 Adhemerval Zanella * sysdeps/unix/sysv/linux/tst-ofdlocks.c: Return unsupported if diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h index d56e20a6dc..35d3f16a23 100644 --- a/sysdeps/x86/dl-prop.h +++ b/sysdeps/x86/dl-prop.h @@ -73,7 +73,7 @@ _dl_process_cet_property_note (struct link_map *l, unsigned char *ptr = (unsigned char *) (note + 1) + 4; unsigned char *ptr_end = ptr + note->n_descsz; - while (1) + while (ptr < ptr_end) { unsigned int type = *(unsigned int *) ptr; unsigned int datasz = *(unsigned int *) (ptr + 4); -- cgit v1.2.3 From 98864ed0e055583707e37cdb7d41a9cdeac4473b Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Mon, 30 Jul 2018 16:14:46 -0700 Subject: x86/CET: Fix property note parser [BZ #23467] GNU_PROPERTY_X86_FEATURE_1_AND may not be the first property item. We need to check each property item until we reach the end of the property or find GNU_PROPERTY_X86_FEATURE_1_AND. This patch adds 2 tests. The first test checks if IBT is enabled and the second test reads the output from the first test to check if IBT is is enabled. The second second test fails if IBT isn't enabled properly. Reviewed-by: Carlos O'Donell [BZ #23467] * sysdeps/unix/sysv/linux/x86/Makefile (tests): Add tst-cet-property-1 and tst-cet-property-2 if CET is enabled. (CFLAGS-tst-cet-property-1.o): New. (ASFLAGS-tst-cet-property-dep-2.o): Likewise. ($(objpfx)tst-cet-property-2): Likewise. ($(objpfx)tst-cet-property-2.out): Likewise. * sysdeps/unix/sysv/linux/x86/tst-cet-property-1.c: New file. * sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c: Likewise. * sysdeps/unix/sysv/linux/x86/tst-cet-property-dep-2.S: Likewise. * sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Parse each property item until GNU_PROPERTY_X86_FEATURE_1_AND is found. --- ChangeLog | 15 ++++++ sysdeps/unix/sysv/linux/x86/Makefile | 15 ++++++ sysdeps/unix/sysv/linux/x86/tst-cet-property-1.c | 44 +++++++++++++++ sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c | 63 ++++++++++++++++++++++ .../unix/sysv/linux/x86/tst-cet-property-dep-2.S | 63 ++++++++++++++++++++++ sysdeps/x86/dl-prop.h | 29 ++++++---- 6 files changed, 220 insertions(+), 9 deletions(-) create mode 100644 sysdeps/unix/sysv/linux/x86/tst-cet-property-1.c create mode 100644 sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c create mode 100644 sysdeps/unix/sysv/linux/x86/tst-cet-property-dep-2.S (limited to 'sysdeps/x86/dl-prop.h') diff --git a/ChangeLog b/ChangeLog index 75796ee7d6..669bc3c8ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2018-07-30 H.J. Lu + + [BZ #23467] + * sysdeps/unix/sysv/linux/x86/Makefile (tests): Add + tst-cet-property-1 and tst-cet-property-2 if CET is enabled. + (CFLAGS-tst-cet-property-1.o): New. + (ASFLAGS-tst-cet-property-dep-2.o): Likewise. + ($(objpfx)tst-cet-property-2): Likewise. + ($(objpfx)tst-cet-property-2.out): Likewise. + * sysdeps/unix/sysv/linux/x86/tst-cet-property-1.c: New file. + * sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c: Likewise. + * sysdeps/unix/sysv/linux/x86/tst-cet-property-dep-2.S: Likewise. + * sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Parse + each property item until GNU_PROPERTY_X86_FEATURE_1_AND is found. + 2018-07-30 H.J. Lu [BZ #23458] diff --git a/sysdeps/unix/sysv/linux/x86/Makefile b/sysdeps/unix/sysv/linux/x86/Makefile index a30fdb1dc1..7dc4e61756 100644 --- a/sysdeps/unix/sysv/linux/x86/Makefile +++ b/sysdeps/unix/sysv/linux/x86/Makefile @@ -25,6 +25,21 @@ tests += tst-saved_mask-1 endif ifeq ($(enable-cet),yes) +ifeq ($(subdir),elf) +tests += tst-cet-property-1 tst-cet-property-2 + +CFLAGS-tst-cet-property-1.o += -fcf-protection +ASFLAGS-tst-cet-property-dep-2.o += -fcf-protection + +$(objpfx)tst-cet-property-2: $(objpfx)tst-cet-property-dep-2.o +$(objpfx)tst-cet-property-2.out: $(objpfx)tst-cet-property-2 \ + $(objpfx)tst-cet-property-1.out + env $(run-program-env) $(test-via-rtld-prefix) \ + $(objpfx)tst-cet-property-2 \ + < $(objpfx)tst-cet-property-1.out > $@; \ + $(evaluate-test) +endif + ifeq ($(subdir),stdlib) tests += tst-cet-setcontext-1 CFLAGS-tst-cet-setcontext-1.c += -mshstk diff --git a/sysdeps/unix/sysv/linux/x86/tst-cet-property-1.c b/sysdeps/unix/sysv/linux/x86/tst-cet-property-1.c new file mode 100644 index 0000000000..21130faefc --- /dev/null +++ b/sysdeps/unix/sysv/linux/x86/tst-cet-property-1.c @@ -0,0 +1,44 @@ +/* Test CET property note parser. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +/* This test prints out "IBT" if Intel indirect branch tracking (IBT) + is enabled at run-time, which is checked by tst-cet-property-2 to + verify that the IBT violation is caught on IBT machines. */ + +static int +do_test (void) +{ + unsigned int feature_1; +#ifdef __x86_64__ +# define SEG_REG "fs" +#else +# define SEG_REG "gs" +#endif + asm ("movl %%" SEG_REG ":%P1, %0" + : "=r" (feature_1) : "i" (FEATURE_1_OFFSET)); + if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0) + printf ("IBT\n"); + + return 0; +} + +#include diff --git a/sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c b/sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c new file mode 100644 index 0000000000..0531074ceb --- /dev/null +++ b/sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c @@ -0,0 +1,63 @@ +/* Test CET property note parser for [BZ #23467]. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include + +extern void bar (void); + +void +__attribute__ ((noclone, noinline)) +test (void (*func_p) (void)) +{ + func_p (); +} + +/* bar contains an IBT violation if it is called indirectly via a + function pointer. On IBT machines, it should lead to segfault + unless IBT is disabled by error. */ + +static void +sig_handler (int signo) +{ + exit (EXIT_SUCCESS); +} + +static int +do_test (void) +{ + char buf[20]; + + if (scanf ("%20s", buf) != 1) + FAIL_UNSUPPORTED ("IBT not supported"); + + if (strcmp (buf, "IBT") != 0) + FAIL_UNSUPPORTED ("IBT not supported"); + + TEST_VERIFY_EXIT (signal (SIGSEGV, &sig_handler) != SIG_ERR); + + /* Call bar via a function pointer to force an IBT violation. */ + test (bar); + + return EXIT_FAILURE; +} + +#include diff --git a/sysdeps/unix/sysv/linux/x86/tst-cet-property-dep-2.S b/sysdeps/unix/sysv/linux/x86/tst-cet-property-dep-2.S new file mode 100644 index 0000000000..5f5cad34d9 --- /dev/null +++ b/sysdeps/unix/sysv/linux/x86/tst-cet-property-dep-2.S @@ -0,0 +1,63 @@ +/* Test CET property note parser. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + + .text + .p2align 4,,15 + .globl bar + .type bar, @function +/* Since this function doesn't start with ENDBR, it should lead to the + IBT violation when called indirectly. */ +bar: + .cfi_startproc + ret + .cfi_endproc + .size bar, .-bar + +#if __SIZEOF_PTRDIFF_T__ == 8 +# define ALIGN 3 +#elif __SIZEOF_PTRDIFF_T__ == 4 +# define ALIGN 2 +#endif + +/* In NT_GNU_PROPERTY_TYPE_0 note, add a GNU_PROPERTY_STACK_SIZE property + before the GNU_PROPERTY_X86_FEATURE_1_AND property. */ + .section ".note.gnu.property", "a" + .p2align ALIGN + .long 1f - 0f /* name length */ + .long 5f - 2f /* data length */ + .long 5 /* note type */ +0: .asciz "GNU" /* vendor name */ +1: + .p2align ALIGN +2: + .long 1 /* pr_type. */ + .long 4f - 3f /* pr_datasz. */ +3: +#if __SIZEOF_PTRDIFF_T__ == 8 + .long 0x800 + .long 0x800 +#else + .long 0x08000800 +#endif +4: + .p2align ALIGN +5: + + .section .note.GNU-stack,"",@progbits diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h index 35d3f16a23..26c3131ac5 100644 --- a/sysdeps/x86/dl-prop.h +++ b/sysdeps/x86/dl-prop.h @@ -73,7 +73,7 @@ _dl_process_cet_property_note (struct link_map *l, unsigned char *ptr = (unsigned char *) (note + 1) + 4; unsigned char *ptr_end = ptr + note->n_descsz; - while (ptr < ptr_end) + do { unsigned int type = *(unsigned int *) ptr; unsigned int datasz = *(unsigned int *) (ptr + 4); @@ -82,17 +82,28 @@ _dl_process_cet_property_note (struct link_map *l, if ((ptr + datasz) > ptr_end) break; - if (type == GNU_PROPERTY_X86_FEATURE_1_AND - && datasz == 4) + if (type == GNU_PROPERTY_X86_FEATURE_1_AND) { - unsigned int feature_1 = *(unsigned int *) ptr; - if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_IBT)) - l->l_cet |= lc_ibt; - if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_SHSTK)) - l->l_cet |= lc_shstk; - break; + /* The size of GNU_PROPERTY_X86_FEATURE_1_AND is 4 + bytes. When seeing GNU_PROPERTY_X86_FEATURE_1_AND, + we stop the search regardless if its size is correct + or not. There is no point to continue if this note + is ill-formed. */ + if (datasz == 4) + { + unsigned int feature_1 = *(unsigned int *) ptr; + if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_IBT)) + l->l_cet |= lc_ibt; + if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_SHSTK)) + l->l_cet |= lc_shstk; + } + return; } + + /* Check the next property item. */ + ptr += ALIGN_UP (datasz, sizeof (ElfW(Addr))); } + while ((ptr_end - ptr) >= 8); } /* NB: Note sections like .note.ABI-tag and .note.gnu.build-id are -- cgit v1.2.3