From patchwork Mon Mar 20 15:41:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13181493 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8CF1C7618D for ; Mon, 20 Mar 2023 15:50:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232075AbjCTPud (ORCPT ); Mon, 20 Mar 2023 11:50:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233321AbjCTPtq (ORCPT ); Mon, 20 Mar 2023 11:49:46 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76A7018B2E; Mon, 20 Mar 2023 08:41:22 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1679326880; bh=xDSjSascpesmgYZoOnKeZCwVvAZAUVs1JwzaeHlI+NA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Jf0ZSaLKTLUuhpDms909S2dyE0kwa5jMwuPDEE8OAtZ3FWHz8Yzzjs3kqtK/6KJk9 8FwfTH/Hp53ATcS0Sx/1VL8QKhauW2TjTiLUHr+wO8t6mIxY2F6HBjy6BfQFAp3R8s R3RszYh9AwSFcBN0COT55mM1O3erj2O1KXq2CoFM= Date: Mon, 20 Mar 2023 15:41:01 +0000 Subject: [PATCH v2 1/8] tools/nolibc: add definitions for standard fds MIME-Version: 1.0 Message-Id: <20230223-nolibc-stackprotector-v2-1-4c938e098d67@weissschuh.net> References: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> In-Reply-To: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> To: Willy Tarreau , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.1 X-Developer-Signature: v=1; a=ed25519-sha256; t=1679326877; l=623; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=xDSjSascpesmgYZoOnKeZCwVvAZAUVs1JwzaeHlI+NA=; b=I6y1pduG9zTlWy+fGjussRCl8YSaD3MtbMYd9dIJFX/jUULKfAjFdYAwjL213kqIP1OJ/a+5T /jlT5ioSOXtAAGannMTNat/uBhM5w1+WgYLl1nXMAttBvnUh/1+48bj X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org These are useful for users and will also be used in an upcoming testcase. Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/unistd.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/include/nolibc/unistd.h b/tools/include/nolibc/unistd.h index 1cfcd52106a4..ac7d53d986cd 100644 --- a/tools/include/nolibc/unistd.h +++ b/tools/include/nolibc/unistd.h @@ -13,6 +13,11 @@ #include "sys.h" +#define STDIN_FILENO 0 +#define STDOUT_FILENO 1 +#define STDERR_FILENO 2 + + static __attribute__((unused)) int msleep(unsigned int msecs) { From patchwork Mon Mar 20 15:41:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13181494 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 300A3C6FD1D for ; Mon, 20 Mar 2023 15:50:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230005AbjCTPuf (ORCPT ); Mon, 20 Mar 2023 11:50:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233318AbjCTPtq (ORCPT ); Mon, 20 Mar 2023 11:49:46 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75DFF17CC2; Mon, 20 Mar 2023 08:41:22 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1679326880; bh=kDTA/21oI749eXgqkTICe/hP0ZrhsZxLs1p4SViVcik=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=IHMVRtWuNIrMjPv+fPIaRco5Zvkm46iZEMI6ff032Rx7DVn3JcRHkI40aVEhiUpsy agcXLWUHKr36lnpyCVx1+LYWzWdWQ9LFM7N10AAAvnJueOB77lj6m8qrMbBO23XECS 8AJ1byM4MDVDKet325db7VjMOdhmzX/dPHJPuXyg= Date: Mon, 20 Mar 2023 15:41:02 +0000 Subject: [PATCH v2 2/8] tools/nolibc: add helpers for wait() signal exits MIME-Version: 1.0 Message-Id: <20230223-nolibc-stackprotector-v2-2-4c938e098d67@weissschuh.net> References: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> In-Reply-To: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> To: Willy Tarreau , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.1 X-Developer-Signature: v=1; a=ed25519-sha256; t=1679326878; l=748; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=kDTA/21oI749eXgqkTICe/hP0ZrhsZxLs1p4SViVcik=; b=7SZUc64snn7Oyq0C6XQf38MIzZwpIuEH3UWa7OMnKFv93KjtsDh0KApaaF2mWdMJT1SQxXq3t aao0zmzVnoqBwWiEy8lAX2FS61kHwgkQPySInAqZn+/Z9f20VQ7UHUB X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org These are useful for users and will also be used in an upcoming testcase. Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/types.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/include/nolibc/types.h b/tools/include/nolibc/types.h index 10823e5ac44b..aedd7d9e3f64 100644 --- a/tools/include/nolibc/types.h +++ b/tools/include/nolibc/types.h @@ -97,6 +97,8 @@ /* Macros used on waitpid()'s return status */ #define WEXITSTATUS(status) (((status) & 0xff00) >> 8) #define WIFEXITED(status) (((status) & 0x7f) == 0) +#define WTERMSIG(status) ((status) & 0x7f) +#define WIFSIGNALED(status) ((status) - 1 < 0xff) /* waitpid() flags */ #define WNOHANG 1 From patchwork Mon Mar 20 15:41:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13181490 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75C88C7618D for ; Mon, 20 Mar 2023 15:50:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231953AbjCTPuc (ORCPT ); Mon, 20 Mar 2023 11:50:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233317AbjCTPtq (ORCPT ); Mon, 20 Mar 2023 11:49:46 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5FDC21715A; Mon, 20 Mar 2023 08:41:22 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1679326880; bh=yB2bNNpPwty3egJ8yVVXOGLcmpOFHoeuVC5kDwG8ohI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=eFkBuK/S4F2SEkh7vacz64gEtABXZiqYJQTWItjyffou0X6moh2Edq/OQSwtgh4Ri d7v6N98AKifzaxjV9Fr10n8y8O3SkKDbLazTDZXNVdCwrj3KIqQPJOIXBxaECQYdTd IlfnIdqnMdNAXCk/czAfGHc9X2Up6qhFDIac8HSk= Date: Mon, 20 Mar 2023 15:41:03 +0000 Subject: [PATCH v2 3/8] tools/nolibc: tests: constify test_names MIME-Version: 1.0 Message-Id: <20230223-nolibc-stackprotector-v2-3-4c938e098d67@weissschuh.net> References: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> In-Reply-To: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> To: Willy Tarreau , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.1 X-Developer-Signature: v=1; a=ed25519-sha256; t=1679326878; l=802; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=yB2bNNpPwty3egJ8yVVXOGLcmpOFHoeuVC5kDwG8ohI=; b=1xaQrroQTlcIJhL2JEaH2lGu9cjtjGYX88x03R//qu/u9/ZsqxCO6nP6wkI1lnlELbadj7STf ePm1XzGV+r9BZjLWRL9p+8/ttwuNEIy/bRrWfg6VxlV1GxLFo4mHd6B X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Nothing ever modifies this structure. Signed-off-by: Thomas Weißschuh --- tools/testing/selftests/nolibc/nolibc-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c index 6a7c13f0cd61..fb2d4872fac9 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -717,7 +717,7 @@ int prepare(void) } /* This is the definition of known test names, with their functions */ -static struct test test_names[] = { +static const struct test test_names[] = { /* add new tests here */ { .name = "syscall", .func = run_syscall }, { .name = "stdlib", .func = run_stdlib }, From patchwork Mon Mar 20 15:41:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13181492 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BE3AC7618A for ; Mon, 20 Mar 2023 15:50:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232036AbjCTPud (ORCPT ); Mon, 20 Mar 2023 11:50:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54060 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233312AbjCTPtq (ORCPT ); Mon, 20 Mar 2023 11:49:46 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76C032A98E; Mon, 20 Mar 2023 08:41:22 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1679326880; bh=SKQQeeAAWGRSm8SFG5OU6QwacV+yOMhgHKMMQrEuzXo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=tBQq0JK3zlvRWZeoYiPAQ9wwGEa9T89SQKWD5RKqTC9lZOcrJAsmPoPuft4t8Fr51 A3lCGFeYxC6qnK6ejjhzSBU5KPz93y6aWL6NiU20i/nDCMV/wpOnp2Yy7L/juYGykJ LX/UCPXW00tem9ide6DIiHZEfvkOUMXvNO9Pdo3I= Date: Mon, 20 Mar 2023 15:41:04 +0000 Subject: [PATCH v2 4/8] tools/nolibc: add support for stack protector MIME-Version: 1.0 Message-Id: <20230223-nolibc-stackprotector-v2-4-4c938e098d67@weissschuh.net> References: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> In-Reply-To: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> To: Willy Tarreau , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.1 X-Developer-Signature: v=1; a=ed25519-sha256; t=1679326878; l=3910; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=SKQQeeAAWGRSm8SFG5OU6QwacV+yOMhgHKMMQrEuzXo=; b=pCpEl3ma7Rbkt+V7cxvV1fBSkxozeEcJnk8bVg0tqUNbIZG9dHPkeOWUPTAenPN8ljKX8rHrW r0bwZrQjKJaBU8EraYn5aWu0o7UNg3C60Q4DAKQyh7g/ncEFw40ZiEo X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org This is useful when using nolibc for security-critical tools. Using nolibc has the advantage that the code is easily auditable and sandboxable with seccomp as no unexpected syscalls are used. Using compiler-assistent stack protection provides another security mechanism. For this to work the compiler and libc have to collaborate. This patch adds the following parts to nolibc that are required by the compiler: * __stack_chk_guard: random sentinel value * __stack_chk_fail: handler for detected stack smashes In addition an initialization function is added that randomizes the sentinel value. Only support for global guards is implemented. Register guards are useful in multi-threaded context which nolibc does not provide support for. Link: https://lwn.net/Articles/584225/ Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/Makefile | 4 +-- tools/include/nolibc/nolibc.h | 1 + tools/include/nolibc/stackprotector.h | 53 +++++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 2 deletions(-) diff --git a/tools/include/nolibc/Makefile b/tools/include/nolibc/Makefile index ec57d3932506..9839feafd38a 100644 --- a/tools/include/nolibc/Makefile +++ b/tools/include/nolibc/Makefile @@ -25,8 +25,8 @@ endif nolibc_arch := $(patsubst arm64,aarch64,$(ARCH)) arch_file := arch-$(nolibc_arch).h -all_files := ctype.h errno.h nolibc.h signal.h std.h stdint.h stdio.h stdlib.h \ - string.h sys.h time.h types.h unistd.h +all_files := ctype.h errno.h nolibc.h signal.h stackprotector.h std.h stdint.h \ + stdio.h stdlib.h string.h sys.h time.h types.h unistd.h # install all headers needed to support a bare-metal compiler all: headers diff --git a/tools/include/nolibc/nolibc.h b/tools/include/nolibc/nolibc.h index b2bc48d3cfe4..04739a6293c4 100644 --- a/tools/include/nolibc/nolibc.h +++ b/tools/include/nolibc/nolibc.h @@ -104,6 +104,7 @@ #include "string.h" #include "time.h" #include "unistd.h" +#include "stackprotector.h" /* Used by programs to avoid std includes */ #define NOLIBC diff --git a/tools/include/nolibc/stackprotector.h b/tools/include/nolibc/stackprotector.h new file mode 100644 index 000000000000..d119cbbbc256 --- /dev/null +++ b/tools/include/nolibc/stackprotector.h @@ -0,0 +1,53 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Stack protector support for NOLIBC + * Copyright (C) 2023 Thomas Weißschuh + */ + +#ifndef _NOLIBC_STACKPROTECTOR_H +#define _NOLIBC_STACKPROTECTOR_H + +#include "arch.h" + +#if defined(NOLIBC_STACKPROTECTOR) + +#if !defined(__ARCH_SUPPORTS_STACK_PROTECTOR) +#error "nolibc does not support stack protectors on this arch" +#endif + +#include "sys.h" +#include "stdlib.h" + +/* The functions in this header are using raw syscall macros to avoid + * triggering stack protector errors themselves + */ + +__attribute__((weak,noreturn,section(".text.nolibc_stack_chk"))) +void __stack_chk_fail(void) +{ + pid_t pid; + my_syscall3(__NR_write, STDERR_FILENO, "!!Stack smashing detected!!\n", 28); + pid = my_syscall0(__NR_getpid); + my_syscall2(__NR_kill, pid, SIGABRT); + for (;;); +} + +__attribute__((weak,noreturn,section(".text.nolibc_stack_chk"))) +void __stack_chk_fail_local(void) +{ + __stack_chk_fail(); +} + +__attribute__((weak,section(".data.nolibc_stack_chk"))) +uintptr_t __stack_chk_guard; + +__attribute__((weak,no_stack_protector,section(".text.nolibc_stack_chk"))) +void __stack_chk_init(void) +{ + my_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_guard), 0); + /* a bit more randomness in case getrandom() fails */ + __stack_chk_guard ^= (uintptr_t) &__stack_chk_guard; +} +#endif // defined(NOLIBC_STACKPROTECTOR) + +#endif // _NOLIBC_STACKPROTECTOR_H From patchwork Mon Mar 20 15:41:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13181489 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E3DAC7618A for ; Mon, 20 Mar 2023 15:50:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231601AbjCTPu2 (ORCPT ); Mon, 20 Mar 2023 11:50:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233330AbjCTPtr (ORCPT ); Mon, 20 Mar 2023 11:49:47 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DE4078A77; Mon, 20 Mar 2023 08:41:24 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1679326881; bh=8+nQaJm+ZpSS5pDVDYI8Ih7aP+obiBBNskXrcuawcY4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=VdYuP7uYCUpZyRNirukTM8/cDEaFkpqBlXmt2CKnGfoSb+HKuGYOax1JiCSV2ZDdt LbJkixmmNM134m39O+raBfqHfuG3c9Hj2n8LdjunxEFlpwBFEN48z5HfW4SjPpLL7X oHx1Qg7jnXszNuARoiFN+CyCpfAa384ZtFERU0y0= Date: Mon, 20 Mar 2023 15:41:05 +0000 Subject: [PATCH v2 5/8] tools/nolibc: tests: fold in no-stack-protector cflags MIME-Version: 1.0 Message-Id: <20230223-nolibc-stackprotector-v2-5-4c938e098d67@weissschuh.net> References: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> In-Reply-To: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> To: Willy Tarreau , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.1 X-Developer-Signature: v=1; a=ed25519-sha256; t=1679326878; l=987; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=8+nQaJm+ZpSS5pDVDYI8Ih7aP+obiBBNskXrcuawcY4=; b=TaXGkzUL3xHCtunu6pxuTjT6Der+r4LEofS5YgQayMdk3NgAUO2r6DsVBZrRzelmREo9bB9L1 nrNsis9gLYgDvKhmE0MsrOgYVZe3KOKZ1ROVCIsjF6flvn6rD3033hm X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org For the cflags to enable stack protectors to work properly they need to be specified after -fno-stack-protector. To do this fold all cflags into a single variable and move -fno-stack-protector before the arch-specific cflags. Signed-off-by: Thomas Weißschuh --- tools/testing/selftests/nolibc/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selftests/nolibc/Makefile index c99bbcda7495..236c0364f5fb 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -77,8 +77,9 @@ Q=@ endif CFLAGS_s390 = -m64 -CFLAGS ?= -Os -fno-ident -fno-asynchronous-unwind-tables $(CFLAGS_$(ARCH)) -CFLAGS += $(call cc-option,-fno-stack-protector) +CFLAGS ?= -Os -fno-ident -fno-asynchronous-unwind-tables \ + $(call cc-option,-fno-stack-protector) \ + $(CFLAGS_$(ARCH)) LDFLAGS := -s help: From patchwork Mon Mar 20 15:41:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13181491 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AC92C76195 for ; Mon, 20 Mar 2023 15:50:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231982AbjCTPub (ORCPT ); Mon, 20 Mar 2023 11:50:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57748 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233335AbjCTPts (ORCPT ); Mon, 20 Mar 2023 11:49:48 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05ADB2FCEC; Mon, 20 Mar 2023 08:41:24 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1679326882; bh=JyOrsnSClXzOy2qb2h3WcW0lX0xzEzpyA/yocZM6rxk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ATWiycxwuKiBrIWlMK6qq40IkPG4fH++buyOoo6EGOYoFOtSIGAzoZsAqXb+2dGJQ ZEsaZVM8N7TMR8AO7nan8A8YlRSv4SuFmUL/dpDSXCBUDA7W2CYyCUYR8urCh5DKeO //bGbQYqU1BLQYufbCKrxNIL1vihCbzzHJHDHQpo= Date: Mon, 20 Mar 2023 15:41:06 +0000 Subject: [PATCH v2 6/8] tools/nolibc: tests: add test for -fstack-protector MIME-Version: 1.0 Message-Id: <20230223-nolibc-stackprotector-v2-6-4c938e098d67@weissschuh.net> References: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> In-Reply-To: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> To: Willy Tarreau , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.1 X-Developer-Signature: v=1; a=ed25519-sha256; t=1679326878; l=2836; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=JyOrsnSClXzOy2qb2h3WcW0lX0xzEzpyA/yocZM6rxk=; b=a8YNdJ/4b1JkbNuPWAJxJ2gYEKeTzYJ/KBfT3JFHFpkMiK7scEvSx+YJxAFnH7vcPBtu7lnN1 1oEQfg/daTYBQT1LG3XdxgmNwz9NXGeuhjVPrKHGPlSaeDbU9zJpMMv X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Test the previously introduce stack protector functionality in nolibc. Signed-off-by: Thomas Weißschuh --- tools/testing/selftests/nolibc/Makefile | 3 ++ tools/testing/selftests/nolibc/nolibc-test.c | 62 +++++++++++++++++++++++++++- 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selftests/nolibc/Makefile index 236c0364f5fb..b4f818547f35 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -76,6 +76,9 @@ else Q=@ endif +CFLAGS_STACKPROTECTOR = -DNOLIBC_STACKPROTECTOR \ + $(call cc-option,-mstack-protector-guard=global) \ + $(call cc-option,-fstack-protector-all) CFLAGS_s390 = -m64 CFLAGS ?= -Os -fno-ident -fno-asynchronous-unwind-tables \ $(call cc-option,-fno-stack-protector) \ diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c index fb2d4872fac9..21bacc928bf7 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -667,6 +667,63 @@ int run_stdlib(int min, int max) return ret; } +#if defined(__clang__) +__attribute__((optnone)) +#elif defined(__GNUC__) +__attribute__((optimize("O0"))) +#endif +static int smash_stack(void) +{ + char buf[100]; + + for (size_t i = 0; i < 200; i++) + buf[i] = 'P'; + + return 1; +} + +static int run_protection(int min, int max) +{ + pid_t pid; + int llen = 0, status; + + llen += printf("0 -fstackprotector "); + +#if !defined(NOLIBC_STACKPROTECTOR) + llen += printf("not supported"); + pad_spc(llen, 64, "[SKIPPED]\n"); + return 0; +#endif + + pid = -1; + pid = fork(); + + switch (pid) { + case -1: + llen += printf("fork()"); + pad_spc(llen, 64, "[FAIL]\n"); + return 1; + + case 0: + close(STDOUT_FILENO); + close(STDERR_FILENO); + + smash_stack(); + return 1; + + default: + pid = waitpid(pid, &status, 0); + + if (pid == -1 || !WIFSIGNALED(status) || WTERMSIG(status) != SIGABRT) { + llen += printf("waitpid()"); + pad_spc(llen, 64, "[FAIL]\n"); + return 1; + } + pad_spc(llen, 64, " [OK]\n"); + return 0; + } +} + /* prepare what needs to be prepared for pid 1 (stdio, /dev, /proc, etc) */ int prepare(void) { @@ -719,8 +776,9 @@ int prepare(void) /* This is the definition of known test names, with their functions */ static const struct test test_names[] = { /* add new tests here */ - { .name = "syscall", .func = run_syscall }, - { .name = "stdlib", .func = run_stdlib }, + { .name = "syscall", .func = run_syscall }, + { .name = "stdlib", .func = run_stdlib }, + { .name = "protection", .func = run_protection }, { 0 } }; From patchwork Mon Mar 20 15:41:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13181488 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA550C7618D for ; Mon, 20 Mar 2023 15:50:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231954AbjCTPu1 (ORCPT ); Mon, 20 Mar 2023 11:50:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233339AbjCTPts (ORCPT ); Mon, 20 Mar 2023 11:49:48 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEF79126E7; Mon, 20 Mar 2023 08:41:25 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1679326882; bh=ALZVNlFzQbWC29byVLfkuxfsVLHyQCL0ajAaJz9Wghg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mJXCmWqS/4IZFQHCr46z0tZvRa9YXKQ4aUQNimmk4UpuirJ0BT03sbDdhpmMC90m1 rGSdZU9Q4HAVm00YEnR1cHqRKQA5USjJ1EynQgafORZqb9q1sywlB7ffbHIymSttrS 0jgV3+/Bi0nPpSoLuqwL9pUVncmhdtVy+ir3V3uQ= Date: Mon, 20 Mar 2023 15:41:07 +0000 Subject: [PATCH v2 7/8] tools/nolibc: i386: add stackprotector support MIME-Version: 1.0 Message-Id: <20230223-nolibc-stackprotector-v2-7-4c938e098d67@weissschuh.net> References: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> In-Reply-To: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> To: Willy Tarreau , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.1 X-Developer-Signature: v=1; a=ed25519-sha256; t=1679326878; l=1952; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=ALZVNlFzQbWC29byVLfkuxfsVLHyQCL0ajAaJz9Wghg=; b=El8yLqzdmLyDrDEodwNEvkP2cW1baetn4H+tMOSptTv+otrxoY/5EA9EDstQjzRl1YDgSNyIs XHuoOMWg2rrA9Ax1QVdNjRVKKf5ulR5Z/fYy6JotvCSIeRh4TwMMdnp X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Enable the new stackprotector support for i386. Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/arch-i386.h | 7 ++++++- tools/testing/selftests/nolibc/Makefile | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/include/nolibc/arch-i386.h b/tools/include/nolibc/arch-i386.h index e8d0cf545bf1..2d98d78fd3f3 100644 --- a/tools/include/nolibc/arch-i386.h +++ b/tools/include/nolibc/arch-i386.h @@ -181,6 +181,8 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); +#define __ARCH_SUPPORTS_STACK_PROTECTOR + /* startup code */ /* * i386 System V ABI mandates: @@ -188,9 +190,12 @@ const unsigned long *_auxv __attribute__((weak)); * 2) The deepest stack frame should be set to zero * */ -void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) _start(void) +void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void) { __asm__ volatile ( +#ifdef NOLIBC_STACKPROTECTOR + "call __stack_chk_init\n" // initialize stack protector +#endif "pop %eax\n" // argc (first arg, %eax) "mov %esp, %ebx\n" // argv[] (second arg, %ebx) "lea 4(%ebx,%eax,4),%ecx\n" // then a NULL then envp (third arg, %ecx) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selftests/nolibc/Makefile index b4f818547f35..8f069ebdd124 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -79,6 +79,7 @@ endif CFLAGS_STACKPROTECTOR = -DNOLIBC_STACKPROTECTOR \ $(call cc-option,-mstack-protector-guard=global) \ $(call cc-option,-fstack-protector-all) +CFLAGS_i386 = $(CFLAGS_STACKPROTECTOR) CFLAGS_s390 = -m64 CFLAGS ?= -Os -fno-ident -fno-asynchronous-unwind-tables \ $(call cc-option,-fno-stack-protector) \ From patchwork Mon Mar 20 15:41:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13181486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2E5BC7618A for ; Mon, 20 Mar 2023 15:50:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231829AbjCTPuZ (ORCPT ); Mon, 20 Mar 2023 11:50:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233344AbjCTPtt (ORCPT ); Mon, 20 Mar 2023 11:49:49 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF0012B9F7; Mon, 20 Mar 2023 08:41:25 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1679326882; bh=i20Oh7UPtMkF7KR9AMHb1kh7uhEQ1eEVn8pe6hGS0IY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=IEEumZMhOJj7/5fO9M78jnYjwF6vw43+TOAY/TOfIzzevHlcJgYEvXOpVK4hK6WzL DYbYEfL2viDF9VD4rWWIpw6yBSn5zYJYUlTIWXC0fgSIrv1eEYwV0CA922VvWoljCG eIoaLVFeQNfCsVOAedKa5p8UBoO3TjLpsAssyeTc= Date: Mon, 20 Mar 2023 15:41:08 +0000 Subject: [PATCH v2 8/8] tools/nolibc: x86_64: add stackprotector support MIME-Version: 1.0 Message-Id: <20230223-nolibc-stackprotector-v2-8-4c938e098d67@weissschuh.net> References: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> In-Reply-To: <20230223-nolibc-stackprotector-v2-0-4c938e098d67@weissschuh.net> To: Willy Tarreau , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.1 X-Developer-Signature: v=1; a=ed25519-sha256; t=1679326878; l=1856; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=i20Oh7UPtMkF7KR9AMHb1kh7uhEQ1eEVn8pe6hGS0IY=; b=yBKpZLIhD2oLBnMhKGSP33SljC5XJO6L5jLzsIMP1QRDWF8qpnRzP3lO5IRVQgThoA/S0AcOs KcMpHjuFCsHCZygA9AsMyhp/qPX/l1LhHvKCsQg759Tph36y0IVFjve X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Enable the new stackprotector support for x86_64. Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/arch-x86_64.h | 5 +++++ tools/testing/selftests/nolibc/Makefile | 2 ++ 2 files changed, 7 insertions(+) diff --git a/tools/include/nolibc/arch-x86_64.h b/tools/include/nolibc/arch-x86_64.h index 17f6751208e7..f7f2a11d4c3b 100644 --- a/tools/include/nolibc/arch-x86_64.h +++ b/tools/include/nolibc/arch-x86_64.h @@ -181,6 +181,8 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); +#define __ARCH_SUPPORTS_STACK_PROTECTOR + /* startup code */ /* * x86-64 System V ABI mandates: @@ -191,6 +193,9 @@ const unsigned long *_auxv __attribute__((weak)); void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) _start(void) { __asm__ volatile ( +#ifdef NOLIBC_STACKPROTECTOR + "call __stack_chk_init\n" // initialize stack protector +#endif "pop %rdi\n" // argc (first arg, %rdi) "mov %rsp, %rsi\n" // argv[] (second arg, %rsi) "lea 8(%rsi,%rdi,8),%rdx\n" // then a NULL then envp (third arg, %rdx) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selftests/nolibc/Makefile index 8f069ebdd124..543555f4cbdc 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -80,6 +80,8 @@ CFLAGS_STACKPROTECTOR = -DNOLIBC_STACKPROTECTOR \ $(call cc-option,-mstack-protector-guard=global) \ $(call cc-option,-fstack-protector-all) CFLAGS_i386 = $(CFLAGS_STACKPROTECTOR) +CFLAGS_x86_64 = $(CFLAGS_STACKPROTECTOR) +CFLAGS_x86 = $(CFLAGS_STACKPROTECTOR) CFLAGS_s390 = -m64 CFLAGS ?= -Os -fno-ident -fno-asynchronous-unwind-tables \ $(call cc-option,-fno-stack-protector) \