From patchwork Mon Sep 30 20:08:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 98180 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 3A25D384640D for ; Mon, 30 Sep 2024 20:11:52 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) by sourceware.org (Postfix) with ESMTPS id 434453846403 for ; Mon, 30 Sep 2024 20:08:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 434453846403 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 434453846403 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726931; cv=none; b=XZeyuUOUJmiTNafvG9DvzoQlq63gn0AoZeSNzwywq23dD3Jsvgvly7bFhDF2U4rjpj6DSM7BjISr+o/d1muSDvo5mjkl/ALm/rpCqF5XvlxBG4cSZDm7ykgGlN57CUONPFpNl2TzrCN4tHcbLGJrLbi6YvMDczPtlB+XDYTpND0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726931; c=relaxed/simple; bh=z1JtsPEBYSqnMFx95xd6pQDRy8zvCkpnEwLmAgt1H2A=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=ROKypvpjsGxrtUESi8argkn/kSZf5wc33KHVFF4XNmPsrOEJZcMn7f6nivcUzN3+uecuZIHrrsAzUfeZMo2cuoI6zMubaMkWs17i4xdKfd/CRDK5LK+kBBeSpGP1Yh+l14qEk6gC82qbzdafkF91sMctKmO1MU7+bOK3Gk8f5KQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x102f.google.com with SMTP id 98e67ed59e1d1-2e137183587so960655a91.3 for ; Mon, 30 Sep 2024 13:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726926; x=1728331726; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KcqHSH4OOMbOuPU6zl4selRYLGexNrc9UlSIQFNTexM=; b=ZgfEtGpoLavBaxM95fGe8+JlldwQzUHmtwHYVOpRWzgWMTkkVY7k4Em4XAhjLgbJ+C h0K+joKr2GWomaCGnpHVFH3RkJ4FFRySt/x+svm9YsAYOcYGV0JFIibS7cdUj2p6eihx G5xmtHoLDapmNE9hX1TyPRuga5HmScjqBf8nqpEl0yJBKwpAV8VklQW0hm4kRt9N6fbR aJrYpdz4z0Qd+gBSfEs2Yl9eRkw591PVhxQBWc3w874q0Pi7u4rfrOA8Fkv9Bm5W6Yb3 NJDr5FRtfJcuS9Vtc309myvlGoJz13I+yNTngkDI8qwA8tB9mDKCiowr2hndx6E22l7+ /XIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726926; x=1728331726; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KcqHSH4OOMbOuPU6zl4selRYLGexNrc9UlSIQFNTexM=; b=LgwWNayAeore+D1tdur8uiQWIDSUbTsusaxOZ6tlcnCyHqiIUSVjugAsfhsLVtkhWo IUm3HcDDGOgBPhSz6sROTgvLb9afy370AqCxo2bgkpV4n0FbHKWyYmC23jgnRcgtYu6h SLZ+0NXhGDn7OedVcpZMs1VaD159slaotrQt3u4SLb2I73wbPzTkycummdBlkWaLKXOv lhQQJRU/1+MvJa338wAwz6cynuVfaBeZKZtwmLicIxxPEvvr785seIZT3fRvHo44lTEe UnifBipIq5NmiFtdeMo5TIKbnanzdSEOWnCs/mqyl8aqbbRBXe7PTFTu0iM3HGGud2mu FUiA== X-Gm-Message-State: AOJu0Yx+ikdLuzyPOE4jNzi/NOc5NEDf5ZqhiSOvJzhBkmZZsATbBtJM /imFrOT12RSAs1YbseJJcg4253uzdoh9l6th0YxeL8sOhNzWUTRPc/4bazBjPOdST8HFn5dW9Sb 2AMo= X-Google-Smtp-Source: AGHT+IGHYZS6dU5eZN+Itm6tEjV74lwTUnQ8iwBLHAPgzzr7P2NmDg08BwI6xpNvs+hHaGFAGxCsUA== X-Received: by 2002:a17:90a:2dc1:b0:2c9:9f2a:2b20 with SMTP id 98e67ed59e1d1-2e0b8b19a63mr15726958a91.22.1727726926439; Mon, 30 Sep 2024 13:08:46 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c9b438sm8464787a91.28.2024.09.30.13.08.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:46 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v2 3/3] ld: Add --enable-memory-seal configure option Date: Mon, 30 Sep 2024 17:08:22 -0300 Message-Id: <20240930200822.1669666-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> References: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patchwork=sourceware.org@sourceware.org Add --enable-memory-seal linker configure option to enable memory sealing (GNU_PROPERTY_MEMORY_SEAL) by default. --- binutils/testsuite/lib/binutils-common.exp | 22 +++++++++++++++++ ld/NEWS | 3 ++- ld/config.in | 3 +++ ld/configure | 28 ++++++++++++++++++++-- ld/configure.ac | 17 +++++++++++++ ld/emultempl/elf.em | 1 + ld/lexsup.c | 7 ++++++ ld/testsuite/config/default.exp | 8 +++++++ ld/testsuite/ld-srec/srec.exp | 4 ++++ ld/testsuite/lib/ld-lib.exp | 6 +++++ 10 files changed, 96 insertions(+), 3 deletions(-) diff --git a/binutils/testsuite/lib/binutils-common.exp b/binutils/testsuite/lib/binutils-common.exp index 403103da366..2c3cae46a2d 100644 --- a/binutils/testsuite/lib/binutils-common.exp +++ b/binutils/testsuite/lib/binutils-common.exp @@ -408,6 +408,25 @@ proc check_relro_support { } { return $relro_available_saved } +proc check_memory_seal_support { } { + global memory_seal_available_saved + global ld + + if {![info exists memory_seal_available_saved]} { + remote_file host delete nomemory_seal + set ld_output [remote_exec host $ld "-z nomemory-seal"] + if { [string first "not supported" $ld_output] >= 0 + || [string first "unrecognized option" $ld_output] >= 0 + || [string first "-z nomemory-seal ignored" $ld_output] >= 0 + || [string first "cannot find nomemory-seal" $ld_output] >= 0 } { + set memory_seal_available_saved 0 + } else { + set memory_seal_available_saved 1 + } + } + return $memory_seal_available_saved +} + # Check for support of the .noinit section, used for data that is not # initialized at load, or during the application's initialization sequence. proc supports_noinit_section {} { @@ -1390,6 +1409,9 @@ proc run_dump_test { name {extra_options {}} } { if [check_relro_support] { set ld_extra_opt "-z norelro" } + if [check_memory_seal_support] { + append ld_extra_opt " -z nomemory-seal" + } # Add -L$srcdir/$subdir so that the linker command can use # linker scripts in the source directory. diff --git a/ld/NEWS b/ld/NEWS index 4a28592fa32..ba64ef221fb 100644 --- a/ld/NEWS +++ b/ld/NEWS @@ -24,7 +24,8 @@ Changes in 2.43: * Add -plugin-save-temps to store plugin intermediate files permanently. * Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the - object to memory sealed. + object to memory sealed. Also added --enable-memory-seal configure option + to enable the memory sealing by default. Changes in 2.42: diff --git a/ld/config.in b/ld/config.in index f2aaf0a6879..74c58ebb319 100644 --- a/ld/config.in +++ b/ld/config.in @@ -60,6 +60,9 @@ default. */ #undef DEFAULT_LD_Z_SEPARATE_CODE +/* Define to 1 if you want to enable -z memory-seal in ELF linker by default. */ +#undef DEFAULT_LD_Z_MEMORY_SEAL + /* Define to 1 if you want to set DT_RUNPATH instead of DT_RPATH by default. */ #undef DEFAULT_NEW_DTAGS diff --git a/ld/configure b/ld/configure index d905f1c6001..b9076008e3c 100755 --- a/ld/configure +++ b/ld/configure @@ -854,6 +854,7 @@ enable_textrel_check enable_separate_code enable_rosegment enable_mark_plt +enable_memory_seal enable_warn_execstack enable_error_execstack enable_warn_rwx_segments @@ -1551,6 +1552,7 @@ Optional Features: --enable-separate-code enable -z separate-code in ELF linker by default --enable-rosegment enable --rosegment in the ELF linker by default --enable-mark-plt enable -z mark-plt in ELF x86-64 linker by default + --enable-memory-seal enable -z memory-seal in ELF linker by default --enable-warn-execstack enable warnings when creating an executable stack --enable-error-execstack turn executable stack warnings into errors @@ -11686,7 +11688,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11689 "configure" +#line 11691 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11792,7 +11794,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11795 "configure" +#line 11797 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -15709,6 +15711,17 @@ esac fi +# Decide if -z memory-seal should be enabled in ELF linker by default. +ac_default_ld_z_memory_seal=unset +# Check whether --enable-memory-seal was given. +if test "${enable_memory_seal+set}" = set; then : + enableval=$enable_memory_seal; case "${enableval}" in + yes) ac_default_ld_z_memory_seal=1 ;; + no) ac_default_ld_z_memory_seal=0 ;; +esac +fi + + # By default warn when an executable stack is created due to object files # requesting such, not when the user specifies -z execstack. @@ -18975,6 +18988,8 @@ main () if (*(data + i) != *(data3 + i)) return 14; close (fd); + free (data); + free (data3); return 0; } _ACEOF @@ -19454,6 +19469,15 @@ cat >>confdefs.h <<_ACEOF _ACEOF +if test "${ac_default_ld_z_memory_seal}" = unset; then + ac_default_ld_z_memory_seal=0 +fi + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LD_Z_MEMORY_SEAL $ac_default_ld_z_memory_seal +_ACEOF + + cat >>confdefs.h <<_ACEOF diff --git a/ld/configure.ac b/ld/configure.ac index 5d10b38a528..7c90b9ad62b 100644 --- a/ld/configure.ac +++ b/ld/configure.ac @@ -232,6 +232,16 @@ AC_ARG_ENABLE(mark-plt, no) ac_default_ld_z_mark_plt=0 ;; esac]) +# Decide if -z memory-seal should be enabled in ELF linker by default. +ac_default_ld_z_memory_seal=unset +AC_ARG_ENABLE(memory-seal, + AS_HELP_STRING([--enable-memory-seal], + [enable -z memory-seal in ELF linker by default]), +[case "${enableval}" in + yes) ac_default_ld_z_memory_seal=1 ;; + no) ac_default_ld_z_memory_seal=0 ;; +esac]) + # By default warn when an executable stack is created due to object files # requesting such, not when the user specifies -z execstack. @@ -617,6 +627,13 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MARK_PLT, $ac_default_ld_z_mark_plt, [Define to 1 if you want to enable -z mark-plt in ELF x86-64 linker by default.]) +if test "${ac_default_ld_z_memory_seal}" = unset; then + ac_default_ld_z_memory_seal=0 +fi +AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MEMORY_SEAL, + $ac_default_ld_z_memory_seal, + [Define to 1 if you want to enable -z memory_seal in ELF linker by default.]) + AC_DEFINE_UNQUOTED(DEFAULT_LD_WARN_EXECSTACK, $ac_default_ld_warn_execstack, diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em index ccd43531237..58bd79b09d2 100644 --- a/ld/emultempl/elf.em +++ b/ld/emultempl/elf.em @@ -99,6 +99,7 @@ fragment <