[GR-51085] Prevent embedding full build path in Native Image generated shared libs.

PullRequest: graal/16746

Author: dougxc

sdk/mx.sdk/mx_sdk_vm_impl.py

@@ -1224,10 +1224,7 @@ def is_ee_supported(self):
     def is_pgo_supported(self):
         return self.is_ee_supported()
 
-    search_tool = 'strings'
-    has_search_tool = shutil.which(search_tool) is not None
-
-    def native_image(self, build_args, output_file, out=None, err=None, find_bad_strings=False):
+    def native_image(self, build_args, output_file, out=None, err=None):
         assert self._svm_supported
         stage1 = get_stage1_graalvm_distribution()
         native_image_project_name = GraalVmLauncher.launcher_project_name(mx_sdk.LauncherConfig(mx.exe_suffix('native-image'), [], "", []), stage1=True)
@@ -1240,20 +1237,6 @@ def native_image(self, build_args, output_file, out=None, err=None, find_bad_str
 
         mx.run(native_image_command, nonZeroIsFatal=True, out=out, err=err)
 
-        if find_bad_strings and not mx.is_windows():
-            if not self.__class__.has_search_tool:
-                mx.abort(f"Searching for strings requires '{self.__class__.search_tool}' executable.")
-            try:
-                strings_in_image = subprocess.check_output([self.__class__.search_tool, output_file], stderr=None).decode().strip().split('\n')
-                bad_strings = (output_directory, dirname(native_image_bin))
-                for entry in strings_in_image:
-                    for bad_string in bad_strings:
-                        if bad_string in entry:
-                            mx.abort(f"Found forbidden string '{bad_string}' in native image {output_file}.")
-
-            except subprocess.CalledProcessError:
-                mx.abort(f"Using '{self.__class__.search_tool}' to search for strings in native image {output_file} failed.")
-
     def is_debug_supported(self):
         return self._debug_supported
 
@@ -2402,7 +2385,7 @@ def build(self):
         mx.ensure_dir_exists(dirname(output_file))
 
         # Disable build server (different Java properties on each build prevent server reuse)
-        self.svm_support.native_image(build_args, output_file, find_bad_strings=True)
+        self.svm_support.native_image(build_args, output_file)
 
         with open(self._get_command_file(), 'w') as f:
             f.writelines((l + os.linesep for l in build_args))

sdk/src/org.graalvm.nativeimage.test/src/org/graalvm/nativeimage/test/FindPathsInBinary.java

@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * The Universal Permissive License (UPL), Version 1.0
+ *
+ * Subject to the condition set forth below, permission is hereby granted to any
+ * person obtaining a copy of this software, associated documentation and/or
+ * data (collectively the "Software"), free of charge and under any and all
+ * copyright rights in the Software, and any and all patent rights owned or
+ * freely licensable by each licensor hereunder covering either (i) the
+ * unmodified Software as contributed to or provided by such licensor, or (ii)
+ * the Larger Works (as defined below), to deal in both
+ *
+ * (a) the Software, and
+ *
+ * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+ * one is included with the Software each a "Larger Work" to which the Software
+ * is contributed by such licensors),
+ *
+ * without restriction, including without limitation the rights to copy, create
+ * derivative works of, display, perform, and distribute the Software and make,
+ * use, sell, offer for sale, import, export, have made, and have sold the
+ * Software and the Larger Work(s), and to sublicense the foregoing rights on
+ * either these or other terms.
+ *
+ * This license is subject to the following condition:
+ *
+ * The above copyright notice and either this complete permission notice or at a
+ * minimum a reference to the UPL must be included in all copies or substantial
+ * portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package org.graalvm.nativeimage.test;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Utility for scanning a binary file to find matches for given strings.
+ *
+ * This is a partial port of the {@code AbsPathInImage.java} OpenJDK test.
+ */
+public class FindPathsInBinary {
+
+    private static final boolean IS_WINDOWS = System.getProperty("os.name").toLowerCase().contains("windows");
+
+    /**
+     * Searches the binary file in {@code args[0]} for the patterns in
+     * {@code args[1], args[2], ...}. A line is printed to stdout for each match found.
+     */
+    public static void main(String[] args) throws IOException {
+        if (args.length < 2) {
+            System.err.printf("Usage: %s <file to scan> <patterns to find>%n", FindPathsInBinary.class.getName());
+            System.exit(-1);
+        }
+        Path fileToScan = Path.of(args[0]);
+        List<byte[]> searchPatterns = new ArrayList<>();
+        for (int i = 1; i < args.length; i++) {
+            expandPatterns(searchPatterns, args[i]);
+        }
+
+        scanFile(fileToScan, searchPatterns);
+    }
+
+    /**
+     * Add path pattern to list of patterns to search for. Create all possible variants depending on
+     * platform.
+     */
+    private static void expandPatterns(List<byte[]> searchPatterns, String pattern) {
+        if (IS_WINDOWS) {
+            String forward = pattern.replace('\\', '/');
+            String back = pattern.replace('/', '\\');
+            if (pattern.charAt(1) == ':') {
+                String forwardUpper = String.valueOf(pattern.charAt(0)).toUpperCase() + forward.substring(1);
+                String forwardLower = String.valueOf(pattern.charAt(0)).toLowerCase() + forward.substring(1);
+                String backUpper = String.valueOf(pattern.charAt(0)).toUpperCase() + back.substring(1);
+                String backLower = String.valueOf(pattern.charAt(0)).toLowerCase() + back.substring(1);
+                searchPatterns.add(forwardUpper.getBytes());
+                searchPatterns.add(forwardLower.getBytes());
+                searchPatterns.add(backUpper.getBytes());
+                searchPatterns.add(backLower.getBytes());
+            } else {
+                searchPatterns.add(forward.getBytes());
+                searchPatterns.add(back.getBytes());
+            }
+        } else {
+            searchPatterns.add(pattern.getBytes());
+        }
+    }
+
+    private static void scanFile(Path file, List<byte[]> searchPatterns) throws IOException {
+        List<String> matches = scanBytes(Files.readAllBytes(file), searchPatterns);
+        if (matches.size() > 0) {
+            for (String match : matches) {
+                System.out.println(match);
+            }
+        }
+    }
+
+    private static List<String> scanBytes(byte[] data, List<byte[]> searchPatterns) {
+        List<String> matches = new ArrayList<>();
+        for (int i = 0; i < data.length; i++) {
+            for (byte[] searchPattern : searchPatterns) {
+                boolean found = true;
+                for (int j = 0; j < searchPattern.length; j++) {
+                    if ((i + j >= data.length || data[i + j] != searchPattern[j])) {
+                        found = false;
+                        break;
+                    }
+                }
+                if (found) {
+                    int cs = charsStart(data, i);
+                    int co = charsOffset(data, i, searchPattern.length);
+                    matches.add(new String(data, cs, co));
+                    // No need to search the same string for multiple patterns
+                    break;
+                }
+            }
+        }
+        return matches;
+    }
+
+    private static int charsStart(byte[] data, int startIndex) {
+        int index = startIndex;
+        while (--index > 0) {
+            byte datum = data[index];
+            if (datum < 32 || datum > 126) {
+                break;
+            }
+        }
+        return index + 1;
+    }
+
+    private static int charsOffset(byte[] data, int startIndex, int startOffset) {
+        int offset = startOffset;
+        while (startIndex + ++offset < data.length) {
+            byte datum = data[startIndex + offset];
+            if (datum < 32 || datum > 126) {
+                break;
+            }
+        }
+        return offset;
+    }
+}

substratevm/mx.substratevm/mx_substratevm.py

@@ -1275,6 +1275,34 @@ def _native_image_launcher_extra_jvm_args():
     'sdk:JNIUTILS',
     'substratevm:GRAAL_HOTSPOT_LIBRARY']
 
+def allow_build_path_in_libgraal():
+    """
+    Determines if the ALLOW_ABSOLUTE_PATHS_IN_OUTPUT env var is any other value than ``false``.
+    """
+    return mx.get_env('ALLOW_ABSOLUTE_PATHS_IN_OUTPUT', None) != 'false'
+
+def prevent_build_path_in_libgraal():
+    """
+    If `allow_build_path_in_libgraal() == False`, returns linker
+    options to prevent the build path from showing up in a string in libgraal.
+    """
+    if not allow_build_path_in_libgraal():
+        if mx.is_linux():
+            return ['-H:NativeLinkerOption=-Wl,-soname=libjvmcicompiler.so']
+        if mx.is_darwin():
+            return [
+                '-H:NativeLinkerOption=-Wl,-install_name,@rpath/libjvmcicompiler.dylib',
+
+                # native-image doesn't support generating debug info on Darwin
+                # but the helper C libraries are built with debug info which
+                # can include the build path. Use the -S to strip the debug info
+                # info from the helper C libraries to avoid these paths.
+                '-H:NativeLinkerOption=-Wl,-S'
+            ]
+        if mx.is_windows():
+            return ['-H:NativeLinkerOption=-pdbaltpath:%_PDB%']
+    return []
+
 libgraal_build_args = [
     ## Pass via JVM args opening up of packages needed for image builder early on
     '-J--add-exports=jdk.graal.compiler/jdk.graal.compiler.hotspot=ALL-UNNAMED',
@@ -1330,12 +1358,12 @@ def _native_image_launcher_extra_jvm_args():
     # No need for container support in libgraal as HotSpot already takes care of it
     '-H:-UseContainerSupport',
 ] + ([
-   # Force page size to support libgraal on AArch64 machines with a page size up to 64K.
-   '-H:PageSize=64K'
+    # Force page size to support libgraal on AArch64 machines with a page size up to 64K.
+    '-H:PageSize=64K'
 ] if mx.get_arch() == 'aarch64' else []) + ([
-   # Build libgraal with 'Full RELRO' to prevent GOT overwriting exploits on Linux (GR-46838)
-   '-H:NativeLinkerOption=-Wl,-z,relro,-z,now',
-] if mx.is_linux() else []))
+    # Build libgraal with 'Full RELRO' to prevent GOT overwriting exploits on Linux (GR-46838)
+    '-H:NativeLinkerOption=-Wl,-z,relro,-z,now',
+] if mx.is_linux() else [])) + prevent_build_path_in_libgraal()
 
 libgraal = mx_sdk_vm.GraalVmJreComponent(
     suite=suite,

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/image/CCLinkerInvocation.java

@@ -322,11 +322,6 @@ protected void setOutputKind(List<String> cmd) {
                     break;
                 case SHARED_LIBRARY:
                     cmd.add("-shared");
-                    /*
-                     * Ensure shared library name in image does not use fully qualified build-path
-                     * (GR-46837)
-                     */
-                    cmd.add("-Wl,-soname=" + outputFile.getFileName());
                     break;
                 default:
                     VMError.shouldNotReachHereUnexpectedInput(imageKind); // ExcludeFromJacocoGeneratedReport

vm/ci/ci_common/libgraal.jsonnet

@@ -40,7 +40,12 @@ local utils = import '../../../ci/ci_common/common-utils.libsonnet';
   },
   libgraal_compiler_zgc:: self.libgraal_compiler_base(extra_vm_args=['-XX:+UseZGC']),
   # enable economy mode building with the -Ob flag
-  libgraal_compiler_quickbuild:: self.libgraal_compiler_base(quickbuild_args=['-Ob']),
+  libgraal_compiler_quickbuild:: self.libgraal_compiler_base(quickbuild_args=['-Ob']) + {
+    environment+: {
+      # Exercise support for preventing build paths being embedded in libgraal.
+      ALLOW_ABSOLUTE_PATHS_IN_OUTPUT: 'false'
+    }
+  },
 
   libgraal_truffle_base(quickbuild_args=[], extra_vm_args=[], coverage=false): self.libgraal_build(['-J-esa', '-J-ea', '-esa', '-ea'] + quickbuild_args) + {
     environment+: {

vm/mx.vm/mx_vm_gate.py

@@ -128,6 +128,23 @@ def append_extra_logs():
         for extra_log_file in extra_log_files:
             remove(extra_log_file)
 
+def _test_libgraal_check_build_path(libgraal_location):
+    """
+    If ``mx_substratevm.allow_build_path_in_libgraal()`` is False, tests that libgraal does not contain
+    strings whose prefix is the absolute path of the SDK suite.
+    """
+    import mx_compiler
+    import mx_substratevm
+    import subprocess
+    if not mx_substratevm.allow_build_path_in_libgraal():
+        sdk_suite_dir = mx.suite('sdk').dir
+        tool_path = join(sdk_suite_dir, 'src/org.graalvm.nativeimage.test/src/org/graalvm/nativeimage/test/FindPathsInBinary.java'.replace('/', os.sep))
+        cmd = [mx_compiler.jdk.java, tool_path, libgraal_location, sdk_suite_dir]
+        mx.logv(' '.join(cmd))
+        matches = subprocess.check_output(cmd, universal_newlines=True).strip()
+        if len(matches) != 0:
+            mx.abort(f"Found strings in {libgraal_location} with illegal prefix \"{sdk_suite_dir}\":\n{matches}\n\nRe-run: {' '.join(cmd)}")
+
 def _test_libgraal_basic(extra_vm_arguments, libgraal_location):
     """
     Tests basic libgraal execution by running CountUppercase, ensuring it has a 0 exit code
@@ -514,6 +531,8 @@ def gate_body(args, tasks):
                 if args.extra_vm_argument:
                     extra_vm_arguments += args.extra_vm_argument
 
+                with Task('LibGraal Compiler:CheckBuildPaths', tasks, tags=[VmGateTasks.libgraal], report='compiler') as t:
+                    if t: _test_libgraal_check_build_path(libgraal_location)
                 with Task('LibGraal Compiler:Basic', tasks, tags=[VmGateTasks.libgraal], report='compiler') as t:
                     if t: _test_libgraal_basic(extra_vm_arguments, libgraal_location)
                 with Task('LibGraal Compiler:FatalErrorHandling', tasks, tags=[VmGateTasks.libgraal], report='compiler') as t: