Do check-execstack test using readelf rather than a build-time C program.

14 years ago · 82397ed6ea
4 changed files with 88 additions and 177 deletions
--- a/10
+++ b/10
@ -1,5 +1,15 @@
 2012-05-01  Roland McGrath  <roland@hack.frob.com>

+	* scripts/check-execstack.awk: New file.
+	* elf/Makefile ($(objpfx)check-execstack): Target removed.
+	(check-execstack-CFLAGS): Variable removed.
+	($(objpfx)check-execstack.h): Target removed.
+	($(objpfx)execstack-default): New target.
+	(generated): Add that instead of check-execstack.h.
+	($(all-built-dso:=.phdr)): New static pattern rule.
+	(generated): Add those targets.
+	* elf/check-execstack.c: File removed.
+
 	* scripts/check-textrel.awk: New file.
 	* elf/Makefile ($(objpfx)check-textrel): Target removed.
 	(check-textrel-CFLAGS): Variable removed.
--- a/elf/Makefile
+++ b/elf/Makefile
@ -872,18 +872,6 @@ CFLAGS-tst-pie1.c += $(pie-ccflag)

 $(objpfx)tst-pie1: $(objpfx)tst-piemod1.so

-check-execstack-CFLAGS = -O -Wall -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -std=gnu99 \
-			 $(objpfx:%/=-I%)
-$(objpfx)check-execstack: check-execstack.c $(objpfx)check-execstack.h
-	$(native-compile)
-$(objpfx)check-execstack.h: $(first-word $(wildcard $(sysdirs:%=%/stackinfo.h)))
-	$(make-target-directory)
-	{ echo '#include <stackinfo.h>'; echo '@@@DEFAULT_STACK_PERMS@@@'; } | \
-	$(CC) $(CFLAGS) $(CPPFLAGS) -E -x c-header - | \
-	sed -n -e 's/^@@@\(.*\)@@@/#define DEFAULT_STACK_PERMS \1/p' > $@T
-	mv -f $@T $@
-generated += check-execstack.h
-
 check-localplt-CFLAGS = -O -Wall -D_GNU_SOURCE -std=gnu99
 $(objpfx)check-localplt: check-localplt.c
 	$(native-compile)
@ -909,9 +897,32 @@ $(objpfx)check-textrel.out: $(..)scripts/check-textrel.awk \
 	LC_ALL=C $(AWK) -f $^ > $@
 generated += check-textrel.out

-$(objpfx)check-execstack.out: $(objpfx)check-execstack $(all-built-dso)
-	$(dir $<)$(notdir $<) $(filter-out $<, $^) > $@
-generated += check-execstack check-execstack.out
+$(objpfx)execstack-default: $(first-word $(wildcard $(sysdirs:%=%/stackinfo.h)))
+	$(make-target-directory)
+	{ echo '#include <elf.h>'; \
+	  echo '#include <stackinfo.h>'; \
+	  echo '#if (DEFAULT_STACK_PERMS & PF_X) == 0'; \
+	  echo '@@@execstack-no@@@'; \
+	  echo '#else'; \
+	  echo '@@@execstack-yes@@@'; \
+	  echo '#endif'; } | \
+	$(CC) $(CFLAGS) $(CPPFLAGS) -E -x c-header - | \
+	sed -n -e 's/^@@@\(.*\)@@@/\1/p' > $@T
+	mv -f $@T $@
+generated += execstack-default
+
+$(all-built-dso:=.phdr): %.phdr: %
+	@rm -f $@T
+	LC_ALL=C $(READELF) -W -l $< > $@T
+	test -s $@T
+	mv -f $@T $@
+generated += $(all-built-dso:=.phdr)
+
+$(objpfx)check-execstack.out: $(..)scripts/check-execstack.awk \
+			      $(objpfx)execstack-default \
+			      $(all-built-dso:=.phdr)
+	LC_ALL=C $(AWK) -f $^ > $@
+generated += check-execstack.out

 $(objpfx)tst-dlmodcount: $(libdl)
 $(objpfx)tst-dlmodcount.out: $(test-modules)
--- a/elf/check-execstack.c
+++ b/elf/check-execstack.c
@ -1,162 +0,0 @@
-/* Check for executable stacks in DSOs.
-   Copyright (C) 2009, 2010 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-   Contribute by Ulrich Drepper <drepper@redhat.com>. 2009.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <http://www.gnu.org/licenses/>.  */
-
-#include <byteswap.h>
-#include <elf.h>
-#include <endian.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include "check-execstack.h"
-
-
-#ifdef BITS
-
-# define AB(name) _AB (name, BITS)
-# define _AB(name, bits) __AB (name, bits)
-# define __AB(name, bits) name##bits
-# define E(name) _E (name, BITS)
-# define _E(name, bits) __E (name, bits)
-# define __E(name, bits) Elf##bits##_##name
-# define SWAP(val) \
-  ({ __typeof (val) __res;						      \
-     if (((ehdr.e_ident[EI_DATA] == ELFDATA2MSB				      \
-	   && BYTE_ORDER == LITTLE_ENDIAN)				      \
-	  || (ehdr.e_ident[EI_DATA] == ELFDATA2LSB			      \
-	      && BYTE_ORDER == BIG_ENDIAN))				      \
-	 && sizeof (val) != 1)						      \
-       {								      \
-	 if (sizeof (val) == 2)						      \
-	   __res = bswap_16 (val);					      \
-	 else if (sizeof (val) == 4)					      \
-	   __res = bswap_32 (val);					      \
-	 else								      \
-	   __res = bswap_64 (val);					      \
-       }								      \
-     else								      \
-       __res = (val);							      \
-     __res; })
-
-
-static int
-AB(handle_file) (const char *fname, int fd)
-{
-  E(Ehdr) ehdr;
-
-  if (pread (fd, &ehdr, sizeof (ehdr), 0) != sizeof (ehdr))
-    {
-    read_error:
-      printf ("%s: read error: %m\n", fname);
-      return 1;
-    }
-
-  const size_t phnum = SWAP (ehdr.e_phnum);
-  const size_t phentsize = SWAP (ehdr.e_phentsize);
-
-  /* Read the program header.  */
-  E(Phdr) *phdr = alloca (phentsize * phnum);
-  if (pread (fd, phdr, phentsize * phnum, SWAP (ehdr.e_phoff))
-      != phentsize * phnum)
-    goto read_error;
-
-  /* Search for the PT_GNU_STACK entry.  */
-  for (size_t cnt = 0; cnt < phnum; ++cnt)
-    if (SWAP (phdr[cnt].p_type) == PT_GNU_STACK)
-      {
-	unsigned int flags = SWAP(phdr[cnt].p_flags);
-	if (flags & PF_X)
-	  {
-	    printf ("%s: executable stack signaled\n", fname);
-	    return 1;
-	  }
-
-	return 0;
-      }
-
-  if (DEFAULT_STACK_PERMS & PF_X)
-    {
-      printf ("%s: no PT_GNU_STACK entry\n", fname);
-      return 1;
-    }
-
-  return 0;
-}
-
-# undef BITS
-#else
-
-# define BITS 32
-# include "check-execstack.c"
-
-# define BITS 64
-# include "check-execstack.c"
-
-
-static int
-handle_file (const char *fname)
-{
-  int fd = open (fname, O_RDONLY);
-  if (fd == -1)
-    {
-      printf ("cannot open %s: %m\n", fname);
-      return 1;
-    }
-
-  /* Read was is supposed to be the ELF header.  Read the initial
-     bytes to determine whether this is a 32 or 64 bit file.  */
-  char ident[EI_NIDENT];
-  if (read (fd, ident, EI_NIDENT) != EI_NIDENT)
-    {
-      printf ("%s: read error: %m\n", fname);
-      close (fd);
-      return 1;
-    }
-
-  if (memcmp (&ident[EI_MAG0], ELFMAG, SELFMAG) != 0)
-    {
-      printf ("%s: not an ELF file\n", fname);
-      close (fd);
-      return 1;
-    }
-
-  int result;
-  if (ident[EI_CLASS] == ELFCLASS64)
-    result = handle_file64 (fname, fd);
-  else
-    result = handle_file32 (fname, fd);
-
-  close (fd);
-
-  return result;
-}
-
-
-int
-main (int argc, char *argv[])
-{
-  int cnt;
-  int result = 0;
-
-  for (cnt = 1; cnt < argc; ++cnt)
-    result |= handle_file (argv[cnt]);
-  return result;
-}
-#endif
--- a/scripts/check-execstack.awk
+++ b/scripts/check-execstack.awk
@ -0,0 +1,52 @@
+# This awk script expects to get command-line files that are each
+# the output of 'readelf -l' on a single shared object.
+# But the first file should contain just "execstack-no" or "execstack-yes",
+# indicating what the default is in the absence of PT_GNU_STACK.
+# It exits successfully (0) if none indicated executable stack.
+# It fails (1) if any did indicate executable stack.
+# It fails (2) if the input did not take the expected form.
+
+BEGIN { result = sanity = 0; default_exec = -1 }
+
+/^execstack-no$/ { default_exec = 0; next }
+/^execstack-yes$/ { default_exec = 1; next }
+
+function check_one(name) {
+  if (default_exec == -1) {
+    print "*** missing execstack-default file?";
+    result = 2;
+  }
+
+  if (!sanity) {
+    print name ": *** input did not look like readelf -l output";
+    result = 2;
+  } else if (stack_line) {
+    if (stack_line ~ /^.*RW .*$/) {
+      print name ": OK";
+    } else if (stack_line ~ /^.*E.*$/) {
+      print name ": *** executable stack signaled";
+      result = result ? result : 1;
+    }
+  } else if (default_exec) {
+    print name ": *** no PT_GNU_STACK entry";
+    result = result ? result : 1;
+  } else {
+    print name ": no PT_GNU_STACK but default is OK";
+  }
+
+  sanity = 0;
+}
+
+FILENAME != lastfile {
+  if (lastfile)
+    check_one(lastfile);
+  lastfile = FILENAME;
+}
+
+$1 == "Type" && $7 == "Flg" { sanity = 1; stack_line = "" }
+$1 == "GNU_STACK" { stack_line = $0 }
+
+END {
+  check_one(lastfile);
+  exit(result);
+}