x86/cet: Check legacy shadow stack code in .init_array section

Verify that legacy shadow stack code in .init_array section in application and shared library, which are marked as shadow stack enabled, will trigger segfault.
2024-11-22 04:50:07 +00:00 · 2023-03-22 13:34:55 -07:00 · 2023-03-22 13:34:55 -07:00 · 28bd6f832d
commit 28bd6f832d
parent 9424ce80c2
11 changed files with 330 additions and 0 deletions
--- a/sysdeps/x86/Makefile
+++ b/sysdeps/x86/Makefile
@ -173,11 +173,22 @@ tests += \
  tst-shstk-legacy-1b-static \
  tst-shstk-legacy-1c \
  tst-shstk-legacy-1c-static \
+  tst-shstk-legacy-1d \
+  tst-shstk-legacy-1d-static \
+  tst-shstk-legacy-1e \
+  tst-shstk-legacy-1e-static \
+  tst-shstk-legacy-1f \
+  tst-shstk-legacy-1g \
 # tests
+modules-names += \
+  tst-shstk-legacy-mod-1 \
+# modules-names
 tests-static += \
  tst-shstk-legacy-1a-static \
  tst-shstk-legacy-1b-static \
  tst-shstk-legacy-1c-static \
+  tst-shstk-legacy-1d-static \
+  tst-shstk-legacy-1e-static \
 # tests-static
 extra-objs += \
  tst-shstk-legacy-1-extra.o \
@ -237,6 +248,9 @@ CFLAGS-tst-cet-legacy-10a-static.c += -fcf-protection=none

 CFLAGS-tst-shstk-legacy-1a.c += -fcf-protection=none
 CFLAGS-tst-shstk-legacy-1a-static.c += -fcf-protection=none
+CFLAGS-tst-shstk-legacy-1d.c += -fcf-protection=none
+CFLAGS-tst-shstk-legacy-1d-static.c += -fcf-protection=none
+CFLAGS-tst-shstk-legacy-1f.c += -fcf-protection=none

 $(objpfx)tst-cet-legacy-1: $(objpfx)tst-cet-legacy-mod-1.so \
 		       $(objpfx)tst-cet-legacy-mod-2.so
@ -279,6 +293,28 @@ tst-shstk-legacy-1c-ENV = GLIBC_TUNABLES=glibc.cpu.hwcaps=-SHSTK
 tst-shstk-legacy-1c-static-ENV = GLIBC_TUNABLES=glibc.cpu.hwcaps=-SHSTK
 $(objpfx)tst-shstk-legacy-1c: $(objpfx)tst-shstk-legacy-1-extra.o
 $(objpfx)tst-shstk-legacy-1c-static: $(objpfx)tst-shstk-legacy-1-extra.o
+$(objpfx)tst-shstk-legacy-1d: $(objpfx)tst-shstk-legacy-1-extra.o
+$(objpfx)tst-shstk-legacy-1d-static: $(objpfx)tst-shstk-legacy-1-extra.o
+$(objpfx)tst-shstk-legacy-1e: $(objpfx)tst-shstk-legacy-1-extra.o
+$(objpfx)tst-shstk-legacy-1e-static: $(objpfx)tst-shstk-legacy-1-extra.o
+$(objpfx)tst-shstk-legacy-1e.out: \
+  $(..)/sysdeps/x86/tst-shstk-legacy-1e.sh $(objpfx)tst-shstk-legacy-1e
+	$(SHELL) $< $(common-objpfx) '$(test-program-prefix)' 2> $@; \
+	$(evaluate-test)
+$(objpfx)tst-shstk-legacy-1e-static.out: \
+  $(..)/sysdeps/x86/tst-shstk-legacy-1e-static.sh \
+  $(objpfx)tst-shstk-legacy-1e-static
+	$(SHELL) $< $(common-objpfx) 2> $@; \
+	$(evaluate-test)
+$(objpfx)tst-shstk-legacy-1f: $(objpfx)tst-shstk-legacy-mod-1.so
+$(objpfx)tst-shstk-legacy-mod-1.so: \
+  $(objpfx)tst-shstk-legacy-mod-1.os \
+  $(objpfx)tst-shstk-legacy-1-extra.os
+$(objpfx)tst-shstk-legacy-1g: $(objpfx)tst-shstk-legacy-mod-1.so
+$(objpfx)tst-shstk-legacy-1g.out: \
+  $(..)/sysdeps/x86/tst-shstk-legacy-1g.sh $(objpfx)tst-shstk-legacy-1g
+	$(SHELL) $< $(common-objpfx) '$(test-program-prefix)' 2> $@; \
+	$(evaluate-test)
 endif

 # Add -fcf-protection to CFLAGS when CET is enabled.
--- a/sysdeps/x86/tst-shstk-legacy-1d-static.c
+++ b/sysdeps/x86/tst-shstk-legacy-1d-static.c
@ -0,0 +1 @@
+#include "tst-shstk-legacy-1d.c"
--- a/sysdeps/x86/tst-shstk-legacy-1d.c
+++ b/sysdeps/x86/tst-shstk-legacy-1d.c
@ -0,0 +1,47 @@
+/* Check that legacy shadow stack code in init_array won't trigger
+   segfault.
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <support/test-driver.h>
+
+/* Check that legacy shadow stack code in init_array won't trigger
+   segfault.  */
+extern void legacy (void);
+int done;
+
+void
+legacy_1 (void)
+{
+  legacy ();
+  done = 1;
+}
+
+void (*init_array []) (void)
+     __attribute__ ((section (".init_array"), aligned (sizeof (void *)))) =
+{
+  &legacy_1
+};
+
+static int
+do_test (void)
+{
+  return EXIT_SUCCESS;
+}
+
+#include <support/test-driver.c>
--- a/sysdeps/x86/tst-shstk-legacy-1e-static.c
+++ b/sysdeps/x86/tst-shstk-legacy-1e-static.c
@ -0,0 +1 @@
+#include "tst-shstk-legacy-1e.c"
--- a/sysdeps/x86/tst-shstk-legacy-1e-static.sh
+++ b/sysdeps/x86/tst-shstk-legacy-1e-static.sh
@ -0,0 +1,32 @@
+#!/bin/sh
+# Check that legacy shadow stack code in init_array will trigger
+# segfault.
+# Copyright (C) 2023 Free Software Foundation, Inc.
+# This file is part of the GNU C Library.
+
+# The GNU C Library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# The GNU C Library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNU C Library; if not, see
+# <https://www.gnu.org/licenses/>.
+
+common_objpfx=$1; shift
+
+${common_objpfx}elf/tst-shstk-legacy-1e-static
+# The exit status should only be unsupported (77) or segfault (139).
+status=$?
+if test $status -eq 77; then
+  exit 77
+elif test $status == 139; then
+  exit 0
+else
+  exit 1
+fi
--- a/sysdeps/x86/tst-shstk-legacy-1e.c
+++ b/sysdeps/x86/tst-shstk-legacy-1e.c
@ -0,0 +1,53 @@
+/* Check that legacy shadow stack code in init_array will trigger
+   segfault.
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <sys/platform/x86.h>
+#include <support/test-driver.h>
+#include <support/xsignal.h>
+
+/* Check that legacy shadow stack code in init_array will trigger
+   segfault.  */
+extern void legacy (void);
+int done;
+
+void
+legacy_1 (void)
+{
+  legacy ();
+  done = 1;
+}
+
+void (*init_array []) (void)
+     __attribute__ ((section (".init_array"), aligned (sizeof (void *)))) =
+{
+  &legacy_1
+};
+
+static int
+do_test (void)
+{
+  if (!CPU_FEATURE_ACTIVE (SHSTK))
+    return EXIT_UNSUPPORTED;
+
+  return EXIT_FAILURE;
+}
+
+#define EXPECTED_SIGNAL (CPU_FEATURE_ACTIVE (SHSTK) ? SIGSEGV : 0)
+#include <support/test-driver.c>
--- a/sysdeps/x86/tst-shstk-legacy-1e.sh
+++ b/sysdeps/x86/tst-shstk-legacy-1e.sh
@ -0,0 +1,34 @@
+#!/bin/sh
+# Check that legacy shadow stack code in init_array will trigger
+# segfault.
+# Copyright (C) 2023 Free Software Foundation, Inc.
+# This file is part of the GNU C Library.
+
+# The GNU C Library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# The GNU C Library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNU C Library; if not, see
+# <https://www.gnu.org/licenses/>.
+
+common_objpfx=$1; shift
+test_program_prefix=$1; shift
+
+${test_program_prefix} \
+  ${common_objpfx}elf/tst-shstk-legacy-1e
+# The exit status should only be unsupported (77) or segfault (139).
+status=$?
+if test $status -eq 77; then
+  exit 77
+elif test $status == 139; then
+  exit 0
+else
+  exit 1
+fi
--- a/sysdeps/x86/tst-shstk-legacy-1f.c
+++ b/sysdeps/x86/tst-shstk-legacy-1f.c
@ -0,0 +1,29 @@
+/* Check that legacy shadow stack code in init_array won't trigger
+   segfault.
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <support/test-driver.h>
+
+static int
+do_test (void)
+{
+  return EXIT_SUCCESS;
+}
+
+#include <support/test-driver.c>
--- a/sysdeps/x86/tst-shstk-legacy-1g.c
+++ b/sysdeps/x86/tst-shstk-legacy-1g.c
@ -0,0 +1,35 @@
+/* Check that legacy shadow stack code in init_array will trigger
+   segfault.
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <sys/platform/x86.h>
+#include <support/test-driver.h>
+#include <support/xsignal.h>
+
+static int
+do_test (void)
+{
+  if (!CPU_FEATURE_ACTIVE (SHSTK))
+    return EXIT_UNSUPPORTED;
+
+  return EXIT_FAILURE;
+}
+
+#define EXPECTED_SIGNAL (CPU_FEATURE_ACTIVE (SHSTK) ? SIGSEGV : 0)
+#include <support/test-driver.c>
--- a/sysdeps/x86/tst-shstk-legacy-1g.sh
+++ b/sysdeps/x86/tst-shstk-legacy-1g.sh
@ -0,0 +1,34 @@
+#!/bin/sh
+# Check that legacy shadow stack code in init_array will trigger
+# segfault.
+# Copyright (C) 2023 Free Software Foundation, Inc.
+# This file is part of the GNU C Library.
+
+# The GNU C Library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# The GNU C Library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNU C Library; if not, see
+# <https://www.gnu.org/licenses/>.
+
+common_objpfx=$1; shift
+test_program_prefix=$1; shift
+
+${test_program_prefix} \
+  ${common_objpfx}elf/tst-shstk-legacy-1g
+# The exit status should only be unsupported (77) or segfault (139).
+status=$?
+if test $status -eq 77; then
+  exit 77
+elif test $status == 139; then
+  exit 0
+else
+  exit 1
+fi
--- a/sysdeps/x86/tst-shstk-legacy-mod-1.c
+++ b/sysdeps/x86/tst-shstk-legacy-mod-1.c
@ -0,0 +1,28 @@
+/* Check legacy shadow stack code in init_array.
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+
+/* Check legacy shadow stack code in init_array.  */
+extern void legacy (void) __attribute__ ((visibility ("hidden")));
+
+void (*init_array []) (void)
+     __attribute__ ((section (".init_array"), aligned (sizeof (void *)))) =
+{
+  &legacy
+};