17 files changed, 289 insertions, 11 deletions

diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h
index df05c0211d..c66d9a49f0 100644
--- a/sysdeps/aarch64/dl-prop.h
+++ b/sysdeps/aarch64/dl-prop.h
@@ -19,6 +19,8 @@
 #ifndef _DL_PROP_H
 #define _DL_PROP_H
 
+#include <dl-prop-mseal.h>
+
 extern void _dl_bti_protect (struct link_map *, int) attribute_hidden;
 
 extern void _dl_bti_check (struct link_map *, const char *)
@@ -45,6 +47,9 @@ static inline int
 _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
 			  uint32_t datasz, void *data)
 {
+  if (_dl_process_gnu_property_seal (l, fd, type, datasz, data))
+    return 0;
+
   if (!GLRO(dl_aarch64_cpu_features).bti)
     /* Skip note processing.  */
     return 0;
diff --git a/sysdeps/generic/dl-mseal.h b/sysdeps/generic/dl-mseal.h
index d542fcac75..dccf78ae38 100644
--- a/sysdeps/generic/dl-mseal.h
+++ b/sysdeps/generic/dl-mseal.h
@@ -21,5 +21,3 @@ _dl_mseal (void *addr, size_t len)
 {
   return 0;
 }
-
-#define SUPPORT_MSEAL lt_seal_dont
diff --git a/sysdeps/generic/dl-prop-mseal.h b/sysdeps/generic/dl-prop-mseal.h
new file mode 100644
index 0000000000..b9dbd24fa5
--- /dev/null
+++ b/sysdeps/generic/dl-prop-mseal.h
@@ -0,0 +1,38 @@
+/* Support for GNU properties.  Generic version.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef _DL_PROP_MSEAL_H
+#define _LD_PROP_MSEAL_H
+
+#include <dl-tunables.h>
+#include <dl-mseal-mode.h>
+
+static __always_inline bool
+_dl_process_gnu_property_seal (struct link_map *l, int fd, uint32_t type,
+			       uint32_t datasz, void *data)
+{
+  if (type == GNU_PROPERTY_NO_MEMORY_SEAL && datasz == 0)
+    {
+      int32_t mode = TUNABLE_GET (glibc, rtld, seal, int32_t, NULL);
+      l->l_seal = (mode == DL_SEAL_ENFORCE) ? lt_seal_toseal : lt_seal_dont;
+      return true;
+    }
+  return false;
+}
+
+#endif
diff --git a/sysdeps/generic/dl-prop.h b/sysdeps/generic/dl-prop.h
index 1d92920a96..5fac690c81 100644
--- a/sysdeps/generic/dl-prop.h
+++ b/sysdeps/generic/dl-prop.h
@@ -19,6 +19,8 @@
 #ifndef _DL_PROP_H
 #define _DL_PROP_H
 
+#include <dl-prop-mseal.h>
+
 /* The following functions are used by the dynamic loader and the
    dlopen machinery to process PT_NOTE and PT_GNU_PROPERTY entries in
    the binary or shared object.  The notes can be used to change the
@@ -47,6 +49,9 @@ static inline int __attribute__ ((always_inline))
 _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
 			  uint32_t datasz, void *data)
 {
+  if (_dl_process_gnu_property_seal (l, fd, type, datasz, data))
+    return 0;
+
   /* Continue until GNU_PROPERTY_1_NEEDED is found.  */
   if (type == GNU_PROPERTY_1_NEEDED)
     {
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index aad5a219df..577f3ae06b 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -1017,10 +1017,13 @@ extern void _dl_relocate_object (struct link_map *map,
 /* Protect PT_GNU_RELRO area.  */
 extern void _dl_protect_relro (struct link_map *map) attribute_hidden;
 
-/* Protect MAP with mseal.  If MAP is contiguous the while region is
-   sealed, otherwise iterate over the phdr to seal each PT_LOAD.  The DEP
-   specify whether to seal the dependencies as well.  */
-extern void _dl_mseal_map (struct link_map *map, bool dep)
+/* Issue memory sealing for the link map MAP.  If MAP is contiguous the
+   whole region is sealed, otherwise iterate over the program headerrs and
+   seal each PT_LOAD segment.i
+   The DEP specify whether to seal the dependencies as well, while FORCE
+   ignores if previous seal configuration (such as
+   GNU_PROPERTY_NO_MEMORY_SEAL mark).  */
+extern void _dl_mseal_map (struct link_map *map, bool dep, bool force)
      attribute_hidden;
 
 /* Call _dl_signal_error with a message about an unhandled reloc type.
diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
index 3161363db1..c82aeb3403 100644
--- a/sysdeps/unix/sysv/linux/Makefile
+++ b/sysdeps/unix/sysv/linux/Makefile
@@ -685,6 +685,52 @@ $(objpfx)tst-dl_mseal-dlopen-2.so: $(objpfx)tst-dl_mseal-dlopen-2-1.so
 LDFLAGS-tst-dl_mseal-dlopen-2.so = -Wl,--no-as-needed
 
 tst-dl_mseal-static-ARGS = -- $(host-test-program-cmd)
+
+ifeq ($(have-z-no-memory-seal),yes)
+tests-static += \
+  tst-dl_mseal-static-no-memory-seal \
+  # tests-static
+
+tests += \
+  tst-dl_mseal-no-memory-seal \
+  tst-dl_mseal-static-no-memory-seal \
+  # tests
+
+modules-names += \
+  tst-dl_mseal-dlopen-no-memory-seal-2 \
+  tst-dl_mseal-dlopen-no-memory-seal-2-1 \
+  tst-dl_mseal-mod-no-memory-seal-1 \
+  tst-dl_mseal-mod-no-memory-seal-2 \
+  tst-dl_mseal-no-memory-seal-auditmod \
+  tst-dl_mseal-no-memory-seal-preload \
+  # modules-names
+
+$(objpfx)tst-dl_mseal-no-memory-seal.out: \
+  $(objpfx)tst-dl_mseal-no-memory-seal-auditmod.so \
+  $(objpfx)tst-dl_mseal-no-memory-seal-preload.so \
+  $(objpfx)tst-dl_mseal-mod-no-memory-seal-1.so \
+  $(objpfx)tst-dl_mseal-mod-no-memory-seal-2.so \
+  $(objpfx)tst-dl_mseal-dlopen-1.so \
+  $(objpfx)tst-dl_mseal-dlopen-1-1.so \
+  $(objpfx)tst-dl_mseal-dlopen-no-memory-seal-2.so \
+  $(objpfx)tst-dl_mseal-dlopen-no-memory-seal-2-1.so
+
+tst-dl_mseal-no-memory-seal-ARGS = -- $(host-test-program-cmd)
+
+LDFLAGS-tst-dl_mseal-no-memory-seal-preload.so = -Wl,-z,no-memory-seal
+
+LDFLAGS-tst-dl_mseal-no-memory-seal-auditmod.so = -Wl,-z,no-memory-seal
+$(objpfx)tst-dl_mseal-no-memory-seal: $(objpfx)tst-dl_mseal-mod-no-memory-seal-1.so
+LDFLAGS-tst-dl_mseal-no-memory-seal = -Wl,-z,no-memory-seal -Wl,--no-as-needed
+$(objpfx)tst-dl_mseal-mod-no-memory-seal-1.so: $(objpfx)tst-dl_mseal-mod-no-memory-seal-2.so
+LDFLAGS-tst-dl_mseal-mod-no-memory-seal-1.so = -Wl,--no-as-needed
+LDFLAGS-tst-dl_mseal-mod-no-memory-seal-2.so = -Wl,-z,no-memory-seal -Wl,--no-as-needed
+$(objpfx)tst-dl_mseal-dlopen-no-memory-seal-2.so: $(objpfx)tst-dl_mseal-dlopen-no-memory-seal-2-1.so
+LDFLAGS-tst-dl_mseal-dlopen-no-memory-seal-2.so = -Wl,--no-as-needed -Wl,-z,no-memory-seal
+
+LDFLAGS-tst-dl_mseal-static-no-memory-seal = -Wl,-z,no-memory-seal
+tst-dl_mseal-static-no-memory-seal-ARGS = -- $(host-test-program-cmd)
+endif
 endif
 
 ifeq ($(subdir),rt)
diff --git a/sysdeps/unix/sysv/linux/dl-mseal.h b/sysdeps/unix/sysv/linux/dl-mseal.h
index 89b19e33c4..25e3f724dc 100644
--- a/sysdeps/unix/sysv/linux/dl-mseal.h
+++ b/sysdeps/unix/sysv/linux/dl-mseal.h
@@ -25,5 +25,3 @@
    Return 0 in case of success or a negative value otherwise (a negative
    errno).  */
 int _dl_mseal (void *addr, size_t len) attribute_hidden;
-
-#define SUPPORT_MSEAL lt_seal_toseal
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-no-memory-seal-2-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-no-memory-seal-2-1.c
new file mode 100644
index 0000000000..0cd647de46
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-no-memory-seal-2-1.c
@@ -0,0 +1,19 @@
+/* Additional module for tst-dl_mseal test.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+int bar2_1 (void) { return 42; }
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-no-memory-seal-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-no-memory-seal-2.c
new file mode 100644
index 0000000000..f719dd3cba
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-no-memory-seal-2.c
@@ -0,0 +1,19 @@
+/* Additional module for tst-dl_mseal test.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+int bar2 (void) { return 42; }
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-no-memory-seal-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-no-memory-seal-1.c
new file mode 100644
index 0000000000..3bd188efe8
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-no-memory-seal-1.c
@@ -0,0 +1,19 @@
+/* Additional module for tst-dl_mseal test.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+int foo1 (void) { return 42; }
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-no-memory-seal-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-no-memory-seal-2.c
new file mode 100644
index 0000000000..636e9777af
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-no-memory-seal-2.c
@@ -0,0 +1,19 @@
+/* Additional module for tst-dl_mseal test.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+int bar1 (void) { return 42; }
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal-auditmod.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal-auditmod.c
new file mode 100644
index 0000000000..a5b257d05e
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal-auditmod.c
@@ -0,0 +1 @@
+#include "tst-dl_mseal-auditmod.c"
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal-preload.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal-preload.c
new file mode 100644
index 0000000000..32b4153e79
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal-preload.c
@@ -0,0 +1 @@
+#include "tst-dl_mseal-preload.c"
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal.c
new file mode 100644
index 0000000000..014a8e76c7
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-no-memory-seal.c
@@ -0,0 +1,65 @@
+/* Basic tests for sealing.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <gnu/lib-names.h>
+
+/* This test checks the GNU_PROPERTY_NO_MEMORY_SEAL handling on multiple
+   places:
+
+   - On the binary itself.
+   - On a LD_PRELOAD library.
+   - On a depedency module (tst-dl_mseal-mod-no-memory-seal-2.so).
+   - On a audit modules (tst-dl_mseal-no-memory-seal-auditmod.so).
+   - On a dlopen dependency opened with RTLD_NODELET
+     (tst-dl_mseal-dlopen-no-memory-seal-2.so).
+*/
+
+#define LIB_PRELOAD              "tst-dl_mseal-no-memory-seal-preload.so"
+#define GLIBC_RTLD_SEAL          "1"
+
+#define LIB_DLOPEN_DEFAULT       "tst-dl_mseal-dlopen-1.so"
+#define LIB_DLOPEN_DEFAULT_DEP   "tst-dl_mseal-dlopen-1-1.so"
+#define LIB_DLOPEN_NODELETE      "tst-dl_mseal-dlopen-no-memory-seal-2.so"
+#define LIB_DLOPEN_NODELETE_DEP  "tst-dl_mseal-dlopen-no-memory-seal-2-1.so"
+
+#define LIB_AUDIT                "tst-dl_mseal-no-memory-seal-auditmod.so"
+
+/* Expected libraries that loader will seal.  */
+static const char *expected_sealed_libs[] =
+{
+  "libc.so",
+  "ld.so",
+  "tst-dl_mseal-mod-no-memory-seal-1.so",
+  LIB_DLOPEN_NODELETE_DEP,
+  LIBGCC_S_SO,
+};
+
+/* Expected non sealed libraries.  */
+static const char *expected_non_sealed_libs[] =
+{
+  "[vdso]",
+  "tst-dl_mseal-no-memory-seal",
+  LIB_PRELOAD,
+  LIB_AUDIT,
+  "tst-dl_mseal-mod-no-memory-seal-2.so",
+  LIB_DLOPEN_DEFAULT,
+  LIB_DLOPEN_DEFAULT_DEP,
+  LIB_DLOPEN_NODELETE,
+};
+
+#include "tst-dl_mseal-skeleton.c"
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c
index fbf18d9b7c..6c77b14d86 100644
--- a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c
@@ -1,4 +1,4 @@
-/* Basic tests for sealing.  Static version.
+/* Basic tests for sealing.
    Copyright (C) 2024 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
@@ -198,7 +198,7 @@ handle_restart (void)
 
   /* Also check if all the expected sealed maps were found.  */
   for (int i = 0; i < array_length (expected_sealed_libs); i++)
-    if (!found_expected[i])
+    if (expected_sealed_libs[i][0] && !found_expected[i])
       FAIL_EXIT1 ("expected VMA %s not sealed\n", expected_sealed_libs[i]);
 
   return 0;
@@ -239,7 +239,7 @@ do_test (int argc, char *argv[])
   spargv[i] = NULL;
 
   char *envvarss[4];
-  envvarss[0] = (char *) "GLIBC_TUNABLES=glibc.rtld.seal=2";
+  envvarss[0] = (char *) "GLIBC_TUNABLES=glibc.rtld.seal=" GLIBC_RTLD_SEAL;
 #ifndef TEST_STATIC
   envvarss[1] = (char *) "LD_PRELOAD=" LIB_PRELOAD;
   envvarss[2] = (char *) "LD_AUDIT=" LIB_AUDIT,
diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static-no-memory-seal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-no-memory-seal.c
new file mode 100644
index 0000000000..257500ea47
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-no-memory-seal.c
@@ -0,0 +1,38 @@
+/* Basic tests for sealing.  Static version.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+/* This test checks the GNU_PROPERTY_NO_MEMORY_SEAL handling on a statically
+   built binary.  In this case only the vDSO (if existent) will be sealed.  */
+
+#define GLIBC_RTLD_SEAL          "1"
+#define TEST_STATIC              1
+
+/* Expected libraries that loader will seal.  */
+static const char *expected_sealed_libs[] =
+{
+  "",
+};
+
+/* Expected non sealed libraries.  */
+static const char *expected_non_sealed_libs[] =
+{
+  "[vdso]",
+  "tst-dl_mseal-static-no-memory-seal",
+};
+
+#include "tst-dl_mseal-skeleton.c"
diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h
index 08387dfaff..26a687d611 100644
--- a/sysdeps/x86/dl-prop.h
+++ b/sysdeps/x86/dl-prop.h
@@ -19,6 +19,7 @@
 #ifndef _DL_PROP_H
 #define _DL_PROP_H
 
+#include <dl-prop-mseal.h>
 #include <libintl.h>
 
 extern void _dl_cet_check (struct link_map *, const char *)
@@ -241,6 +242,9 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
 			  uint32_t datasz, void *data)
 {
   /* This is called on each GNU property.  */
+  if (_dl_process_gnu_property_seal (l, fd, type, datasz, data))
+    return 0;
+
   unsigned int needed_1 = 0;
   unsigned int feature_1_and = 0;
   unsigned int isa_1_needed = 0;