diff mbox series

RISC-V: Protect .got with relro

Message ID	mvmv8byslzm.fsf@suse.de
State	New
Headers	DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AA9863858CDA To: binutils@sourceware.org Subject: [PATCH] RISC-V: Protect .got with relro CC: nelson@rivosinc.com, palmer@dabbelt.com Date: Mon, 25 Sep 2023 10:19:57 +0200 Message-ID: <mvmv8byslzm.fsf@suse.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain Precedence: list From: Andreas Schwab via Binutils <binutils@sourceware.org> Reply-To: Andreas Schwab <schwab@suse.de> Errors-To: binutils-bounces+patchwork=sourceware.org@sourceware.org Sender: "Binutils" <binutils-bounces+patchwork=sourceware.org@sourceware.org>
Series	RISC-V: Protect .got with relro \| RISC-V: Protect .got with relro

Checks

Context	Check	Description
linaro-tcwg-bot/tcwg_binutils_check--master-arm	success	Testing passed
linaro-tcwg-bot/tcwg_binutils_build--master-arm	warning	Patch is already merged
linaro-tcwg-bot/tcwg_binutils_build--master-aarch64	warning	Patch is already merged
linaro-tcwg-bot/tcwg_binutils_check--master-aarch64	warning	Patch is already merged

Commit Message

Andreas Schwab Sept. 25, 2023, 8:19 a.m. UTC

  Move .got before .data so that it can be protected with -zrelro.  Also
separate .got.plt from .got if -znow is not in effect; the first two words
of .got.plt are placed within the relro region.

ld:
	PR ld/30877
	* emulparams/elf32lriscv-defs.sh (DATA_GOT, SEPARATE_GOTPLT):
	Define.
	* emulparams/elf64lriscv-defs.sh (SEPARATE_GOTPLT): Define.
---
 ld/emulparams/elf32lriscv-defs.sh | 4 ++++
 ld/emulparams/elf64lriscv-defs.sh | 1 +
 2 files changed, 5 insertions(+)

Comments

Palmer Dabbelt Sept. 25, 2023, 9:26 a.m. UTC | #1

On Mon, 25 Sep 2023 01:19:57 PDT (-0700), schwab@suse.de wrote:
> Move .got before .data so that it can be protected with -zrelro.  Also
> separate .got.plt from .got if -znow is not in effect; the first two words
> of .got.plt are placed within the relro region.
>
> ld:
> 	PR ld/30877
> 	* emulparams/elf32lriscv-defs.sh (DATA_GOT, SEPARATE_GOTPLT):
> 	Define.
> 	* emulparams/elf64lriscv-defs.sh (SEPARATE_GOTPLT): Define.
> ---
>  ld/emulparams/elf32lriscv-defs.sh | 4 ++++
>  ld/emulparams/elf64lriscv-defs.sh | 1 +
>  2 files changed, 5 insertions(+)
>
> diff --git a/ld/emulparams/elf32lriscv-defs.sh b/ld/emulparams/elf32lriscv-defs.sh
> index b823cedacab..016556168c3 100644
> --- a/ld/emulparams/elf32lriscv-defs.sh
> +++ b/ld/emulparams/elf32lriscv-defs.sh
> @@ -47,3 +47,7 @@ INITIAL_READONLY_SECTIONS="${RELOCATING+${CREATE_SHLIB-${INITIAL_READONLY_SECTIO
>  OTHER_END_SYMBOLS="${CREATE_SHLIB-__BSS_END__ = .;
>      __global_pointer$ = MIN(__SDATA_BEGIN__ + 0x800,
>  		            MAX(__DATA_BEGIN__ + 0x800, __BSS_END__ - 0x800));}"
> +
> +# Put .got before .data
> +DATA_GOT=" "
> +SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 8 ? 8 : 0"
> diff --git a/ld/emulparams/elf64lriscv-defs.sh b/ld/emulparams/elf64lriscv-defs.sh
> index 84a700a5f58..ca15338428f 100644
> --- a/ld/emulparams/elf64lriscv-defs.sh
> +++ b/ld/emulparams/elf64lriscv-defs.sh
> @@ -1,2 +1,3 @@
>  source_sh ${srcdir}/emulparams/elf32lriscv-defs.sh
>  ELFSIZE=64
> +SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 16 ? 16 : 0"

I think we also want something like this

diff --git a/ld/testsuite/ld-elf/binutils.exp b/ld/testsuite/ld-elf/binutils.exp
index 674e8e9a575..b38e29ed6fb 100644
--- a/ld/testsuite/ld-elf/binutils.exp
+++ b/ld/testsuite/ld-elf/binutils.exp
@@ -95,7 +95,6 @@ proc binutils_test { prog_name ld_options test {test_name ""} {readelf_options "
 			      || [istarget "mips*-*-*"] \
 			      || [istarget "nios2*-*-*"] \
 			      || [istarget "or1k-*-*"] \
-			      || [istarget "riscv*-*-*"] \
 			      || [istarget "sh*-*-*"] \
 			      || [istarget "x86_64-*-rdos*"])]
 	# Check if GNU_RELRO segment is generated.

Andreas Schwab Sept. 25, 2023, 9:47 a.m. UTC | #2

On Sep 25 2023, Palmer Dabbelt wrote:

> I think we also want something like this
>
> diff --git a/ld/testsuite/ld-elf/binutils.exp b/ld/testsuite/ld-elf/binutils.exp
> index 674e8e9a575..b38e29ed6fb 100644
> --- a/ld/testsuite/ld-elf/binutils.exp
> +++ b/ld/testsuite/ld-elf/binutils.exp
> @@ -95,7 +95,6 @@ proc binutils_test { prog_name ld_options test {test_name ""} {readelf_options "
> 			      || [istarget "mips*-*-*"] \
> 			      || [istarget "nios2*-*-*"] \
> 			      || [istarget "or1k-*-*"] \
> -			      || [istarget "riscv*-*-*"] \
> 			      || [istarget "sh*-*-*"] \
> 			      || [istarget "x86_64-*-rdos*"])]
> 	# Check if GNU_RELRO segment is generated.

Thanks, I will squash that in.

Palmer Dabbelt Sept. 25, 2023, 9:53 a.m. UTC | #3

On Mon, 25 Sep 2023 02:47:11 PDT (-0700), schwab@suse.de wrote:
> On Sep 25 2023, Palmer Dabbelt wrote:
>
>> I think we also want something like this
>>
>> diff --git a/ld/testsuite/ld-elf/binutils.exp b/ld/testsuite/ld-elf/binutils.exp
>> index 674e8e9a575..b38e29ed6fb 100644
>> --- a/ld/testsuite/ld-elf/binutils.exp
>> +++ b/ld/testsuite/ld-elf/binutils.exp
>> @@ -95,7 +95,6 @@ proc binutils_test { prog_name ld_options test {test_name ""} {readelf_options "
>> 			      || [istarget "mips*-*-*"] \
>> 			      || [istarget "nios2*-*-*"] \
>> 			      || [istarget "or1k-*-*"] \
>> -			      || [istarget "riscv*-*-*"] \
>> 			      || [istarget "sh*-*-*"] \
>> 			      || [istarget "x86_64-*-rdos*"])]
>> 	# Check if GNU_RELRO segment is generated.
>
> Thanks, I will squash that in.

Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com>
Acked-by: Palmer Dabbelt <palmer@rivosinc.com>

Thanks!

Jeff Law Sept. 27, 2023, 9:55 p.m. UTC | #4

On 9/25/23 03:47, Andreas Schwab via Binutils wrote:
> On Sep 25 2023, Palmer Dabbelt wrote:
> 
>> I think we also want something like this
>>
>> diff --git a/ld/testsuite/ld-elf/binutils.exp b/ld/testsuite/ld-elf/binutils.exp
>> index 674e8e9a575..b38e29ed6fb 100644
>> --- a/ld/testsuite/ld-elf/binutils.exp
>> +++ b/ld/testsuite/ld-elf/binutils.exp
>> @@ -95,7 +95,6 @@ proc binutils_test { prog_name ld_options test {test_name ""} {readelf_options "
>> 			      || [istarget "mips*-*-*"] \
>> 			      || [istarget "nios2*-*-*"] \
>> 			      || [istarget "or1k-*-*"] \
>> -			      || [istarget "riscv*-*-*"] \
>> 			      || [istarget "sh*-*-*"] \
>> 			      || [istarget "x86_64-*-rdos*"])]
>> 	# Check if GNU_RELRO segment is generated.
> 
> Thanks, I will squash that in.
Thanks for taking care of the RELRO stuff.  One of the many items that 
could have easily slipped through the cracks.

jeff

diff mbox series

Patch

diff --git a/ld/emulparams/elf32lriscv-defs.sh b/ld/emulparams/elf32lriscv-defs.sh
index b823cedacab..016556168c3 100644
--- a/ld/emulparams/elf32lriscv-defs.sh
+++ b/ld/emulparams/elf32lriscv-defs.sh
@@ -47,3 +47,7 @@  INITIAL_READONLY_SECTIONS="${RELOCATING+${CREATE_SHLIB-${INITIAL_READONLY_SECTIO
 OTHER_END_SYMBOLS="${CREATE_SHLIB-__BSS_END__ = .;
     __global_pointer$ = MIN(__SDATA_BEGIN__ + 0x800,
 		            MAX(__DATA_BEGIN__ + 0x800, __BSS_END__ - 0x800));}"
+
+# Put .got before .data
+DATA_GOT=" "
+SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 8 ? 8 : 0"
diff --git a/ld/emulparams/elf64lriscv-defs.sh b/ld/emulparams/elf64lriscv-defs.sh
index 84a700a5f58..ca15338428f 100644
--- a/ld/emulparams/elf64lriscv-defs.sh
+++ b/ld/emulparams/elf64lriscv-defs.sh
@@ -1,2 +1,3 @@ 
 source_sh ${srcdir}/emulparams/elf32lriscv-defs.sh
 ELFSIZE=64
+SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 16 ? 16 : 0"