This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 07/12] x86/CET: Add tests with legacy non-CET shared objects

On 07/25/2018 07:46 AM, H.J. Lu wrote:
> On Tue, Jul 24, 2018 at 11:21:22PM -0400, Carlos O'Donell wrote:
>> On 07/21/2018 10:20 AM, H.J. Lu wrote:
>>> Check binary compatibility of CET-enabled executables:
>>>
>>
>> OK for 2.28.
>>
>> Gold star for always enabling the tests and having them 
>>
>> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
>>
>>> 1. When CET-enabled executable is used with legacy non-CET shared object
>>> at run-time, ld.so should disable SHSTK and put legacy non-CET shared
>>> objects in legacy bitmap.
>>
>> OK.
>>
>>> 2. When IBT-enabled executable dlopens legacy non-CET shared object,
>>> ld.so should put legacy shared object in legacy bitmap.
>>
>> OK.
>>
>>> 3. Use GLIBC_TUNABLES=glibc.tune.x86_shstk=[on|off|permissive] to
>>> control how SHSTK is enabled.
>>
>> OK.
>>
>>>
>>> 	* sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1,
>>> 	tst-cet-legacy-2, tst-cet-legacy-2a, tst-cet-legacy-3,
>>> 	tst-cet-legacy-4, tst-cet-legacy-4a, tst-cet-legacy-4b
>>> 	and tst-cet-legacy-4c.
>>> 	(modules-names): Add tst-cet-legacy-mod-1, tst-cet-legacy-mod-2
>>> 	and tst-cet-legacy-mod-4.
>>> 	(CFLAGS-tst-cet-legacy-2.c): New.
>>> 	(CFLAGS-tst-cet-legacy-mod-1.c): Likewise.
>>> 	(CFLAGS-tst-cet-legacy-mod-2.c): Likewise.
>>> 	(CFLAGS-tst-cet-legacy-3.c): Likewise.
>>> 	(CFLAGS-tst-cet-legacy-4.c): Likewise.
>>> 	(CFLAGS-tst-cet-legacy-mod-4.c): Likewise.
>>> 	($(objpfx)tst-cet-legacy-1): Likewise.
>>> 	($(objpfx)tst-cet-legacy-2): Likewise.
>>> 	($(objpfx)tst-cet-legacy-2.out): Likewise.
>>> 	($(objpfx)tst-cet-legacy-2a): Likewise.
>>> 	($(objpfx)tst-cet-legacy-2a.out): Likewise.
>>> 	($(objpfx)tst-cet-legacy-4): Likewise.
>>> 	($(objpfx)tst-cet-legacy-4.out): Likewise.
>>> 	($(objpfx)tst-cet-legacy-4a): Likewise.
>>> 	($(objpfx)tst-cet-legacy-4a.out): Likewise.
>>> 	(tst-cet-legacy-4a-ENV): Likewise.
>>> 	($(objpfx)tst-cet-legacy-4b): Likewise.
>>> 	($(objpfx)tst-cet-legacy-4b.out): Likewise.
>>> 	(tst-cet-legacy-4b-ENV): Likewise.
>>> 	($(objpfx)tst-cet-legacy-4c): Likewise.
>>> 	($(objpfx)tst-cet-legacy-4c.out): Likewise.
>>> 	(tst-cet-legacy-4c-ENV): Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-1.c: New file.
>>> 	* sysdeps/x86/tst-cet-legacy-2.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-2a.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-3.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-4.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-4a.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-4b.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-4c.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-mod-1.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-mod-2.c: Likewise.
>>> 	* sysdeps/x86/tst-cet-legacy-mod-4.c: Likewise.
>>> ---
>>>  sysdeps/x86/Makefile               | 38 +++++++++++++
>>>  sysdeps/x86/tst-cet-legacy-1.c     | 44 +++++++++++++++
>>>  sysdeps/x86/tst-cet-legacy-2.c     | 64 ++++++++++++++++++++++
>>>  sysdeps/x86/tst-cet-legacy-2a.c    |  1 +
>>>  sysdeps/x86/tst-cet-legacy-3.c     | 88 ++++++++++++++++++++++++++++++
>>>  sysdeps/x86/tst-cet-legacy-4.c     | 56 +++++++++++++++++++
>>>  sysdeps/x86/tst-cet-legacy-4a.c    |  1 +
>>>  sysdeps/x86/tst-cet-legacy-4b.c    |  1 +
>>>  sysdeps/x86/tst-cet-legacy-4c.c    |  1 +
>>>  sysdeps/x86/tst-cet-legacy-mod-1.c | 24 ++++++++
>>>  sysdeps/x86/tst-cet-legacy-mod-2.c | 24 ++++++++
>>>  sysdeps/x86/tst-cet-legacy-mod-4.c |  2 +
>>>  12 files changed, 344 insertions(+)
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-1.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-2.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-2a.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-3.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-4.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-4a.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-4b.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-4c.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-mod-1.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-mod-2.c
>>>  create mode 100644 sysdeps/x86/tst-cet-legacy-mod-4.c
>>>
>>> diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
>>> index e9b2d0b35d..672bb19489 100644
>>> --- a/sysdeps/x86/Makefile
>>> +++ b/sysdeps/x86/Makefile
>>> @@ -17,6 +17,44 @@ endif
>>>  ifeq ($(enable-cet),yes)
>>>  ifeq ($(subdir),elf)
>>>  sysdep-dl-routines += dl-cet
>>> +
>>> +tests += tst-cet-legacy-1 tst-cet-legacy-2 tst-cet-legacy-2a \
>>> +	 tst-cet-legacy-3 tst-cet-legacy-4
>>
>> OK.
>>
>>> +ifneq (no,$(have-tunables))
>>> +tests += tst-cet-legacy-4a tst-cet-legacy-4b tst-cet-legacy-4c
>>
>> OK.
>>
>>> +endif
>>> +modules-names += tst-cet-legacy-mod-1 tst-cet-legacy-mod-2 \
>>> +		 tst-cet-legacy-mod-4
>>> +
>>> +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch
>>> +CFLAGS-tst-cet-legacy-2a.c += -fcf-protection
>>> +CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none
>>> +CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none
>>> +CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none
>>> +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch
>>> +CFLAGS-tst-cet-legacy-4a.c += -fcf-protection
>>> +CFLAGS-tst-cet-legacy-4b.c += -fcf-protection
>>> +CFLAGS-tst-cet-legacy-mod-4.c += -fcf-protection=none
>>
>> OK, but I'm slightly disappointed that we can't have all tests
>> enabled and just have these return UNSUPPORTED. These tests are
>> effectively hidden behind the enable-cet check and could bitrot
>> because we aren't compiling them.
>>
>>> +
>>> +$(objpfx)tst-cet-legacy-1: $(objpfx)tst-cet-legacy-mod-1.so \
>>> +		       $(objpfx)tst-cet-legacy-mod-2.so
>>> +$(objpfx)tst-cet-legacy-2: $(objpfx)tst-cet-legacy-mod-2.so $(libdl)
>>> +$(objpfx)tst-cet-legacy-2.out: $(objpfx)tst-cet-legacy-mod-1.so
>>> +$(objpfx)tst-cet-legacy-2a: $(objpfx)tst-cet-legacy-mod-2.so $(libdl)
>>> +$(objpfx)tst-cet-legacy-2a.out: $(objpfx)tst-cet-legacy-mod-1.so
>>> +$(objpfx)tst-cet-legacy-4: $(libdl)
>>> +$(objpfx)tst-cet-legacy-4.out: $(objpfx)tst-cet-legacy-mod-4.so
>>> +ifneq (no,$(have-tunables))
>>> +$(objpfx)tst-cet-legacy-4a: $(libdl)
>>> +$(objpfx)tst-cet-legacy-4a.out: $(objpfx)tst-cet-legacy-mod-4.so
>>> +tst-cet-legacy-4a-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=permissive
>>
>> OK.
>>
>>> +$(objpfx)tst-cet-legacy-4b: $(libdl)
>>> +$(objpfx)tst-cet-legacy-4b.out: $(objpfx)tst-cet-legacy-mod-4.so
>>> +tst-cet-legacy-4b-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=on
>>
>> OK.
>>
>>> +$(objpfx)tst-cet-legacy-4c: $(libdl)
>>> +$(objpfx)tst-cet-legacy-4c.out: $(objpfx)tst-cet-legacy-mod-4.so
>>> +tst-cet-legacy-4c-ENV = GLIBC_TUNABLES=glibc.tune.x86_shstk=off
>>
>> OK.
>>
>>> +endif
>>>  endif
>>>  
> ...
>>> diff --git a/sysdeps/x86/tst-cet-legacy-3.c b/sysdeps/x86/tst-cet-legacy-3.c
>>> new file mode 100644
>>> index 0000000000..7bf0e656b1
>>> --- /dev/null
>>> +++ b/sysdeps/x86/tst-cet-legacy-3.c
>>> @@ -0,0 +1,88 @@
>>> +/* Check compatibility of CET-enabled executable with dlopened legacy
>>> +   shared object.  Copied from gcc.target/i386/pr81128.c in GCC testsuite.
>>
>> You cannot copy from GCC and relicense from GPLv3 to GPLv2.1 unless you
>> owned the original code.
>>
> 
> We only need to check if we can dlopen non-CET shared object from a CET
> program.  I am checking in this patch with a simple test:
>

That is perfect, and the test is simpler. I'm OK wit hthis.

> int
> test (void)
> {
>   printf ("PASS\n");
>   return 0;
> }
> 
> 
> H.J.
> ---
> Check binary compatibility of CET-enabled executables:
> 
> 1. When CET-enabled executable is used with legacy non-CET shared object
> at run-time, ld.so should disable SHSTK and put legacy non-CET shared
> objects in legacy bitmap.
> 2. When IBT-enabled executable dlopens legacy non-CET shared object,
> ld.so should put legacy shared object in legacy bitmap.
> 3. Use GLIBC_TUNABLES=glibc.tune.x86_shstk=[on|off|permissive] to
> control how SHSTK is enabled.
> 
> 	* sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1,
> 	tst-cet-legacy-2, tst-cet-legacy-2a, tst-cet-legacy-3,
> 	tst-cet-legacy-4, tst-cet-legacy-4a, tst-cet-legacy-4b
> 	and tst-cet-legacy-4c.
> 	(modules-names): Add tst-cet-legacy-mod-1, tst-cet-legacy-mod-2
> 	and tst-cet-legacy-mod-4.
> 	(CFLAGS-tst-cet-legacy-2.c): New.
> 	(CFLAGS-tst-cet-legacy-mod-1.c): Likewise.
> 	(CFLAGS-tst-cet-legacy-mod-2.c): Likewise.
> 	(CFLAGS-tst-cet-legacy-3.c): Likewise.
> 	(CFLAGS-tst-cet-legacy-4.c): Likewise.
> 	(CFLAGS-tst-cet-legacy-mod-4.c): Likewise.
> 	($(objpfx)tst-cet-legacy-1): Likewise.
> 	($(objpfx)tst-cet-legacy-2): Likewise.
> 	($(objpfx)tst-cet-legacy-2.out): Likewise.
> 	($(objpfx)tst-cet-legacy-2a): Likewise.
> 	($(objpfx)tst-cet-legacy-2a.out): Likewise.
> 	($(objpfx)tst-cet-legacy-4): Likewise.
> 	($(objpfx)tst-cet-legacy-4.out): Likewise.
> 	($(objpfx)tst-cet-legacy-4a): Likewise.
> 	($(objpfx)tst-cet-legacy-4a.out): Likewise.
> 	(tst-cet-legacy-4a-ENV): Likewise.
> 	($(objpfx)tst-cet-legacy-4b): Likewise.
> 	($(objpfx)tst-cet-legacy-4b.out): Likewise.
> 	(tst-cet-legacy-4b-ENV): Likewise.
> 	($(objpfx)tst-cet-legacy-4c): Likewise.
> 	($(objpfx)tst-cet-legacy-4c.out): Likewise.
> 	(tst-cet-legacy-4c-ENV): Likewise.
> 	* sysdeps/x86/tst-cet-legacy-1.c: New file.
> 	* sysdeps/x86/tst-cet-legacy-2.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-2a.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-3.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-4.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-4a.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-4b.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-4c.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-mod-1.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-mod-2.c: Likewise.
> 	* sysdeps/x86/tst-cet-legacy-mod-4.c: Likewise.

OK for 2.28.

Reviewed that the gcc copied test is removed.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

Cheers,
Carlos.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]