glibc:azanella/mseal

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

44cf654... by Adhemerval Zanella on 2024-06-04

elf: Add support to memory sealing for audit modules

The memory sealing is done after library loading and sanity check
since an inexistent or wrong la_version might unload the library.

Checked on x86_64-linux-gnu and aarch64-linux-gnu.

fa6cd21... by Adhemerval Zanella on 2024-06-07

elf: Enable RTLD_NODELETE on __libc_unwind_link_get

The libgcc_s.so can also be sealed. The library is loaded once
and not unloaded during process execution (only for memory debug
with __libc_unwind_link_freeres).

Checked on x86_64-linux-gnu and aarch64-linux-gnu.

6ea619c... by Adhemerval Zanella on 2024-06-02

elf: Add support to memory sealing

The new Linux mseal syscall allows seal memory mappings to avoid
further changes such as memory protection or remap. The sealing
is done in multiple places where the memory is supposed to
be immutable over program execution:

  * All shared library dependencies from the binary, including the
    read-only segments after PT_GNU_RELRO setup.

  * The binary itself, including dynamic and static links. In both
    It is up either to binary or the loader to set up the sealing.

  * The vDSO vma provided by the kernel (if existent).

  * Any preload libraries.

  * Any library loaded with dlopen with RTLD_NODELETE flag.

For binary dependencies, the RTLD_NODELETE signals the
link_map should be sealed. It also makes dlopen objects with the
flag sealed as well.

The sealing is controlled by a new tunable, glibc.rtld.seal, with
three different states:

  0. Disabled where no sealing is done. This is the default.

  1. Enabled, where the loader will issue the mseal syscall on the
     memory mappings but any failure will be ignored. This is
     the default.

  2. Enforce, similar to Enabled but any failure from the mseal
     will terminate the process.

Checked on x86_64-linux-gnu and aarch64-linux-gnu.

cba0069... by Adhemerval Zanella on 2024-05-29

linux: Add mseal syscall support

It as added on Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370)
as way to block operations as unmaping, moving to another location,
shrinking the size, expanding the size, or modifying to a pre-existent
memory mapping.

Although the systecall only work on 64 bit CPU, the entrypoint was
added for all ABIs (since kernel might eventually implement it to
additional ones and/or the abi can execute on a 64 bit kernel).

Checked on x86_64-linux-gnu.

19f6d6a... by Stefan Liebler <email address hidden> on 2024-06-19

s390x: Regenerate ULPs.

Needed due to:
- "Implement C23 log10p1"
  commit ID 55eb99e9a9d840ba452b128be14d6529c2dde039
- "Implement C23 exp2m1, exp10m1"
  commit ID 7ec903e028271d029818378fd60ddaf6b76b89ac

9a675d9... by mengqinggang <email address hidden> on 2024-06-14

LoongArch: Fix _dl_tlsdesc_dynamic in LSX case

HWCAP value is overwritten at the first comparison of the LASX case.
The second comparison at LSX get incorrect result.
Change to use t0 to save HWCAP value, and use t1 to save comparison
result.

92341e3... by Adhemerval Zanella on 2024-06-18

arm: Update ulps

For the exp10m1, exp2m1, and log10p1 implementations.

45f5f51... by Adhemerval Zanella on 2024-06-18

aarch64: Update ulps

For the exp10m1, exp2m1, and log10p1 implementations.

52b397b... by Adhemerval Zanella on 2024-06-18

powerpc: Update ulps

For the exp10m1, exp2m1, and log10p1 implementations.

f6ea5d1... by Florian Weimer on 2024-06-18

Linux: Include <dl-symbol-redir-ifunc.h> in dl-sysdep.c

The _dl_sysdep_parse_arguments function contains initalization
of a large on-stack variable:

  dl_parse_auxv_t auxv_values = { 0, };

This uses a non-inline version of memset on powerpc64le-linux-gnu,
so it must use the baseline memset.