diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-12-06 14:37:55 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-03-07 08:46:49 -0300 |
| commit | 7fec24327c3aae29bdbc2d82c186b0d06bf33c9a (patch) | |
| tree | e5b3078f3a64580f5905a2c6693d7a9b62449804 | |
| parent | 804c23c942c36f1ac657ef33f80469d466d849bd (diff) | |
| download | glibc-7fec24327c3aae29bdbc2d82c186b0d06bf33c9a.tar.xz glibc-7fec24327c3aae29bdbc2d82c186b0d06bf33c9a.zip | |
Add --enable-memory-sealing configure options
It allows all libraries, programs, and the testsuite in glibc to
be built with memory sealing if the toochain supports it. The
default mode is to disable it.
Checked on aarch64-linux-gnu and x86_64-linux-gnu.
| -rw-r--r-- | INSTALL | 6 | ||||
| -rw-r--r-- | Makeconfig | 19 | ||||
| -rw-r--r-- | Makerules | 2 | ||||
| -rw-r--r-- | NEWS | 3 | ||||
| -rwxr-xr-x | configure | 57 | ||||
| -rw-r--r-- | configure.ac | 19 | ||||
| -rw-r--r-- | elf/Makefile | 19 | ||||
| -rw-r--r-- | manual/install.texi | 5 |
8 files changed, 124 insertions, 6 deletions
@@ -251,6 +251,12 @@ passed to 'configure'. For example: Disable using 'scv' instruction for syscalls. All syscalls will use 'sc' instead, even if the kernel supports 'scv'. PowerPC only. +'--enable-memory-sealing' + Build glibc libraries, programs, and the testsuite with memory + sealing support (GNU_PROPERTY_MEMORY_SEAL). It does not disable + support for memory sealing, which will still be applied if the + program has the attribute. + '--build=BUILD-SYSTEM' '--host=HOST-SYSTEM' These options are for cross-compiling. If you specify both options diff --git a/Makeconfig b/Makeconfig index aa547a443f..1b0a9d95f1 100644 --- a/Makeconfig +++ b/Makeconfig @@ -389,6 +389,21 @@ dt-relr-ldflag = no-dt-relr-ldflag = endif +# Linker options to enable and disable memory sealing (GNU_PROPERTY_MEMORY_SEAL), +# if --enable--memory-sealing is used explicit enable memory sealing for the case +# the linker defaults to it. +ifeq ($(have-z-memory-seal),yes) +no-memory-seal-ldflag = -Wl,-z,nomemory-seal +ifeq ($(enable-memory-seal),yes) +memory-seal-ldflag = -Wl,-z,memory-seal +else +memory-seal-ldflag = $(no-memory-seal-ldflag) +endif +else +memory-seal-ldflag = +no-memory-seal-ldflag = +endif + ifeq (no,$(build-pie-default)) pie-default = $(no-pie-ccflag) else # build-pie-default @@ -433,6 +448,7 @@ link-extra-libs-tests = $(libsupport) ifndef +link-pie +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -Wl,-O1 -nostdlib -nostartfiles \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ @@ -466,6 +482,7 @@ ifndef +link-static +link-static-before-inputs = -nostdlib -nostartfiles -static \ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(static-pie-dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \ $(+preinit) $(+prectorT) @@ -542,7 +559,7 @@ endif # +link # Command for linking test programs with crt1.o from glibc 2.0. +link-2.0-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ - $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ + $(relro-LDFLAGS) $(memory-seal-ldflag) $(hashstyle-LDFLAGS) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-name-2.0)) \ $(+preinit) $(+prector) +link-2.0-before-libc = -o $@ $(+link-2.0-before-inputs) \ @@ -544,6 +544,7 @@ define build-shlib-helper $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \ $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \ -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \ @@ -560,6 +561,7 @@ define build-module-helper $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -B$(csu-objpfx) $(load-map-file) \ $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \ $(link-test-modules-rpath-link) \ @@ -23,6 +23,9 @@ Major new features: memory sealing will not be applied for its dependencies (and even if the objects has the memory sealing attribute). +* A new configure option, "--enable-memory-sealing", can be used to build + the GNU C Library libraries and programs with memory sealing. + Deprecated and removed features, and other changes affecting compatibility: [Add deprecations, removals and changes affecting compatibility here] @@ -820,6 +820,7 @@ enable_mathvec enable_cet enable_scv enable_fortify_source +enable_memory_sealing with_cpu ' ac_precious_vars='build_alias @@ -1505,6 +1506,8 @@ Optional Features: Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value supported by the build compiler. + --enable-memory-sealing Build glibc libraries, programs, and the testsuite + with memory sealing [default=no] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -4883,6 +4886,16 @@ case "$enable_fortify_source" in *) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;; esac +# Check whether --enable-memory-sealing was given. +if test ${enable_memory_sealing+y} +then : + enableval=$enable_memory_sealing; enable_memory_sealing=$enableval +else case e in #( + e) enable_memory_sealing=no ;; +esac +fi + + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -7410,6 +7423,49 @@ printf "%s\n" "$libc_cv_fpie" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for linker that supports -z memory-seal" >&5 +printf %s "checking for linker that supports -z memory-seal... " >&6; } +libc_linker_feature=no +cat > conftest.c <<EOF +int _start (void) { return 42; } +EOF +if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp + -Wl,-z,memory-seal -nostdlib -nostartfiles + -fPIC -shared -o conftest.so conftest.c + 1>&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then + if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -Wl,-z,memory-seal -nostdlib \ + -nostartfiles -fPIC -shared -o conftest.so conftest.c 2>&1 \ + | grep "warning: -z memory-seal ignored" > /dev/null 2>&1; then + true + else + libc_linker_feature=yes + fi +fi +rm -f conftest* +if test $libc_linker_feature = yes; then + libc_cv_z_memory_seal=yes +else + libc_cv_z_memory_seal=no +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_linker_feature" >&5 +printf "%s\n" "$libc_linker_feature" >&6; } +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +config_vars="$config_vars +have-z-memory-seal = $libc_cv_z_memory_seal" +config_vars="$config_vars +enable-memory-seal = $enable_memory_sealing" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GLOB_DAT reloc" >&5 printf %s "checking for GLOB_DAT reloc... " >&6; } if test ${libc_cv_has_glob_dat+y} @@ -8945,7 +9001,6 @@ load-address-ldflag = $libc_cv_load_address_ldflag" # Check if compilers support GCS in branch protection: - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler supports -mbranch-protection=gcs" >&5 printf %s "checking if compiler supports -mbranch-protection=gcs... " >&6; } if test ${libc_cv_cc_gcs+y} diff --git a/configure.ac b/configure.ac index 7d04b54c98..d514179e1b 100644 --- a/configure.ac +++ b/configure.ac @@ -440,6 +440,12 @@ case "$enable_fortify_source" in *) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);; esac +AC_ARG_ENABLE([memory-sealing], + AS_HELP_STRING([--enable-memory-sealing], + [Build glibc libraries, programs, and the testsuite with memory sealing @<:@default=no@:>@]), + [enable_memory_sealing=$enableval], + [enable_memory_sealing=no]) + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -1360,6 +1366,19 @@ LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpie=yes], [libc_cv_fpie=no]) AC_SUBST(libc_cv_fpie) +LIBC_LINKER_FEATURE([-z memory-seal], + [-Wl,-z,memory-seal], + [libc_cv_z_memory_seal=yes], + [libc_cv_z_memory_seal=no]) +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +LIBC_CONFIG_VAR([have-z-memory-seal], [$libc_cv_z_memory_seal]) +LIBC_CONFIG_VAR([enable-memory-seal], [$enable_memory_sealing]) + + AC_CACHE_CHECK(for GLOB_DAT reloc, libc_cv_has_glob_dat, [dnl cat > conftest.c <<EOF diff --git a/elf/Makefile b/elf/Makefile index 6f2489cce1..61d4b1bdb3 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -1502,6 +1502,7 @@ $(objpfx)ld.so: $(objpfx)librtld.os $(ld-map) $(LINK.o) -nostdlib -nostartfiles -shared -o $@.new \ $(LDFLAGS-rtld) -Wl,-z,defs $(z-now-$(bind-now)) \ $(dt-relr-ldflag) \ + $(memory-seal-ldflag) \ $(filter-out $(map-file),$^) $(load-map-file) \ -Wl,-soname=$(rtld-installed-name) $(call after-link,$@.new) @@ -1842,6 +1843,7 @@ $(objpfx)nodlopen2.out: $(objpfx)nodlopenmod2.so $(objpfx)filtmod1.so: $(objpfx)filtmod1.os $(objpfx)filtmod2.so $(LINK.o) -shared -o $@ -B$(csu-objpfx) $(LDFLAGS.so) \ $(dt-relr-ldflag) \ + $(memory-seal-ldflag) \ -L$(subst :, -L,$(rpath-link)) \ -Wl,-rpath-link=$(rpath-link) \ $< -Wl,-F,$(objpfx)filtmod2.so @@ -2466,6 +2468,7 @@ $(objpfx)tst-audit17.out: $(objpfx)tst-auditmod17.so # intended, so it uses an explicit link rule. $(objpfx)tst-auditmod17.so: $(objpfx)tst-auditmod17.os $(CC) -nostdlib -nostartfiles -shared -o $@.new \ + $(memory-seal-ldflag) \ $(filter-out $(map-file),$^) $(call after-link,$@.new) mv -f $@.new $@ @@ -2526,12 +2529,13 @@ $(objpfx)tst-audit24bmod1: $(objpfx)tst-audit24bmod2.so # against libc.so. $(objpfx)tst-audit24bmod1.so: $(objpfx)tst-audit24bmod1.os $(CC) -nostdlib -nostartfiles -shared -o $@.new $(objpfx)tst-audit24bmod1.os \ - -Wl,-z,now + -Wl,-z,now $(memory-seal-ldflag) $(call after-link,$@.new) mv -f $@.new $@ CFLAGS-.os += $(call elide-stack-protector,.os,tst-audit24bmod1) $(objpfx)tst-audit24bmod2.so: $(objpfx)tst-audit24bmod2.os - $(CC) -nostdlib -nostartfiles -shared -o $@.new $(objpfx)tst-audit24bmod2.os + $(CC) -nostdlib -nostartfiles -shared -o $@.new $(objpfx)tst-audit24bmod2.os \ + $(memory-seal-ldflag) $(call after-link,$@.new) mv -f $@.new $@ CFLAGS-.os += $(call elide-stack-protector,.os,tst-audit24bmod2) @@ -2691,7 +2695,7 @@ $(objpfx)tst-big-note: $(objpfx)tst-big-note-lib.so # artificial, large note in tst-big-note-lib.o and invalidate the # test. $(objpfx)tst-big-note-lib.so: $(objpfx)tst-big-note-lib.o - $(LINK.o) -shared -o $@ $(LDFLAGS.so) $(dt-relr-ldflag) $< + $(LINK.o) -shared -o $@ $(LDFLAGS.so) $(dt-relr-ldflag) $(memory-seal-ldflag) $< $(objpfx)tst-unwind-ctor: $(objpfx)tst-unwind-ctor-lib.so @@ -2998,6 +3002,7 @@ $(objpfx)tst-ro-dynamic-mod.so: $(objpfx)tst-ro-dynamic-mod.os \ tst-ro-dynamic-mod.map $(LINK.o) -nostdlib -nostartfiles -shared -o $@ \ $(dt-relr-ldflag) \ + $(memory-seal-ldflag) \ -Wl,--script=tst-ro-dynamic-mod.map \ $(objpfx)tst-ro-dynamic-mod.os @@ -3088,6 +3093,7 @@ $(objpfx)tst-relr2: $(objpfx)tst-relr-mod2.so $(objpfx)tst-relr-mod2.so: $(objpfx)tst-relr-mod2.os $(LINK.o) -nostdlib -nostartfiles -Wl,-z,pack-relative-relocs \ $(LDFLAGS-soname-fname) \ + $(memory-seal-ldflag) \ -shared -o $@.new $(filter-out $(map-file),$^) $(call after-link,$@.new) mv -f $@.new $@ @@ -3098,6 +3104,7 @@ $(objpfx)tst-relr3: $(objpfx)tst-relr-mod3a.so $(objpfx)tst-relr-mod3b.so: $(objpfx)tst-relr-mod3b.os $(LINK.o) -nostdlib -nostartfiles -Wl,-z,pack-relative-relocs \ $(LDFLAGS-soname-fname) \ + $(memory-seal-ldflag) \ -shared -o $@.new $(filter-out $(map-file),$^) $(call after-link,$@.new) mv -f $@.new $@ @@ -3106,6 +3113,7 @@ $(objpfx)tst-relr-mod3a.so: $(objpfx)tst-relr-mod3a.os \ $(objpfx)tst-relr-mod3b.so $(LINK.o) -nostdlib -nostartfiles -Wl,-z,pack-relative-relocs \ $(LDFLAGS-soname-fname) $(LDFLAGS-rpath-ORIGIN) \ + $(memory-seal-ldflag) \ -shared -o $@.new $(filter-out $(map-file),$^) $(call after-link,$@.new) mv -f $@.new $@ @@ -3116,6 +3124,7 @@ $(objpfx)tst-relr4: $(objpfx)tst-relr-mod4a.so $(objpfx)tst-relr-mod4b.so: $(objpfx)tst-relr-mod4b.os $(LINK.o) -nostdlib -nostartfiles -Wl,-z,pack-relative-relocs \ $(LDFLAGS-soname-fname) \ + $(memory-seal-ldflag) \ -Wl,--version-script=tst-relr-mod4b.map \ -shared -o $@.new $(filter-out $(map-file),$^) $(call after-link,$@.new) @@ -3124,6 +3133,7 @@ $(objpfx)tst-relr-mod4b.so: $(objpfx)tst-relr-mod4b.os $(objpfx)tst-relr-mod4a.so: $(objpfx)tst-relr-mod4a.os \ $(objpfx)tst-relr-mod4b.so $(LINK.o) -nostdlib -nostartfiles -Wl,-z,pack-relative-relocs \ + $(memory-seal-ldflag) \ $(LDFLAGS-soname-fname) $(LDFLAGS-rpath-ORIGIN) \ -shared -o $@.new $(filter-out $(map-file),$^) $(call after-link,$@.new) @@ -3248,7 +3258,7 @@ $(objpfx)tst-env-setuid-static.out: $(objpfx)tst-sonamemove-runmod1.so # We do not use $(link-test-modules-rpath-link) since the object has no # DT_NEEDED. $(objpfx)tst-nodeps1-mod.so: $(objpfx)tst-nodeps1-mod.os - $(LINK.o) -nostartfiles -nostdlib -shared -o $@ $^ + $(LINK.o) -nostartfiles -nostdlib -shared $(memory-seal-ldflag) -o $@ $^ tst-nodeps1.so-no-z-defs = yes # Link libc.so before the test module with the IFUNC resolver reference. LDFLAGS-tst-nodeps1 = $(common-objpfx)libc.so $(objpfx)tst-nodeps1-mod.so @@ -3400,6 +3410,7 @@ CFLAGS-tst-nolink-libc.c += $(no-stack-protector) \ -fno-exceptions -fno-unwind-tables -fno-asynchronous-unwind-tables $(objpfx)tst-nolink-libc-1: $(objpfx)tst-nolink-libc.o $(objpfx)ld.so $(LINK.o) -nostdlib -nostartfiles -o $@ $< \ + $(memory-seal-ldflag) \ -Wl,--dynamic-linker=$(objpfx)ld.so,--no-as-needed $(objpfx)ld.so $(objpfx)tst-nolink-libc-1.out: $(objpfx)tst-nolink-libc-1 $(objpfx)ld.so $< > $@ 2>&1; $(evaluate-test) diff --git a/manual/install.texi b/manual/install.texi index d001e8220b..7056768885 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -280,6 +280,11 @@ C++ libraries. Disable using @code{scv} instruction for syscalls. All syscalls will use @code{sc} instead, even if the kernel supports @code{scv}. PowerPC only. +@item --disable-default-memory-seal +Don't build glibc libraries, programs, and the testsuite with +memory sealing support (@code{GNU_PROPERTY_MEMORY_SEAL}). By default, +memory sealing is enabled if toolchain suports the linker option. + @item --build=@var{build-system} @itemx --host=@var{host-system} These options are for cross-compiling. If you specify both options and |