From patchwork Wed Oct 16 17:01:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 99037 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id D3114385841D for ; Wed, 16 Oct 2024 17:06:27 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by sourceware.org (Postfix) with ESMTPS id 026C33858D37 for ; Wed, 16 Oct 2024 17:04:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 026C33858D37 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 026C33858D37 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729098287; cv=none; b=LPHaYXAP455I2wn2Bx+sZYX35crxbxQlEXWI/VkcIICkZ/aNOPzLY4dxJ6oEOXreuy0+MHhcFcOgyLiBdKrz87QmPr9QrM6SY46HG3/CrKrjn8L9o7utPN40j/uQyNlH5lSvP9EOXgME3nQcOMvTtYyRphL3niQS/7gdj+50eSg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729098287; c=relaxed/simple; bh=jKHkVLpMKj1oljRuA8TdZBTForumlvbylEynShl7WKk=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=QnEe00O1bfBvKBuBFYOZbOr9UPLv74DKSk5l1mqcjg0n/9ZNmRaqd8crfSKYx5xpbUljj0fgZZYc7gQvKRYuJMauVf2pQuNWUiMi11qGoQ0u54sl6nsgGvjpFMAP0HDI1LoSiT7AXD8qzyTJSm1vdIqKjLFJJZbsubEPVOnOFmI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-20c8b557f91so273425ad.2 for ; Wed, 16 Oct 2024 10:04:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1729098282; x=1729703082; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dqspZiMgZ3JcIGEt6qQDkOO2tcSy7MIwNhz+45Azy7s=; b=G+cduLImKom/YveE09aUuOaMUzlq9fCC5EPPTbAdJ3QsFBBlMDbC/GGqht06PruMNZ nDtqj/k8N4TuzVvbLKAlOWAwwB9Pc3o0xsmFoGo+WPAVzDVluFimpP2wW4xuVLp2gEwA XqI4GxjYehyEIgKrENrDOGJgpCDNrOzEUyVzGXZoV6crKCMn0to1lSIgf5fsRfoulCW7 KlMislIAe8C6nd/ugSKDUR4w10NWApdCJnIg7HaCMCC8a32hY2AydEUoMWQPxNLFrJ0k zlmhnbjApAhiFgKtrl3YtIieA+NDsIoghaOsxkFZpd7Ydy8kJJty7SP4PI/HZ/PECUiA hcuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729098282; x=1729703082; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dqspZiMgZ3JcIGEt6qQDkOO2tcSy7MIwNhz+45Azy7s=; b=Dr6dm//YDLbSaR4I96pt1k0W0rRx3XthlBN25rcktbayNV4czpe3cNn9IC14BWg1G3 xh7g/L5j9/qPx+r3t/ocIV90LoZgJpZ0lZ7/89wW8Zlpnc7QW1YNMLg5XlYXMSfymEXJ /4MKIYrxwltjt7gbC5Gxq69kBhQv8YIX6BqDVHo69Tj+kbNXHByAVfU1zXia+2Hhrp3G JwFkRLoOyFbrgrc3qgSeVGyk5nclFDU2g/+LyiDEkwGmNygLbCdeuxFPA0fOA9CW27uy mO2JXR23zKbrIY9e28Mtl+8KibYN+4uQWJrpepgF+vg9IL4EZ4KWVKlJxqtyoub9k5t4 7dmQ== X-Gm-Message-State: AOJu0YyzCwuTQ7nhCvMT2RpKVjzmQd8k8IMQdp2zaWHk10lbmRdvhAPW ztPNcuCvVzINBnIjDM1ZI8Eo2B9/srPVUmygra3CSXfRwQ6XQtqpfNJcke//2H5Nm/9eQLn79i8 O X-Google-Smtp-Source: AGHT+IH/66LyKSAhEmuPwZS+zR4j+KuGZHCRmwhkyyp/y8xcFV8JQMb1NcMn957ukIs+itAy3qpvYA== X-Received: by 2002:a17:902:d4cc:b0:20b:9062:7b08 with SMTP id d9443c01a7336-20d27f27632mr63031035ad.45.1729098281556; Wed, 16 Oct 2024 10:04:41 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c3:1434:ab87:e5f9:1b86:daf6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20d1805cdaesm30912895ad.281.2024.10.16.10.04.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2024 10:04:41 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , "H . J . Lu" Subject: [PATCH v3 1/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property Date: Wed, 16 Oct 2024 14:01:11 -0300 Message-ID: <20241016170435.1404114-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241016170435.1404114-1-adhemerval.zanella@linaro.org> References: <20241016170435.1404114-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patchwork=sourceware.org@sourceware.org On a glibc recent proposal [1] to add Linux mseal support [2], Mike Hommey raised that this feature might potentially break Firefox on Linux. The issue is Firefox is built with DT_RELR support, and post-processed with a tool to both remove the GLIBC_ABI_DT_RELR dependency and instrument the binaries to apply the relocation themselves so they can deploy Firefox regardless if loader supports DT_RELR or not (some more details at [3]). To accomplish it, the instrumentation mimics the dynamic loader and temporarily undo the RELRO segment to be able to apply those relocations, and redo it afterward. This will break if mseal is applied as default. The GNU_PROPERTY_MEMORY_SEAL gnu property is a way to mark such objects to no be sealed by glibc. When linked with -Wl,-z,noseal (the default), glibc will not seal either the binary or the shared library. The new property is ignored if present on ET_REL objects, and only added on ET_EXEC/ET_DYN if the linker option is used. A gnu property is used instead of DT_FLAGS_1 flag to allow memory sealing to work with ET_EXEC without PT_DYNAMIC support (at least on glibc some ports still do no support static-pie). [1] https://sourceware.org/pipermail/libc-alpha/2024-June/157359.html [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370 [3] https://sourceware.org/pipermail/libc-alpha/2024-June/157668.html [4] https://glandium.org/blog/?p=4297 --- bfd/elf-properties.c | 100 ++++++++++++++++++++------ bfd/elfxx-x86.c | 3 +- binutils/readelf.c | 6 ++ include/bfdlink.h | 3 + include/elf/common.h | 1 + ld/NEWS | 3 + ld/emultempl/elf.em | 4 ++ ld/ld.texi | 8 +++ ld/lexsup.c | 4 ++ ld/testsuite/ld-elf/property-seal-1.d | 16 +++++ ld/testsuite/ld-elf/property-seal-1.s | 11 +++ ld/testsuite/ld-elf/property-seal-2.d | 17 +++++ ld/testsuite/ld-elf/property-seal-3.d | 16 +++++ ld/testsuite/ld-elf/property-seal-4.d | 16 +++++ ld/testsuite/ld-elf/property-seal-5.d | 15 ++++ ld/testsuite/ld-elf/property-seal-6.d | 16 +++++ ld/testsuite/ld-elf/property-seal-7.d | 14 ++++ ld/testsuite/ld-elf/property-seal-8.d | 15 ++++ 18 files changed, 246 insertions(+), 22 deletions(-) create mode 100644 ld/testsuite/ld-elf/property-seal-1.d create mode 100644 ld/testsuite/ld-elf/property-seal-1.s create mode 100644 ld/testsuite/ld-elf/property-seal-2.d create mode 100644 ld/testsuite/ld-elf/property-seal-3.d create mode 100644 ld/testsuite/ld-elf/property-seal-4.d create mode 100644 ld/testsuite/ld-elf/property-seal-5.d create mode 100644 ld/testsuite/ld-elf/property-seal-6.d create mode 100644 ld/testsuite/ld-elf/property-seal-7.d create mode 100644 ld/testsuite/ld-elf/property-seal-8.d diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c index ee8bd37f2bd..c6acdb60ba2 100644 --- a/bfd/elf-properties.c +++ b/bfd/elf-properties.c @@ -177,6 +177,20 @@ _bfd_elf_parse_gnu_properties (bfd *abfd, Elf_Internal_Note *note) prop->pr_kind = property_number; goto next; + case GNU_PROPERTY_MEMORY_SEAL: + if (datasz != 0) + { + _bfd_error_handler + (_("warning: %pB: corrupt memory sealing size: 0x%x"), + abfd, datasz); + /* Clear all properties. */ + elf_properties (abfd) = NULL; + return false; + } + prop = _bfd_elf_get_property (abfd, type, datasz); + prop->pr_kind = property_number; + goto next; + default: if ((type >= GNU_PROPERTY_UINT32_AND_LO && type <= GNU_PROPERTY_UINT32_AND_HI) @@ -258,6 +272,12 @@ elf_merge_gnu_properties (struct bfd_link_info *info, bfd *abfd, bfd *bbfd, be added to ABFD. */ return aprop == NULL; + case GNU_PROPERTY_MEMORY_SEAL: + /* Memory seal is controlled only by the linker. */ + if (aprop != NULL) + aprop->pr_kind = property_remove; + return true; + default: updated = false; if (pr_type >= GNU_PROPERTY_UINT32_OR_LO @@ -607,6 +627,33 @@ elf_write_gnu_properties (struct bfd_link_info *info, } } +static asection * +_bfd_elf_link_create_gnu_property_sec (struct bfd_link_info *info, bfd *elf_bfd, + unsigned int elfclass) +{ + asection *sec; + + sec = bfd_make_section_with_flags (elf_bfd, + NOTE_GNU_PROPERTY_SECTION_NAME, + (SEC_ALLOC + | SEC_LOAD + | SEC_IN_MEMORY + | SEC_READONLY + | SEC_HAS_CONTENTS + | SEC_DATA)); + if (sec == NULL) + info->callbacks->einfo (_("%F%P: failed to create GNU property section\n")); + + if (!bfd_set_section_alignment (sec, + elfclass == ELFCLASS64 ? 3 : 2)) + info->callbacks->einfo (_("%F%pA: failed to align section\n"), + sec); + + elf_section_type (sec) = SHT_NOTE; + return sec; +} + + /* Set up GNU properties. Return the first relocatable ELF input with GNU properties if found. Otherwise, return NULL. */ @@ -656,23 +703,7 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info) /* Support -z indirect-extern-access. */ if (first_pbfd == NULL) { - sec = bfd_make_section_with_flags (elf_bfd, - NOTE_GNU_PROPERTY_SECTION_NAME, - (SEC_ALLOC - | SEC_LOAD - | SEC_IN_MEMORY - | SEC_READONLY - | SEC_HAS_CONTENTS - | SEC_DATA)); - if (sec == NULL) - info->callbacks->einfo (_("%F%P: failed to create GNU property section\n")); - - if (!bfd_set_section_alignment (sec, - elfclass == ELFCLASS64 ? 3 : 2)) - info->callbacks->einfo (_("%F%pA: failed to align section\n"), - sec); - - elf_section_type (sec) = SHT_NOTE; + sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass); first_pbfd = elf_bfd; has_properties = true; } @@ -690,10 +721,6 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info) |= GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS; } - /* Do nothing if there is no .note.gnu.property section. */ - if (!has_properties) - return NULL; - /* Merge .note.gnu.property sections. */ info->callbacks->minfo (_("\n")); info->callbacks->minfo (_("Merging program properties\n")); @@ -737,6 +764,37 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info) } } + if (elf_bfd != NULL) + { + if (info->memory_seal) + { + /* Support -z no-memory-seal. */ + if (first_pbfd == NULL) + { + sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass); + first_pbfd = elf_bfd; + has_properties = true; + } + + p = _bfd_elf_get_property (first_pbfd, GNU_PROPERTY_MEMORY_SEAL, 0); + if (p->pr_kind == property_unknown) + { + /* Create GNU_PROPERTY_NO_MEMORY_SEAL. */ + p->u.number = GNU_PROPERTY_MEMORY_SEAL; + p->pr_kind = property_number; + } + else + p->u.number |= GNU_PROPERTY_MEMORY_SEAL; + } + else + elf_find_and_remove_property (&elf_properties (elf_bfd), + GNU_PROPERTY_MEMORY_SEAL, true); + } + + /* Do nothing if there is no .note.gnu.property section. */ + if (!has_properties) + return NULL; + /* Rewrite .note.gnu.property section so that GNU properties are always sorted by type even if input GNU properties aren't sorted. */ if (first_pbfd != NULL) diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c index dd951b91f50..8a4405c8a79 100644 --- a/bfd/elfxx-x86.c +++ b/bfd/elfxx-x86.c @@ -4815,7 +4815,8 @@ _bfd_x86_elf_link_fixup_gnu_properties for (p = *listp; p; p = p->next) { unsigned int type = p->property.pr_type; - if (type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED + if (type == GNU_PROPERTY_MEMORY_SEAL + || type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED || type == GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED || (type >= GNU_PROPERTY_X86_UINT32_AND_LO && type <= GNU_PROPERTY_X86_UINT32_AND_HI) diff --git a/binutils/readelf.c b/binutils/readelf.c index 0f8dc1b9716..bf25425bb8d 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -21464,6 +21464,12 @@ print_gnu_property_note (Filedata * filedata, Elf_Internal_Note * pnote) printf (_(" "), datasz); goto next; + case GNU_PROPERTY_MEMORY_SEAL: + printf ("memory seal "); + if (datasz) + printf (_(" "), datasz); + goto next; + default: if ((type >= GNU_PROPERTY_UINT32_AND_LO && type <= GNU_PROPERTY_UINT32_AND_HI) diff --git a/include/bfdlink.h b/include/bfdlink.h index f802ec627ef..8b9e391e6ff 100644 --- a/include/bfdlink.h +++ b/include/bfdlink.h @@ -429,6 +429,9 @@ struct bfd_link_info /* TRUE if only one read-only, non-code segment should be created. */ unsigned int one_rosegment: 1; + /* TRUE if GNU_PROPERTY_MEMORY_SEAL should be generated. */ + unsigned int memory_seal: 1; + /* Nonzero if .eh_frame_hdr section and PT_GNU_EH_FRAME ELF segment should be created. 1 for DWARF2 tables, 2 for compact tables. */ unsigned int eh_frame_hdr_type: 2; diff --git a/include/elf/common.h b/include/elf/common.h index c9920e7731a..8938e2f4754 100644 --- a/include/elf/common.h +++ b/include/elf/common.h @@ -890,6 +890,7 @@ /* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0). */ #define GNU_PROPERTY_STACK_SIZE 1 #define GNU_PROPERTY_NO_COPY_ON_PROTECTED 2 +#define GNU_PROPERTY_MEMORY_SEAL 3 /* A 4-byte unsigned integer property: A bit is set if it is set in all relocatable inputs. */ diff --git a/ld/NEWS b/ld/NEWS index 1f14dd6bc77..4a28592fa32 100644 --- a/ld/NEWS +++ b/ld/NEWS @@ -23,6 +23,9 @@ Changes in 2.43: * Add -plugin-save-temps to store plugin intermediate files permanently. +* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the + object to memory sealed. + Changes in 2.42: * Add -z mark-plt/-z nomark-plt options to x86-64 ELF linker to mark PLT diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em index 2e865728587..ccd43531237 100644 --- a/ld/emultempl/elf.em +++ b/ld/emultempl/elf.em @@ -1075,6 +1075,10 @@ fragment < X-Patchwork-Id: 99038 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id EDD57385841E for ; Wed, 16 Oct 2024 17:07:26 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by sourceware.org (Postfix) with ESMTPS id 8A1F93858420 for ; Wed, 16 Oct 2024 17:04:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8A1F93858420 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8A1F93858420 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::634 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729098292; cv=none; b=JoZyqKX+5LFQMjxEfp9B/WN2v/x5GU6CaNkJNuDXguQwHfAVIkutu01JWULT/wu0MN7SFQx2nY5IVPFlmUql7acTRauTFPkMP1hiXyeanfoexH4zK3hf7ENbWmXttb1xW/G59ykzFTZwVzEZUvQNFfvww/YOYnkQ3DRqbJ1+adU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729098292; c=relaxed/simple; bh=FmYdhK0GYB3Rral1oOqJUG5SIB544ETBmwD6ZXLGXVU=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=U6G+Q5vBLBqBFIZM8ebNbZw+/rBwSAkWD9uSBYPs1dfTqXG1Xz+VdLOvbnhFJp8k4kaPtatTo+8AUsuzGRYOf1IFQqTmo2EcO70chci3igk/NU6oGzAEP66d+gdWSzu5lHxlfLgTnyugoHXMp9dTNlfuQjF5L1YvuMf8J0vMHA0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-20c767a9c50so336815ad.1 for ; Wed, 16 Oct 2024 10:04:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1729098284; x=1729703084; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zytNuzdnWEj6i7ZY5bt0r31CO9pU5KRWoNu/TjRWwQA=; b=LKJAl5ltkmSzpMxxR4Uxr6VxVYnWH3uPHdEvqzJb3H3XvOtGrdbIN4rzaymyElAYAG eLhRgUHgMnrrBy5zwEuyZq8fkXC7yhIi7EvjTu4xaMOpNfrKWU2OSciDnRUTfhlK9d1m RWJ/hD7VwE/zwNkgtICmH+TMMtSY4D13dBurs5A/7RWuAR5EmwOByH5fpx4UtwOi+v5e ftCmzyd22p4giyKI7g4SZPLNvep/OZ7D2oGhF33C736tiVJR7uHA+bFGYHTf42Y6wNU9 9B5NOhSV/z+cbK0MJ8zNP6kCAM3Vhqnxb450Bo/2RlcyuxGFbDJzTgJbJ+l6m/SyZBSw fJMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729098284; x=1729703084; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zytNuzdnWEj6i7ZY5bt0r31CO9pU5KRWoNu/TjRWwQA=; b=dEQCkz2TJFrmJVuQ0hcfkisfEmDiOor3UCTa/MN1bhfhxygAtS7VoZgTTI6m7CXaw8 yKToClGqLXXt77ljo3LtsRoyOnP3ethV0QzF5/S9Lv6IPPfZxFfDpTtupcZRwIul1NVM rcdes3gZCJ4uTA3iO6pnZ9bx9+6NLnuGwTCBXKyqYfpvmJGiBzNk9fitxM6fB1LxLybb /2pm1XCoI8f6YzPK1SkGffKhnewlK98BoLoLxAXfh+erYa5M5CFAbEA8jPNO42h4A4fB 7CfG0DomiZE/BTKyM9sqOOsLmYcu1qzW2gux+KvOPGPYw+O1FjNCZ5xgxpgzjAQDhxIg jAvg== X-Gm-Message-State: AOJu0YxwHyk37krolC+QeuLDcn6LerZ3+59aFbrNrLGN9cgQSNEsQetO uiMONPxPUi7GqtKA3PRmejSmjhT6xm4+afxebjFVGVDrvNpGGnGrAPJwFTyS1TBX3eb4Qpmzq7w b X-Google-Smtp-Source: AGHT+IF5Ez2nxvpWYR+gGuFVHatM1SzN3sx/i9tTVJYixRaUw73CNNWnriomsL1CgAFfUMrMeEiOaw== X-Received: by 2002:a17:902:c952:b0:20c:890c:2f76 with SMTP id d9443c01a7336-20cbb19aa49mr238905675ad.16.1729098283600; Wed, 16 Oct 2024 10:04:43 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c3:1434:ab87:e5f9:1b86:daf6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20d1805cdaesm30912895ad.281.2024.10.16.10.04.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2024 10:04:43 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , "H . J . Lu" Subject: [PATCH v3 2/3] gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property Date: Wed, 16 Oct 2024 14:01:12 -0300 Message-ID: <20241016170435.1404114-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241016170435.1404114-1-adhemerval.zanella@linaro.org> References: <20241016170435.1404114-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patchwork=sourceware.org@sourceware.org Similar to the ld.bfd, with the -z,memory-seal and -z,no-memory-seal which adds the .gnu.attribute GNU_PROPERTY_MEMORY_SEAL. Change-Id: I31e194479912d3f468d5e5132a6eb566ed9aca78 --- elfcpp/elfcpp.h | 1 + gold/NEWS | 3 ++ gold/layout.cc | 4 +++ gold/options.h | 3 ++ gold/testsuite/Makefile.am | 19 ++++++++++++ gold/testsuite/Makefile.in | 26 +++++++++++++++-- gold/testsuite/memory_seal_main.c | 5 ++++ gold/testsuite/memory_seal_shared.c | 7 +++++ gold/testsuite/memory_seal_test.sh | 45 +++++++++++++++++++++++++++++ 9 files changed, 110 insertions(+), 3 deletions(-) create mode 100644 gold/testsuite/memory_seal_main.c create mode 100644 gold/testsuite/memory_seal_shared.c create mode 100755 gold/testsuite/memory_seal_test.sh diff --git a/elfcpp/elfcpp.h b/elfcpp/elfcpp.h index f2fe7330f7c..94cfdbfc448 100644 --- a/elfcpp/elfcpp.h +++ b/elfcpp/elfcpp.h @@ -1023,6 +1023,7 @@ enum { GNU_PROPERTY_STACK_SIZE = 1, GNU_PROPERTY_NO_COPY_ON_PROTECTED = 2, + GNU_PROPERTY_MEMORY_SEAL = 3, GNU_PROPERTY_LOPROC = 0xc0000000, GNU_PROPERTY_X86_COMPAT_ISA_1_USED = 0xc0000000, GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED = 0xc0000001, diff --git a/gold/NEWS b/gold/NEWS index 63610a45937..a8f82cd5186 100644 --- a/gold/NEWS +++ b/gold/NEWS @@ -5,6 +5,9 @@ * Remove support for -z bndplt (MPX prefix instructions). +* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the + object to memory sealed. + Changes in 1.16: * Improve warning messages for relocations that refer to discarded sections. diff --git a/gold/layout.cc b/gold/layout.cc index b43ae841a6c..b59494e0491 100644 --- a/gold/layout.cc +++ b/gold/layout.cc @@ -3277,6 +3277,10 @@ Layout::create_gnu_properties_note() { parameters->target().finalize_gnu_properties(this); + if (parameters->options().memory_seal()) + this->add_gnu_property(elfcpp::NT_GNU_PROPERTY_TYPE_0, + elfcpp::GNU_PROPERTY_MEMORY_SEAL, 0, 0); + if (this->gnu_properties_.empty()) return; diff --git a/gold/options.h b/gold/options.h index 446e8d42614..5a1ab9e4400 100644 --- a/gold/options.h +++ b/gold/options.h @@ -1546,6 +1546,9 @@ class General_options N_("Keep .text.hot, .text.startup, .text.exit and .text.unlikely " "as separate sections in the final binary."), N_("Merge all .text.* prefix sections.")); + DEFINE_bool(memory_seal, options::DASH_Z, '\0', false, + N_("Mark object be memory sealed"), + N_("Don't mark oject to be memory sealed")); public: diff --git a/gold/testsuite/Makefile.am b/gold/testsuite/Makefile.am index 8f158ba20cc..f6eddea65fd 100644 --- a/gold/testsuite/Makefile.am +++ b/gold/testsuite/Makefile.am @@ -4476,3 +4476,22 @@ package_metadata_test.o: package_metadata_main.c package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld $(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}' $(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}' + +check_SCRIPTS += memory_seal_test.sh +check_DATA += memory_seal_test_1.stdout memory_seal_test_2.stdout +MOSTLYCLEANFILES += memory_seal_test +memory_seal_test_1.stdout: memory_seal_main + $(TEST_READELF) -n $< >$@ +memory_seal_test_2.stdout: memory_seal_shared.so + $(TEST_READELF) -n $< >$@ +memory_seal_main: gcctestdir/ld memory_seal_main.o + gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o +memory_seal_main.o: memory_seal_main.c + $(COMPILE) -c -o $@ $< +memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o + gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o +memory_seal_shared.o: memory_seal_shared.c + $(COMPILE) -c -fPIC -o $@ $< + + + diff --git a/gold/testsuite/Makefile.in b/gold/testsuite/Makefile.in index 357dec0d4f9..e95e8ed5d08 100644 --- a/gold/testsuite/Makefile.in +++ b/gold/testsuite/Makefile.in @@ -2888,7 +2888,7 @@ MOSTLYCLEANFILES = *.so *.syms *.stdout *.stderr $(am__append_4) \ $(am__append_88) $(am__append_91) $(am__append_93) \ $(am__append_102) $(am__append_105) $(am__append_108) \ $(am__append_111) $(am__append_114) $(am__append_117) \ - $(am__append_120) $(am__append_121) + $(am__append_120) $(am__append_121) memory_seal_test # We will add to these later, for each individual test. Note # that we add each test under check_SCRIPTS or check_PROGRAMS; @@ -2901,7 +2901,7 @@ check_SCRIPTS = $(am__append_2) $(am__append_21) $(am__append_25) \ $(am__append_89) $(am__append_96) $(am__append_100) \ $(am__append_103) $(am__append_106) $(am__append_109) \ $(am__append_112) $(am__append_115) $(am__append_118) \ - $(am__append_122) + $(am__append_122) memory_seal_test.sh check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \ $(am__append_32) $(am__append_38) $(am__append_45) \ $(am__append_50) $(am__append_54) $(am__append_58) \ @@ -2910,7 +2910,8 @@ check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \ $(am__append_90) $(am__append_97) $(am__append_101) \ $(am__append_104) $(am__append_107) $(am__append_110) \ $(am__append_113) $(am__append_116) $(am__append_119) \ - $(am__append_123) + $(am__append_123) memory_seal_test_1.stdout \ + memory_seal_test_2.stdout BUILT_SOURCES = $(am__append_42) TESTS = $(check_SCRIPTS) $(check_PROGRAMS) @@ -6524,6 +6525,13 @@ retain.sh.log: retain.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +memory_seal_test.sh.log: memory_seal_test.sh + @p='memory_seal_test.sh'; \ + b='memory_seal_test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) object_unittest.log: object_unittest$(EXEEXT) @p='object_unittest$(EXEEXT)'; \ b='object_unittest'; \ @@ -10524,6 +10532,18 @@ package_metadata_test.o: package_metadata_main.c package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld $(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}' $(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}' +memory_seal_test_1.stdout: memory_seal_main + $(TEST_READELF) -n $< >$@ +memory_seal_test_2.stdout: memory_seal_shared.so + $(TEST_READELF) -n $< >$@ +memory_seal_main: gcctestdir/ld memory_seal_main.o + gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o +memory_seal_main.o: memory_seal_main.c + $(COMPILE) -c -o $@ $< +memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o + gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o +memory_seal_shared.o: memory_seal_shared.c + $(COMPILE) -c -fPIC -o $@ $< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/gold/testsuite/memory_seal_main.c b/gold/testsuite/memory_seal_main.c new file mode 100644 index 00000000000..77bc677e8eb --- /dev/null +++ b/gold/testsuite/memory_seal_main.c @@ -0,0 +1,5 @@ +int +main(void) +{ + return 0; +} diff --git a/gold/testsuite/memory_seal_shared.c b/gold/testsuite/memory_seal_shared.c new file mode 100644 index 00000000000..8cf7b6143da --- /dev/null +++ b/gold/testsuite/memory_seal_shared.c @@ -0,0 +1,7 @@ +int foo (void); + +int +foo(void) +{ + return 0; +} diff --git a/gold/testsuite/memory_seal_test.sh b/gold/testsuite/memory_seal_test.sh new file mode 100755 index 00000000000..c2194213445 --- /dev/null +++ b/gold/testsuite/memory_seal_test.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +# memory_seal_test.sh -- test GNU_PROPERTY_MEMORY_SEAL gnu property + +# Copyright (C) 2018-2024 Free Software Foundation, Inc. + +# This file is part of gold. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, +# MA 02110-1301, USA. + +# This script checks that after linking the three object files +# gnu_property_[abc].S, each of which contains a .note.gnu.property +# section, the resulting output has only a single such note section, +# and that the properties have been correctly combined. + +check() +{ + if ! grep -q "$2" "$1" + then + echo "Did not find expected output in $1:" + echo " $2" + echo "" + echo "Actual output below:" + cat "$1" + exit 1 + fi +} + +check memory_seal_test_1.stdout "memory seal" +check memory_seal_test_2.stdout "memory seal" + +exit 0 From patchwork Wed Oct 16 17:01:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 99036 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B6C0C3857C63 for ; Wed, 16 Oct 2024 17:05:27 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by sourceware.org (Postfix) with ESMTPS id 98F84385841D for ; Wed, 16 Oct 2024 17:04:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 98F84385841D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 98F84385841D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729098290; cv=none; b=WIU8OJfNvFuykBLJ9FwdQ+OUAFb3vP2JZGKKoLkuSgRatsJm7rPl5aJpMmP0WbLmLUaBcztlTolHsF8YLI+wsez+mHNOblCe2M+Ml8buXFfaBaatvuQeP9uT8eS/8bzAo7udoW6n6FIbUgMWxyxl3djI4ckU5B5lYk3Dx2UthRg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729098290; c=relaxed/simple; bh=hmH+hdW8Mtj7KIYjDtqCvKJLklip2rUez1btHZ/WlTs=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=i+sfUB3nimUj+6x9CUtjJ1TLY/F0y+LVbyGIa2uFPAkTi3RnDS5ekhP2uOdKIt8SRmdvfTwVS7Cx+YwO2C5thgwAXTQ5La2JOt9PsdvXSLCV0Nkl2UujQFgLA6ndnPqNE/+dWdfx5C9mPRpwwhV0vVCtnWVU5pSVADHtpuJqSlQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-20ce5e3b116so334945ad.1 for ; Wed, 16 Oct 2024 10:04:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1729098286; x=1729703086; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5ani4XH/FZVXZvkL6qOY+5+auSX9JmlLAxsLgTCQADA=; b=dCRj8nyA5ffJYd/MTeBwqG7H3x6HP5gYXBkIk1amKz3O9tl1QpYw2kiyFpapefMnK3 nhQZt7wZF19Jt59NLKxffkaQPkz0PQF+ORbT6h2blvIX3VddyY6kA/+4pODWftrgTj/x gP+UVi1Ew3IUHII2+JWf56qDNHJaWJVgBvJXoo9T5R9qsOsj21kL4hePnCPZ1qiGy9oR Au3Piru3p4hJzJ7u7I9tJKfUpBU8yeIzOD6Ir4CpgzYTlrXudD8IUjnRl7dLZuY7ULcW 2Hm3NGNYrZ6PsoxdMZYF1tE73JCRyDGO1lDuGFo+eeYb85hWS/TLYvoVaeQXLAnqIUWw F9Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729098286; x=1729703086; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5ani4XH/FZVXZvkL6qOY+5+auSX9JmlLAxsLgTCQADA=; b=r0fY/XpHCpSsTPlm4BkNJFlcEuMhnMfZ4KN4CWvEr7KvwvPMpq264p0LSKoOCwqxtz AYK5AS7rGCTD0jLZzltnCpsqMMd0rswd5yLyt2lhlpr+qJ0vMUUaXeEpnoP6aVw0mOcR BKsy8Dw2U91MjvlOpwkAisi8sdf9q0toKkRlx6yui8lBEpqZSmQcSd7D+OHTNDtXtRYO j4zyeEuV4kPC8tnTbA7pRirt6uRuQJX2EVYPvi+FFw784LPWTbQlEUsNqSjIQxhOIPoN cb0YOVzwfzlqY8Lm5FjWPT3/uCmJt/kdIpAAV4Zr7Qs6KXEb35lAobZVKO7BYAsiIOvC G+5g== X-Gm-Message-State: AOJu0YwUyaBzXAEzNCn5/MsyKYkm3fiuCwlgtCTYGvEzoaTEnen93JHk H+MBH5W5SdXiAC04UjNF5Kflt1ElfX71fgMaAUBUhTItFGZq4uoctpx0muJQ+9qo48pVTbXYKdR f X-Google-Smtp-Source: AGHT+IGbXSbEtkDRz5wvKeyDiKFgJRGHN1oFihaOqftpGiw7+mNQvZP1zzF1oFeev8kGZVqMyKVprg== X-Received: by 2002:a17:902:f78e:b0:20c:c15c:96ab with SMTP id d9443c01a7336-20cc15c9986mr251629885ad.48.1729098286026; Wed, 16 Oct 2024 10:04:46 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c3:1434:ab87:e5f9:1b86:daf6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20d1805cdaesm30912895ad.281.2024.10.16.10.04.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2024 10:04:45 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , "H . J . Lu" Subject: [PATCH v3 3/3] ld: Add --enable-memory-seal configure option Date: Wed, 16 Oct 2024 14:01:13 -0300 Message-ID: <20241016170435.1404114-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241016170435.1404114-1-adhemerval.zanella@linaro.org> References: <20241016170435.1404114-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patchwork=sourceware.org@sourceware.org Add --enable-memory-seal linker configure option to enable memory sealing (GNU_PROPERTY_MEMORY_SEAL) by default. Change-Id: I4ce4ff33657f0f09b1ceb06210b6fcaa501f1799 --- binutils/testsuite/lib/binutils-common.exp | 22 +++++++++++++ ld/NEWS | 3 +- ld/config.in | 3 ++ ld/configure | 38 ++++++++++++++++++---- ld/configure.ac | 17 ++++++++++ ld/emultempl/elf.em | 1 + ld/lexsup.c | 7 ++++ ld/testsuite/config/default.exp | 8 +++++ ld/testsuite/ld-srec/srec.exp | 4 +++ ld/testsuite/lib/ld-lib.exp | 6 ++++ 10 files changed, 101 insertions(+), 8 deletions(-) diff --git a/binutils/testsuite/lib/binutils-common.exp b/binutils/testsuite/lib/binutils-common.exp index 03e8dbb855b..063ba4f20c2 100644 --- a/binutils/testsuite/lib/binutils-common.exp +++ b/binutils/testsuite/lib/binutils-common.exp @@ -408,6 +408,25 @@ proc check_relro_support { } { return $relro_available_saved } +proc check_memory_seal_support { } { + global memory_seal_available_saved + global ld + + if {![info exists memory_seal_available_saved]} { + remote_file host delete nomemory_seal + set ld_output [remote_exec host $ld "-z nomemory-seal"] + if { [string first "not supported" $ld_output] >= 0 + || [string first "unrecognized option" $ld_output] >= 0 + || [string first "-z nomemory-seal ignored" $ld_output] >= 0 + || [string first "cannot find nomemory-seal" $ld_output] >= 0 } { + set memory_seal_available_saved 0 + } else { + set memory_seal_available_saved 1 + } + } + return $memory_seal_available_saved +} + # Check for support of the .noinit section, used for data that is not # initialized at load, or during the application's initialization sequence. proc supports_noinit_section {} { @@ -1401,6 +1420,9 @@ proc run_dump_test { name {extra_options {}} } { if [check_relro_support] { set ld_extra_opt "-z norelro" } + if [check_memory_seal_support] { + append ld_extra_opt " -z nomemory-seal" + } # Add -L$srcdir/$subdir so that the linker command can use # linker scripts in the source directory. diff --git a/ld/NEWS b/ld/NEWS index 4a28592fa32..ba64ef221fb 100644 --- a/ld/NEWS +++ b/ld/NEWS @@ -24,7 +24,8 @@ Changes in 2.43: * Add -plugin-save-temps to store plugin intermediate files permanently. * Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the - object to memory sealed. + object to memory sealed. Also added --enable-memory-seal configure option + to enable the memory sealing by default. Changes in 2.42: diff --git a/ld/config.in b/ld/config.in index f2aaf0a6879..74c58ebb319 100644 --- a/ld/config.in +++ b/ld/config.in @@ -60,6 +60,9 @@ default. */ #undef DEFAULT_LD_Z_SEPARATE_CODE +/* Define to 1 if you want to enable -z memory-seal in ELF linker by default. */ +#undef DEFAULT_LD_Z_MEMORY_SEAL + /* Define to 1 if you want to set DT_RUNPATH instead of DT_RPATH by default. */ #undef DEFAULT_NEW_DTAGS diff --git a/ld/configure b/ld/configure index d905f1c6001..361b9fed85c 100755 --- a/ld/configure +++ b/ld/configure @@ -854,6 +854,7 @@ enable_textrel_check enable_separate_code enable_rosegment enable_mark_plt +enable_memory_seal enable_warn_execstack enable_error_execstack enable_warn_rwx_segments @@ -1551,6 +1552,7 @@ Optional Features: --enable-separate-code enable -z separate-code in ELF linker by default --enable-rosegment enable --rosegment in the ELF linker by default --enable-mark-plt enable -z mark-plt in ELF x86-64 linker by default + --enable-memory-seal enable -z memory-seal in ELF linker by default --enable-warn-execstack enable warnings when creating an executable stack --enable-error-execstack turn executable stack warnings into errors @@ -11686,7 +11688,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11689 "configure" +#line 11691 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11792,7 +11794,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11795 "configure" +#line 11797 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -15251,7 +15253,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15297,7 +15299,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15321,7 +15323,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15366,7 +15368,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15390,7 +15392,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15709,6 +15711,17 @@ esac fi +# Decide if -z memory-seal should be enabled in ELF linker by default. +ac_default_ld_z_memory_seal=unset +# Check whether --enable-memory-seal was given. +if test "${enable_memory_seal+set}" = set; then : + enableval=$enable_memory_seal; case "${enableval}" in + yes) ac_default_ld_z_memory_seal=1 ;; + no) ac_default_ld_z_memory_seal=0 ;; +esac +fi + + # By default warn when an executable stack is created due to object files # requesting such, not when the user specifies -z execstack. @@ -18975,6 +18988,8 @@ main () if (*(data + i) != *(data3 + i)) return 14; close (fd); + free (data); + free (data3); return 0; } _ACEOF @@ -19454,6 +19469,15 @@ cat >>confdefs.h <<_ACEOF _ACEOF +if test "${ac_default_ld_z_memory_seal}" = unset; then + ac_default_ld_z_memory_seal=0 +fi + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LD_Z_MEMORY_SEAL $ac_default_ld_z_memory_seal +_ACEOF + + cat >>confdefs.h <<_ACEOF diff --git a/ld/configure.ac b/ld/configure.ac index 5d10b38a528..7c90b9ad62b 100644 --- a/ld/configure.ac +++ b/ld/configure.ac @@ -232,6 +232,16 @@ AC_ARG_ENABLE(mark-plt, no) ac_default_ld_z_mark_plt=0 ;; esac]) +# Decide if -z memory-seal should be enabled in ELF linker by default. +ac_default_ld_z_memory_seal=unset +AC_ARG_ENABLE(memory-seal, + AS_HELP_STRING([--enable-memory-seal], + [enable -z memory-seal in ELF linker by default]), +[case "${enableval}" in + yes) ac_default_ld_z_memory_seal=1 ;; + no) ac_default_ld_z_memory_seal=0 ;; +esac]) + # By default warn when an executable stack is created due to object files # requesting such, not when the user specifies -z execstack. @@ -617,6 +627,13 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MARK_PLT, $ac_default_ld_z_mark_plt, [Define to 1 if you want to enable -z mark-plt in ELF x86-64 linker by default.]) +if test "${ac_default_ld_z_memory_seal}" = unset; then + ac_default_ld_z_memory_seal=0 +fi +AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MEMORY_SEAL, + $ac_default_ld_z_memory_seal, + [Define to 1 if you want to enable -z memory_seal in ELF linker by default.]) + AC_DEFINE_UNQUOTED(DEFAULT_LD_WARN_EXECSTACK, $ac_default_ld_warn_execstack, diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em index ccd43531237..58bd79b09d2 100644 --- a/ld/emultempl/elf.em +++ b/ld/emultempl/elf.em @@ -99,6 +99,7 @@ fragment <