* sysdeps/i386/dl-machine.h (RTLD_START): Set __libc_stack_end before

calling _dl_start, using GOTOFF access.

	* configure.in (libc_cv_z_execstack): New check.
	* configure: Regenerated.
	* config.make.in (have-z-execstack): New variable set by it.
	* elf/tst-execstack.c: New file.
	* elf/tst-execstack-mod.c: New file.
	* elf/tst-execstack-needed.c: New file.
	* elf/Makefile (tests-execstack-yes, modules-execstack-yes): New
	variables.
	(tests, modules-names): Conditionally include them.
	(distribute): Add tst-execstack-mod.c here.
	($(objpfx)tst-execstack, $(objpfx)tst-execstack.out): New targets.
	(LDFLAGS-tst-execstack, LDFLAGS-tst-execstack-mod): New variables.
	($(objpfx)tst-execstack-needed): New target.
	(LDFLAGS-tst-execstack-needed): New variable.

	* sysdeps/generic/ldsodefs.h (struct rtld_global): Add _dl_stack_flags
	and _dl_make_stack_executable_hook.  Declare _dl_make_stack_executable.
	* elf/rtld.c (_rtld_global): Add initializer for _dl_stack_flags.
	(dl_main): Reset _dl_stack_flags according to PT_GNU_STACK phdr.
	Initialize _dl_make_stack_executable_hook.
	* elf/dl-support.c: Define those new variables.
	(_dl_non_dynamic_init): Scan phdrs for PT_GNU_STACK.
	(_dl_phdr): Fix type.
	* elf/dl-load.c (_dl_map_object_from_fd): Grok PT_GNU_STACK phdr and
	enable execute permission for the stack if necessary.
	* sysdeps/generic/dl-execstack.c: New file.
	* elf/Makefile (dl-routines): Add it.
	* elf/Versions (ld: GLIBC_PRIVATE): Add _dl_make_stack_executable.
	* sysdeps/unix/sysv/linux/dl-execstack.c: New file.
This commit is contained in:
Roland McGrath 2003-09-23 12:07:26 +00:00
parent ecdeaac05f
commit 2abf9ff113
9 changed files with 684 additions and 147 deletions

View File

@ -1,3 +1,38 @@
2003-09-23 Roland McGrath <roland@redhat.com>
* sysdeps/i386/dl-machine.h (RTLD_START): Set __libc_stack_end before
calling _dl_start, using GOTOFF access.
* configure.in (libc_cv_z_execstack): New check.
* configure: Regenerated.
* config.make.in (have-z-execstack): New variable set by it.
* elf/tst-execstack.c: New file.
* elf/tst-execstack-mod.c: New file.
* elf/tst-execstack-needed.c: New file.
* elf/Makefile (tests-execstack-yes, modules-execstack-yes): New
variables.
(tests, modules-names): Conditionally include them.
(distribute): Add tst-execstack-mod.c here.
($(objpfx)tst-execstack, $(objpfx)tst-execstack.out): New targets.
(LDFLAGS-tst-execstack, LDFLAGS-tst-execstack-mod): New variables.
($(objpfx)tst-execstack-needed): New target.
(LDFLAGS-tst-execstack-needed): New variable.
* sysdeps/generic/ldsodefs.h (struct rtld_global): Add _dl_stack_flags
and _dl_make_stack_executable_hook. Declare _dl_make_stack_executable.
* elf/rtld.c (_rtld_global): Add initializer for _dl_stack_flags.
(dl_main): Reset _dl_stack_flags according to PT_GNU_STACK phdr.
Initialize _dl_make_stack_executable_hook.
* elf/dl-support.c: Define those new variables.
(_dl_non_dynamic_init): Scan phdrs for PT_GNU_STACK.
(_dl_phdr): Fix type.
* elf/dl-load.c (_dl_map_object_from_fd): Grok PT_GNU_STACK phdr and
enable execute permission for the stack if necessary.
* sysdeps/generic/dl-execstack.c: New file.
* elf/Makefile (dl-routines): Add it.
* elf/Versions (ld: GLIBC_PRIVATE): Add _dl_make_stack_executable.
* sysdeps/unix/sysv/linux/dl-execstack.c: New file.
2003-09-23 Ulrich Drepper <drepper@redhat.com> 2003-09-23 Ulrich Drepper <drepper@redhat.com>
* sysdeps/posix/sprofil.c (pc_to_index): Remove inline marker. * sysdeps/posix/sprofil.c (pc_to_index): Remove inline marker.

View File

@ -42,6 +42,7 @@ have-z-nodelete = @libc_cv_z_nodelete@
have-z-nodlopen = @libc_cv_z_nodlopen@ have-z-nodlopen = @libc_cv_z_nodlopen@
have-z-initfirst = @libc_cv_z_initfirst@ have-z-initfirst = @libc_cv_z_initfirst@
have-z-combreloc = @libc_cv_z_combreloc@ have-z-combreloc = @libc_cv_z_combreloc@
have-z-execstack = @libc_cv_z_execstack@
have-initfini = @libc_cv_have_initfini@ have-initfini = @libc_cv_have_initfini@
have-Bgroup = @libc_cv_Bgroup@ have-Bgroup = @libc_cv_Bgroup@
need-nopic-initfini = @nopic_initfini@ need-nopic-initfini = @nopic_initfini@

544
configure vendored

File diff suppressed because it is too large Load Diff

View File

@ -1334,6 +1334,7 @@ EOF
ASFLAGS_config="$ASFLAGS_config -Wa,--noexecstack" ASFLAGS_config="$ASFLAGS_config -Wa,--noexecstack"
fi fi
AC_SUBST(ASFLAGS_config) AC_SUBST(ASFLAGS_config)
AC_CACHE_CHECK(for -z combreloc, AC_CACHE_CHECK(for -z combreloc,
libc_cv_z_combreloc, [dnl libc_cv_z_combreloc, [dnl
cat > conftest.c <<EOF cat > conftest.c <<EOF
@ -1363,8 +1364,25 @@ dnl look for a section named .rel.dyn.
if test "$libc_cv_z_combreloc" = yes; then if test "$libc_cv_z_combreloc" = yes; then
AC_DEFINE(HAVE_Z_COMBRELOC) AC_DEFINE(HAVE_Z_COMBRELOC)
fi fi
AC_SUBST(libc_cv_z_combreloc)
AC_CACHE_CHECK(for -z execstack,
libc_cv_z_execstack, [dnl
cat > conftest.c <<EOF
int _start (void) { return 42; }
EOF
if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS
-shared -o conftest.so conftest.c
-Wl,-z,execstack -nostdlib
1>&AS_MESSAGE_LOG_FD])
then
libc_cv_z_execstack=yes
else
libc_cv_z_execstack=no
fi
rm -f conftest*])
AC_SUBST(libc_cv_z_execstack)
fi fi
AC_SUBST(libc_cv_z_combreloc)
if test $elf != yes; then if test $elf != yes; then
AC_CACHE_CHECK(for .init and .fini sections, libc_cv_have_initfini, AC_CACHE_CHECK(for .init and .fini sections, libc_cv_have_initfini,

View File

@ -29,7 +29,8 @@ routines = $(dl-routines) dl-open dl-close dl-support dl-iteratephdr \
# profiled libraries. # profiled libraries.
dl-routines = $(addprefix dl-,load cache lookup object reloc deps \ dl-routines = $(addprefix dl-,load cache lookup object reloc deps \
runtime error init fini debug misc \ runtime error init fini debug misc \
version profile conflict tls origin) version profile conflict tls origin \
execstack)
all-dl-routines = $(dl-routines) $(sysdep-dl-routines) all-dl-routines = $(dl-routines) $(sysdep-dl-routines)
# But they are absent from the shared libc, because that code is in ld.so. # But they are absent from the shared libc, because that code is in ld.so.
elide-routines.os = $(all-dl-routines) dl-support enbl-secure \ elide-routines.os = $(all-dl-routines) dl-support enbl-secure \
@ -80,6 +81,7 @@ distribute := rtld-Rules \
reldep9.c reldep9mod1.c reldep9mod2.c reldep9mod3.c \ reldep9.c reldep9mod1.c reldep9mod2.c reldep9mod3.c \
tst-array1.exp tst-array2.exp tst-array4.exp \ tst-array1.exp tst-array2.exp tst-array4.exp \
tst-array2dep.c \ tst-array2dep.c \
tst-execstack-mod.c \
check-textrel.c dl-sysdep.h check-textrel.c dl-sysdep.h
CFLAGS-dl-runtime.c = -fexceptions -fasynchronous-unwind-tables CFLAGS-dl-runtime.c = -fexceptions -fasynchronous-unwind-tables
@ -150,12 +152,14 @@ tests += loadtest restest1 preloadtest loadfail multiload origtest resolvfail \
neededtest3 neededtest4 unload2 lateglobal initfirst global \ neededtest3 neededtest4 unload2 lateglobal initfirst global \
restest2 next dblload dblunload reldep5 reldep6 reldep7 reldep8 \ restest2 next dblload dblunload reldep5 reldep6 reldep7 reldep8 \
circleload1 tst-tls3 tst-tls4 tst-tls5 tst-tls6 tst-tls7 tst-tls8 \ circleload1 tst-tls3 tst-tls4 tst-tls5 tst-tls6 tst-tls7 tst-tls8 \
tst-tls10 tst-tls11 tst-tls12 tst-tls13 tst-tls14 tst-align tst-tls10 tst-tls11 tst-tls12 tst-tls13 tst-tls14 tst-align \
$(tests-execstack-$(have-z-execstack))
# reldep9 # reldep9
test-srcs = tst-pathopt test-srcs = tst-pathopt
tests-vis-yes = vismain tests-vis-yes = vismain
tests-nodelete-yes = nodelete nodelete2 tests-nodelete-yes = nodelete nodelete2
tests-nodlopen-yes = nodlopen nodlopen2 tests-nodlopen-yes = nodlopen nodlopen2
tests-execstack-yes = tst-execstack tst-execstack-needed
endif endif
modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
testobj1_1 failobj constload2 constload3 unloadmod \ testobj1_1 failobj constload2 constload3 unloadmod \
@ -178,7 +182,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
circlemod3 circlemod3a \ circlemod3 circlemod3a \
reldep8mod1 reldep8mod2 reldep8mod3 \ reldep8mod1 reldep8mod2 reldep8mod3 \
reldep9mod1 reldep9mod2 reldep9mod3 \ reldep9mod1 reldep9mod2 reldep9mod3 \
tst-alignmod tst-alignmod $(modules-execstack-$(have-z-execstack))
ifeq (yes,$(have-initfini-array)) ifeq (yes,$(have-initfini-array))
modules-names += tst-array2dep modules-names += tst-array2dep
endif endif
@ -186,6 +190,7 @@ modules-vis-yes = vismod1 vismod2 vismod3
modules-nodelete-yes = nodelmod1 nodelmod2 nodelmod3 nodelmod4 \ modules-nodelete-yes = nodelmod1 nodelmod2 nodelmod3 nodelmod4 \
nodel2mod1 nodel2mod2 nodel2mod3 nodel2mod1 nodel2mod2 nodel2mod3
modules-nodlopen-yes = nodlopenmod nodlopenmod2 modules-nodlopen-yes = nodlopenmod nodlopenmod2
modules-execstack-yes = tst-execstack-mod
extra-objs += $(addsuffix .os,$(strip $(modules-names))) extra-objs += $(addsuffix .os,$(strip $(modules-names)))
# We need this variable to be sure the test modules get the right CPPFLAGS. # We need this variable to be sure the test modules get the right CPPFLAGS.
test-extras += $(modules-names) test-extras += $(modules-names)
@ -660,6 +665,16 @@ $(objpfx)tst-tls9-static: $(common-objpfx)dlfcn/libdl.a
$(objpfx)tst-tls9-static.out: $(objpfx)tst-tlsmod5.so $(objpfx)tst-tlsmod6.so $(objpfx)tst-tls9-static.out: $(objpfx)tst-tlsmod5.so $(objpfx)tst-tlsmod6.so
endif endif
ifeq ($(have-z-execstack),yes)
$(objpfx)tst-execstack: $(libdl)
$(objpfx)tst-execstack.out: $(objpfx)tst-execstack-mod.so
LDFLAGS-tst-execstack = -Wl,-z,noexecstack
LDFLAGS-tst-execstack-mod = -Wl,-z,execstack
$(objpfx)tst-execstack-needed: $(objpfx)tst-execstack-mod.so
LDFLAGS-tst-execstack-needed = -Wl,-z,noexecstack
endif
$(objpfx)tst-array1.out: $(objpfx)tst-array1 $(objpfx)tst-array1.out: $(objpfx)tst-array1
$(elf-objpfx)$(rtld-installed-name) \ $(elf-objpfx)$(rtld-installed-name) \
--library-path $(rpath-link)$(patsubst %,:%,$(sysdep-library-path)) \ --library-path $(rpath-link)$(patsubst %,:%,$(sysdep-library-path)) \

30
elf/tst-execstack-mod.c Normal file
View File

@ -0,0 +1,30 @@
/* Test module for making nonexecutable stacks executable
on load of a DSO that requires executable stacks. */
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
void callme (void (*callback) (void));
/* This is a function that makes use of executable stack by
using a local function trampoline. */
void
tryme (void)
{
bool ok = false;
void callback (void) { ok = true; }
callme (&callback);
if (ok)
printf ("DSO called ok (local %p, trampoline %p)\n", &ok, &callback);
else
abort ();
}
void
callme (void (*callback) (void))
{
(*callback) ();
}

View File

@ -0,0 +1,36 @@
/* Test program for making nonexecutable stacks executable
on DT_NEEDED load of a DSO that requires executable stacks. */
#include <dlfcn.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <error.h>
extern void tryme (void); /* from tst-execstack-mod.so */
static void deeper (void (*f) (void));
static int
do_test (void)
{
tryme ();
/* Test that growing the stack region gets new executable pages too. */
deeper (&tryme);
return 0;
}
static void
deeper (void (*f) (void))
{
char stack[1100 * 1024];
memfrob (stack, sizeof stack);
(*f) ();
memfrob (stack, sizeof stack);
}
#define TEST_FUNCTION do_test ()
#include "../test-skeleton.c"

133
elf/tst-execstack.c Normal file
View File

@ -0,0 +1,133 @@
/* Test program for making nonexecutable stacks executable
on load of a DSO that requires executable stacks. */
#include <dlfcn.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <error.h>
static void
print_maps (void)
{
#if 0
char *cmd = NULL;
asprintf (&cmd, "cat /proc/%d/maps", getpid ());
system (cmd);
free (cmd);
#endif
}
static void deeper (void (*f) (void));
#if USE_PTHREADS
# include <pthread.h>
static void *
tryme_thread (void *f)
{
(*((void (*) (void)) f)) ();
return 0;
}
static pthread_barrier_t startup_barrier, go_barrier;
static void *
waiter_thread (void *arg)
{
void **f = arg;
pthread_barrier_wait (&startup_barrier);
pthread_barrier_wait (&go_barrier);
(*((void (*) (void)) *f)) ();
return 0;
}
#endif
static int
do_test (void)
{
void *f;
#if USE_PTHREADS
/* Create some threads while stacks are nonexecutable. */
#define N 5
pthread_t thr[N];
pthread_barrier_init (&startup_barrier, NULL, N + 1);
pthread_barrier_init (&go_barrier, NULL, N + 1);
for (int i = 0; i < N; ++i)
{
int rc = pthread_create (&thr[i], NULL, &waiter_thread, &f);
if (rc)
error (1, rc, "pthread_create");
}
/* Make sure they are all there using their stacks. */
pthread_barrier_wait (&startup_barrier);
puts ("threads waiting");
#endif
print_maps ();
/* Loading this module should force stacks to become executable. */
void *h = dlopen ("tst-execstack-mod.so", RTLD_LAZY);
if (h == NULL)
{
printf ("cannot load: %s\n", dlerror ());
return 1;
}
f = dlsym (h, "tryme");
if (f == NULL)
{
printf ("symbol not found: %s\n", dlerror ());
return 1;
}
/* Test if that really made our stack executable.
The `tryme' function should crash if not. */
(*((void (*) (void)) f)) ();
print_maps ();
/* Test that growing the stack region gets new executable pages too. */
deeper ((void (*) (void)) f);
print_maps ();
#if USE_PTHREADS
/* Test that a fresh thread now gets an executable stack. */
{
pthread_t th;
int rc = pthread_create (&th, NULL, &tryme_thread, f);
if (rc)
error (1, rc, "pthread_create");
}
puts ("threads go");
/* The existing threads' stacks should have been changed.
Let them run to test it. */
pthread_barrier_wait (&go_barrier);
pthread_exit (0);
#endif
return 0;
}
static void
deeper (void (*f) (void))
{
char stack[1100 * 1024];
memfrob (stack, sizeof stack);
(*f) ();
memfrob (stack, sizeof stack);
}
#define TEST_FUNCTION do_test ()
#include "../test-skeleton.c"

View File

@ -276,18 +276,17 @@ _dl_runtime_profile:\n\
.globl _start\n\ .globl _start\n\
.globl _dl_start_user\n\ .globl _dl_start_user\n\
_start:\n\ _start:\n\
# Point %ebx at the GOT.\n\
call 0b\n\
addl $_GLOBAL_OFFSET_TABLE_, %ebx\n\
# Note that _dl_start gets the parameter in %eax.\n\ # Note that _dl_start gets the parameter in %eax.\n\
movl %esp, %eax\n\ movl %esp, %eax\n\
# Store the highest stack address\n\
movl %eax, __libc_stack_end@GOTOFF(%ebx)\n\
call _dl_start\n\ call _dl_start\n\
_dl_start_user:\n\ _dl_start_user:\n\
# Save the user entry point address in %edi.\n\ # Save the user entry point address in %edi.\n\
movl %eax, %edi\n\ movl %eax, %edi\n\
# Point %ebx at the GOT.\n\
call 0b\n\
addl $_GLOBAL_OFFSET_TABLE_, %ebx\n\
# Store the highest stack address\n\
movl __libc_stack_end@GOT(%ebx), %eax\n\
movl %esp, (%eax)\n\
# See if we were run as a command with the executable file\n\ # See if we were run as a command with the executable file\n\
# name as an extra leading argument.\n\ # name as an extra leading argument.\n\
movl _dl_skip_args@GOTOFF(%ebx), %eax\n\ movl _dl_skip_args@GOTOFF(%ebx), %eax\n\