]>
Commit | Line | Data |
---|---|---|
f753fa7d | 1 | /* x86 CET initializers function. |
6d7e8eda | 2 | Copyright (C) 2018-2023 Free Software Foundation, Inc. |
f753fa7d L |
3 | |
4 | The GNU C Library is free software; you can redistribute it and/or | |
5 | modify it under the terms of the GNU Lesser General Public | |
6 | License as published by the Free Software Foundation; either | |
7 | version 2.1 of the License, or (at your option) any later version. | |
8 | ||
9 | The GNU C Library is distributed in the hope that it will be useful, | |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
12 | Lesser General Public License for more details. | |
13 | ||
14 | You should have received a copy of the GNU Lesser General Public | |
15 | License along with the GNU C Library; if not, see | |
5a82c748 | 16 | <https://www.gnu.org/licenses/>. */ |
f753fa7d L |
17 | |
18 | #include <unistd.h> | |
19 | #include <errno.h> | |
20 | #include <libintl.h> | |
21 | #include <ldsodefs.h> | |
22 | #include <dl-cet.h> | |
f753fa7d L |
23 | |
24 | /* GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK | |
25 | are defined in <elf.h>, which are only available for C sources. | |
26 | X86_FEATURE_1_IBT and X86_FEATURE_1_SHSTK are defined in <sysdep.h> | |
27 | which are available for both C and asm sources. They must match. */ | |
28 | #if GNU_PROPERTY_X86_FEATURE_1_IBT != X86_FEATURE_1_IBT | |
29 | # error GNU_PROPERTY_X86_FEATURE_1_IBT != X86_FEATURE_1_IBT | |
30 | #endif | |
31 | #if GNU_PROPERTY_X86_FEATURE_1_SHSTK != X86_FEATURE_1_SHSTK | |
32 | # error GNU_PROPERTY_X86_FEATURE_1_SHSTK != X86_FEATURE_1_SHSTK | |
33 | #endif | |
34 | ||
f753fa7d L |
35 | /* Check if object M is compatible with CET. */ |
36 | ||
37 | static void | |
38 | dl_cet_check (struct link_map *m, const char *program) | |
39 | { | |
40 | /* Check how IBT should be enabled. */ | |
674ea882 L |
41 | enum dl_x86_cet_control enable_ibt_type |
42 | = GL(dl_x86_feature_control).ibt; | |
f753fa7d | 43 | /* Check how SHSTK should be enabled. */ |
674ea882 L |
44 | enum dl_x86_cet_control enable_shstk_type |
45 | = GL(dl_x86_feature_control).shstk; | |
f753fa7d L |
46 | |
47 | /* No legacy object check if both IBT and SHSTK are always on. */ | |
674ea882 L |
48 | if (enable_ibt_type == cet_always_on |
49 | && enable_shstk_type == cet_always_on) | |
2ef23b52 L |
50 | { |
51 | THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1)); | |
52 | return; | |
53 | } | |
f753fa7d L |
54 | |
55 | /* Check if IBT is enabled by kernel. */ | |
56 | bool ibt_enabled | |
674ea882 | 57 | = (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0; |
f753fa7d L |
58 | /* Check if SHSTK is enabled by kernel. */ |
59 | bool shstk_enabled | |
674ea882 | 60 | = (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0; |
f753fa7d L |
61 | |
62 | if (ibt_enabled || shstk_enabled) | |
63 | { | |
64 | struct link_map *l = NULL; | |
1fabdb99 L |
65 | unsigned int ibt_legacy = 0, shstk_legacy = 0; |
66 | bool found_ibt_legacy = false, found_shstk_legacy = false; | |
f753fa7d L |
67 | |
68 | /* Check if IBT and SHSTK are enabled in object. */ | |
69 | bool enable_ibt = (ibt_enabled | |
674ea882 | 70 | && enable_ibt_type != cet_always_off); |
f753fa7d | 71 | bool enable_shstk = (shstk_enabled |
674ea882 | 72 | && enable_shstk_type != cet_always_off); |
f753fa7d L |
73 | if (program) |
74 | { | |
75 | /* Enable IBT and SHSTK only if they are enabled in executable. | |
76 | NB: IBT and SHSTK may be disabled by environment variable: | |
77 | ||
dce452dc | 78 | GLIBC_TUNABLES=glibc.cpu.hwcaps=-IBT,-SHSTK |
f753fa7d | 79 | */ |
04dff6fc | 80 | enable_ibt &= (CPU_FEATURE_USABLE (IBT) |
674ea882 | 81 | && (enable_ibt_type == cet_always_on |
ecce11aa L |
82 | || (m->l_x86_feature_1_and |
83 | & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0)); | |
04dff6fc | 84 | enable_shstk &= (CPU_FEATURE_USABLE (SHSTK) |
674ea882 | 85 | && (enable_shstk_type == cet_always_on |
ecce11aa L |
86 | || (m->l_x86_feature_1_and |
87 | & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0)); | |
f753fa7d L |
88 | } |
89 | ||
90 | /* ld.so is CET-enabled by kernel. But shared objects may not | |
91 | support IBT nor SHSTK. */ | |
92 | if (enable_ibt || enable_shstk) | |
93 | { | |
f753fa7d | 94 | unsigned int i; |
f753fa7d L |
95 | |
96 | i = m->l_searchlist.r_nlist; | |
97 | while (i-- > 0) | |
98 | { | |
99 | /* Check each shared object to see if IBT and SHSTK are | |
100 | enabled. */ | |
101 | l = m->l_initfini[i]; | |
102 | ||
103 | if (l->l_init_called) | |
104 | continue; | |
105 | ||
106 | #ifdef SHARED | |
107 | /* Skip CET check for ld.so since ld.so is CET-enabled. | |
108 | CET will be disabled later if CET isn't enabled in | |
109 | executable. */ | |
110 | if (l == &GL(dl_rtld_map) | |
111 | || l->l_real == &GL(dl_rtld_map) | |
112 | || (program && l == m)) | |
113 | continue; | |
114 | #endif | |
115 | ||
1fabdb99 L |
116 | /* IBT is enabled only if it is enabled in executable as |
117 | well as all shared objects. */ | |
674ea882 | 118 | enable_ibt &= (enable_ibt_type == cet_always_on |
ecce11aa L |
119 | || (l->l_x86_feature_1_and |
120 | & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0); | |
1fabdb99 | 121 | if (!found_ibt_legacy && enable_ibt != ibt_enabled) |
f753fa7d | 122 | { |
1fabdb99 L |
123 | found_ibt_legacy = true; |
124 | ibt_legacy = i; | |
f753fa7d L |
125 | } |
126 | ||
127 | /* SHSTK is enabled only if it is enabled in executable as | |
128 | well as all shared objects. */ | |
674ea882 | 129 | enable_shstk &= (enable_shstk_type == cet_always_on |
ecce11aa L |
130 | || (l->l_x86_feature_1_and |
131 | & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0); | |
1fabdb99 | 132 | if (enable_shstk != shstk_enabled) |
f753fa7d | 133 | { |
1fabdb99 L |
134 | found_shstk_legacy = true; |
135 | shstk_legacy = i; | |
f753fa7d | 136 | } |
f753fa7d L |
137 | } |
138 | } | |
139 | ||
140 | bool cet_feature_changed = false; | |
141 | ||
142 | if (enable_ibt != ibt_enabled || enable_shstk != shstk_enabled) | |
143 | { | |
1fabdb99 | 144 | if (!program) |
f753fa7d | 145 | { |
674ea882 | 146 | if (enable_ibt_type != cet_permissive) |
1fabdb99 L |
147 | { |
148 | /* When IBT is enabled, we cannot dlopen a shared | |
149 | object without IBT. */ | |
150 | if (found_ibt_legacy) | |
151 | _dl_signal_error (0, | |
152 | m->l_initfini[ibt_legacy]->l_name, | |
153 | "dlopen", | |
154 | N_("rebuild shared object with IBT support enabled")); | |
155 | } | |
156 | ||
674ea882 | 157 | if (enable_shstk_type != cet_permissive) |
1fabdb99 L |
158 | { |
159 | /* When SHSTK is enabled, we cannot dlopen a shared | |
160 | object without SHSTK. */ | |
161 | if (found_shstk_legacy) | |
162 | _dl_signal_error (0, | |
163 | m->l_initfini[shstk_legacy]->l_name, | |
164 | "dlopen", | |
165 | N_("rebuild shared object with SHSTK support enabled")); | |
166 | } | |
167 | ||
674ea882 L |
168 | if (enable_ibt_type != cet_permissive |
169 | && enable_shstk_type != cet_permissive) | |
1fabdb99 | 170 | return; |
f753fa7d L |
171 | } |
172 | ||
173 | /* Disable IBT and/or SHSTK if they are enabled by kernel, but | |
174 | disabled in executable or shared objects. */ | |
175 | unsigned int cet_feature = 0; | |
176 | ||
1fabdb99 | 177 | if (!enable_ibt) |
f753fa7d L |
178 | cet_feature |= GNU_PROPERTY_X86_FEATURE_1_IBT; |
179 | if (!enable_shstk) | |
180 | cet_feature |= GNU_PROPERTY_X86_FEATURE_1_SHSTK; | |
181 | ||
182 | int res = dl_cet_disable_cet (cet_feature); | |
183 | if (res != 0) | |
184 | { | |
185 | if (program) | |
186 | _dl_fatal_printf ("%s: can't disable CET\n", program); | |
187 | else | |
1fabdb99 L |
188 | { |
189 | if (found_ibt_legacy) | |
190 | l = m->l_initfini[ibt_legacy]; | |
191 | else | |
192 | l = m->l_initfini[shstk_legacy]; | |
193 | _dl_signal_error (-res, l->l_name, "dlopen", | |
194 | N_("can't disable CET")); | |
195 | } | |
f753fa7d L |
196 | } |
197 | ||
198 | /* Clear the disabled bits in dl_x86_feature_1. */ | |
674ea882 | 199 | GL(dl_x86_feature_1) &= ~cet_feature; |
f753fa7d L |
200 | |
201 | cet_feature_changed = true; | |
202 | } | |
203 | ||
204 | #ifdef SHARED | |
1fabdb99 | 205 | if (program && (ibt_enabled || shstk_enabled)) |
f753fa7d | 206 | { |
1fabdb99 | 207 | if ((!ibt_enabled |
674ea882 | 208 | || enable_ibt_type != cet_permissive) |
1fabdb99 | 209 | && (!shstk_enabled |
674ea882 | 210 | || enable_shstk_type != cet_permissive)) |
1fabdb99 L |
211 | { |
212 | /* Lock CET if IBT or SHSTK is enabled in executable unless | |
213 | IBT or SHSTK is enabled permissively. */ | |
214 | int res = dl_cet_lock_cet (); | |
215 | if (res != 0) | |
216 | _dl_fatal_printf ("%s: can't lock CET\n", program); | |
217 | } | |
f753fa7d | 218 | |
1fabdb99 | 219 | /* Set feature_1 if IBT or SHSTK is enabled in executable. */ |
f753fa7d L |
220 | cet_feature_changed = true; |
221 | } | |
222 | #endif | |
223 | ||
224 | if (cet_feature_changed) | |
225 | { | |
226 | unsigned int feature_1 = 0; | |
227 | if (enable_ibt) | |
228 | feature_1 |= GNU_PROPERTY_X86_FEATURE_1_IBT; | |
229 | if (enable_shstk) | |
230 | feature_1 |= GNU_PROPERTY_X86_FEATURE_1_SHSTK; | |
231 | struct pthread *self = THREAD_SELF; | |
232 | THREAD_SETMEM (self, header.feature_1, feature_1); | |
233 | } | |
234 | } | |
235 | } | |
236 | ||
237 | void | |
238 | _dl_cet_open_check (struct link_map *l) | |
239 | { | |
240 | dl_cet_check (l, NULL); | |
241 | } | |
242 | ||
243 | #ifdef SHARED | |
244 | ||
245 | # ifndef LINKAGE | |
246 | # define LINKAGE | |
247 | # endif | |
248 | ||
249 | LINKAGE | |
250 | void | |
251 | _dl_cet_check (struct link_map *main_map, const char *program) | |
252 | { | |
253 | dl_cet_check (main_map, program); | |
254 | } | |
255 | #endif /* SHARED */ |