From patchwork Mon May 6 16:18:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1932113 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=ULUEcJic; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VY6Br1tMvz1yZk for ; Tue, 7 May 2024 02:22:44 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8A7DE385841E for ; Mon, 6 May 2024 16:22:42 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by sourceware.org (Postfix) with ESMTPS id 7DE743858C62 for ; Mon, 6 May 2024 16:20:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7DE743858C62 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7DE743858C62 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::435 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715012416; cv=none; b=QQcu8Io4DhYiGbmSMXw1sfo1OKOZtE/XE6+xn1/4B051MfiUCekw0aPIcTFkXJAYrFHvVN5+WZCelmwV/3okL4GqvNz6aGNhSXwNpLcapKBIuX7oIfk+byqLObk7Ogp8s/oUXor5I91orH3NjT0xqVbhn8DMMeKKWPEd+fJp0fs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715012416; c=relaxed/simple; bh=Bx77GcPaoV/PKQ0ks4wegqXSG/Uhi2kZPuxk7dT6cZ0=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=uWmIKtyK++UYKjU1gwoeln72zcLXPKx0qrSPTSffThDuSpByEdYbVLPTRrSMkmA1l/YNCxfhhM+30CO32jTKMNnJlGO9q8Ex8EGUGmJcAs4PHhKMxoWUc7ZZhTZtlGWDmGrU06mCLCk909cTeqfYn4khdrJJs+h0t8TdRgDzi4o= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-6f44ed6e82fso1999868b3a.3 for ; Mon, 06 May 2024 09:20:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1715012413; x=1715617213; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qoiKmHdX0UZ9a/7145q2mKR55bpO592xOlaygD0jzrM=; b=ULUEcJicJrgl8ponBKjQ1oZU80WF0wiytdJlN+UhSfMHporrRqInIoWKgzk3I3NiBx dVs3rIRQe3N+81t2lHYwdSpYvLnKdqNmZgty85oPtRQF0hur2bvnTPIaUYPjzGyIaaCg hscSvzijdWiAp7YfBgnOGu4mNL6tJdLjtWUa+TN4WKFMtNAB2Mpa1exdhSpscylJfgmO ICHNNfb09rpisO/THlyI1zDh8nfVjX+D4KFDMAu9ANUU6vImOch/SNEPOjyE6muFSNPn Csdt5sMBEA8fKw/RQPUUKAyS4BoDy0OOI2D8i7NHUxsx2YrKIFlp2Q6yAE9EgpfK4s2e CMlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715012413; x=1715617213; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qoiKmHdX0UZ9a/7145q2mKR55bpO592xOlaygD0jzrM=; b=itZ9wry8BampLSwGjTa2kv7LGaAYGpETKdiugmPeXGQqyCuXV9W9kC7rz56nwK9gGh IVknci61xmxwfE6Md+U1jcw9MuXhEd0QNcxMUp4yXuxNpRYCKS/prYjFtqINzXGWTA4b 0qUoxfkHH3A77rlFgh4eM+HCstDc8L/VqjHr28s4757xA4R27RDzocDUOov8dxwHL5E5 mR8zBA5ahY32JzamagRhT97ogHhECmXiwA3WneH6YvDuzHw/32G9uTMZzUdiNCS0/rDy lnOoWDak+wxpxL4NrIQL4Ehh1Yyu+BcqL+rbD8aS9XTa2fHIbSuxx0HmXelQcwKNCfmD A/NQ== X-Gm-Message-State: AOJu0Ywh8jZmq278pVrK/EFPkNepsLnp55pdMT0BzNfLJNXFd8bc5SWi zwxqBULrbFBqfoGZ+bLXKJdDfS0VJtokMin7ALPoU/3r5HEJ/0ELqBIBsY5Hmx9eJAjAYxmX91M CF+Y= X-Google-Smtp-Source: AGHT+IEf7HlN6rV+L3d93ypmdD4XkKYgcEkEZQglwwG6kgHvpsUTJWj4ZOOTdWLJ2zS3q5nlsLK5hw== X-Received: by 2002:a05:6a00:2287:b0:6f3:ee4f:e28a with SMTP id f7-20020a056a00228700b006f3ee4fe28amr11953302pfe.32.1715012412854; Mon, 06 May 2024 09:20:12 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c2:6e56:fc45:bb45:8b35:9b81]) by smtp.gmail.com with ESMTPSA id ll12-20020a056a00728c00b006ed0b798f1fsm7883347pfb.119.2024.05.06.09.20.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 May 2024 09:20:12 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Joe Simmons-Talbott , Siddhesh Poyarekar Subject: [PATCH v3 4/4] elf: Make glibc.rtld.enable_secure ignore alias environment variables Date: Mon, 6 May 2024 13:18:48 -0300 Message-ID: <20240506161955.1570278-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240506161955.1570278-1-adhemerval.zanella@linaro.org> References: <20240506161955.1570278-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-13.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Tunable with environment variables aliases are also ignored if glibc.rtld.enable_secure is enabled. The tunable parsing is also optimized a bit, where the loop that checks each environment variable only checks for the tunables with aliases instead of all tables. Checked on aarch64-linux-gnu and x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar --- elf/dl-tunables.c | 36 ++++++-- elf/tst-tunables-enable_secure.c | 136 +++++++++++++++++++++++++++---- scripts/gen-tunables.awk | 16 +++- 3 files changed, 164 insertions(+), 24 deletions(-) diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 63cf8c7ab5..147cc4cf23 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -300,6 +300,9 @@ __tunables_init (char **envp) if (__libc_enable_secure) return; + enum { tunable_num_env_alias = array_length (tunable_env_alias_list) }; + struct tunable_toset_t tunables_env_alias[tunable_num_env_alias] = { 0 }; + while ((envp = get_next_env (envp, &envname, &envval, &prev_envp)) != NULL) { /* The environment variable is allocated on the stack by the kernel, so @@ -311,29 +314,44 @@ __tunables_init (char **envp) continue; } - for (int i = 0; i < tunables_list_size; i++) + for (int i = 0; i < tunable_num_env_alias; i++) { - tunable_t *cur = &tunable_list[i]; + tunable_t *cur = &tunable_list[tunable_env_alias_list[i]]; + const char *name = cur->env_alias; - /* Skip over tunables that have either been set already or should be - skipped. */ - if (cur->initialized || cur->env_alias[0] == '\0') + if (name[0] == '\0') continue; - const char *name = cur->env_alias; - - /* We have a match. Initialize and move on to the next line. */ if (tunable_is_name (name, envname)) { size_t envvallen = 0; /* The environment variable is always null-terminated. */ for (const char *p = envval; *p != '\0'; p++, envvallen++); - tunable_initialize (cur, envval, envvallen); + tunables_env_alias[i] = + (struct tunable_toset_t) { cur, envval, envvallen }; break; } } } + + /* Check if glibc.rtld.enable_secure was set and skip over the environment + variables aliases. */ + if (__libc_enable_secure) + return; + + for (int i = 0; i < tunable_num_env_alias; i++) + { + /* Skip over tunables that have either been set or already initialized. */ + if (tunables_env_alias[i].t == NULL + || tunables_env_alias[i].t->initialized) + continue; + + if (!tunable_initialize (tunables_env_alias[i].t, + tunables_env_alias[i].value, + tunables_env_alias[i].len)) + parse_tunable_print_error (&tunables_env_alias[i]); + } } void diff --git a/elf/tst-tunables-enable_secure.c b/elf/tst-tunables-enable_secure.c index f5db1c84e9..99a065e8db 100644 --- a/elf/tst-tunables-enable_secure.c +++ b/elf/tst-tunables-enable_secure.c @@ -17,6 +17,10 @@ . */ #include +/* The test uses the tunable_env_alias_list size, which is only exported for + ld.so. This will result in a copy of tunable_list and + tunable_env_alias_list, which is ununsed by the test itself. */ +#define TUNABLES_INTERNAL 1 #include #include #include @@ -34,6 +38,8 @@ static int restart; static const struct test_t { const char *env; + const char *extraenv; + bool check_multiple; int32_t expected_malloc_check; int32_t expected_enable_secure; } tests[] = @@ -41,39 +47,124 @@ static const struct test_t /* Expected tunable format. */ /* Tunables should be ignored if enable_secure is set. */ { - "glibc.malloc.check=2:glibc.rtld.enable_secure=1", + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + NULL, + false, 0, 1, }, /* Tunables should be ignored if enable_secure is set. */ { - "glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + NULL, + false, 0, 1, }, /* Tunables should be set if enable_secure is unset. */ { - "glibc.rtld.enable_secure=0:glibc.malloc.check=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + NULL, + false, 2, 0, }, + /* Tunables should be ignored if enable_secure is set. */ + { + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + "MALLOC_CHECK_=2", + false, + 0, + 1, + }, + /* Same as before, but with enviroment alias prior GLIBC_TUNABLES. */ + { + "MALLOC_CHECK_=2", + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + false, + 0, + 1, + }, + /* Tunables should be ignored if enable_secure is set. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "MALLOC_CHECK_=2", + false, + 0, + 1, + }, + { + "MALLOC_CHECK_=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + false, + 0, + 1, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 2, + 0, + }, + { + "MALLOC_CHECK_=1", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + /* Tunable have precedence over the environment variable. */ + false, + 2, + 0, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 1, + 0, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 1, + 0, + }, + /* Check with tunables environment variable alias set multiple times. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "MALLOC_CHECK_=2", + true, + 0, + 1, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + true, + 1, + 0, + }, }; static int handle_restart (int i) { if (tests[i].expected_enable_secure == 1) - { - TEST_COMPARE (1, __libc_enable_secure); - } + TEST_COMPARE (1, __libc_enable_secure); else - { - TEST_COMPARE (tests[i].expected_malloc_check, - TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL)); - TEST_COMPARE (tests[i].expected_enable_secure, - TUNABLE_GET_FULL (glibc, rtld, enable_secure, int32_t, - NULL)); - } + TEST_COMPARE (tests[i].expected_enable_secure, + TUNABLE_GET_FULL (glibc, rtld, enable_secure, int32_t, + NULL)); + TEST_COMPARE (tests[i].expected_malloc_check, + TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL)); return 0; } @@ -106,14 +197,31 @@ do_test (int argc, char *argv[]) spargv[i] = NULL; } + enum { tunable_num_env_alias = array_length (tunable_env_alias_list) }; + for (int i = 0; i < array_length (tests); i++) { snprintf (nteststr, sizeof nteststr, "%d", i); printf ("[%d] Spawned test for %s\n", i, tests[i].env); setenv ("GLIBC_TUNABLES", tests[i].env, 1); + + char *envp[2 + tunable_num_env_alias + 1] = + { + (char *) tests[i].env, + (char *) tests[i].extraenv, + NULL, + }; + if (tests[i].check_multiple) + { + int j; + for (j=0; j < tunable_num_env_alias; j++) + envp[j + 2] = (char *) tests[i].extraenv; + envp[j + 2] = NULL; + } + struct support_capture_subprocess result - = support_capture_subprogram (spargv[0], spargv, NULL); + = support_capture_subprogram (spargv[0], spargv, envp); support_capture_subprocess_check (&result, "tst-tunables-enable_secure", 0, sc_allow_stderr); support_capture_subprocess_free (&result); diff --git a/scripts/gen-tunables.awk b/scripts/gen-tunables.awk index 9f5336381e..fc3b41376f 100644 --- a/scripts/gen-tunables.awk +++ b/scripts/gen-tunables.awk @@ -156,7 +156,7 @@ END { print "# define TUNABLE_ALIAS_MAX " (max_alias_len + 1) print "# include \"dl-tunable-types.h\"" # Finally, the tunable list. - print "static tunable_t tunable_list[] attribute_relro = {" + print "static tunable_t tunable_list[] attribute_relro __attribute_used__ = {" for (tnm in types) { split (tnm, indices, SUBSEP); t = indices[1]; @@ -168,5 +168,19 @@ END { default_val[t,n,m], env_alias[t,n,m]); } print "};" + + # Map of tunable with environment variables aliases used during parsing. */ + print "\nstatic const tunable_id_t tunable_env_alias_list[] =" + printf "{\n" + for (tnm in types) { + split (tnm, indices, SUBSEP); + t = indices[1]; + n = indices[2]; + m = indices[3]; + if (env_alias[t,n,m] != "{0}") { + printf (" TUNABLE_ENUM_NAME(%s, %s, %s),\n", t, n, m); + } + } + printf "};\n" print "#endif" }