From patchwork Mon Sep 30 20:08:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 831571 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2120293wrw; Mon, 30 Sep 2024 13:09:04 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUo6g8cL/idDSH8CEomy2TSdv8G1ZMSIov92KrxXt0WyPABMDwdx2rsNFd4elyJwDLcnQDqoQ==@linaro.org X-Google-Smtp-Source: AGHT+IGck1fP7/VQJL68ZjqFfiNitvBikSb+l2Whe1FrRlW8vIynZbaae7NrsjjMRnuu4jQuDFl5 X-Received: by 2002:a05:620a:4408:b0:7a9:ad7b:c8db with SMTP id af79cd13be357-7ae378dc775mr2104986785a.62.1727726943912; Mon, 30 Sep 2024 13:09:03 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727726943; cv=pass; d=google.com; s=arc-20240605; b=g0PXe27EsSMPc1p2hcvfRF4tRuhZ7BqlQgce0qHF74JS0UyLjzIHLjNgtYKdqNw1LI 74LqnPftpTmW4KOIZzxEfhKv/3rUULpGudidjn7WtmJJlsVEw/4WQgenM84riRJL0UwA ugNdSRVS5hXp5JafpAqLt5vv01AJd7lbGoKR6+p7FvGH/xWelY6qyjQQKYRzytMc2Rg6 YIdzIZcTYixkK0Xj+JW8FI15/R+bXftFCIPpJ9cg6YlQeJTpHzlTDGR1MYinHTmDjbpL DcF2Lg6Ey5l7D65zJF6ucRYhykExEP8SXLn7dRMSHrxS/6STGbAwVOsBK74pRCbMMoRS qukg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=rcAMEy/gQDVDkzSX7JPGuyERSO+AT9bghXdWr6eZjDI=; fh=jV+RmF17NVd0KO+x04CXEAt2ahoCnMlV5/fgLD2kZ2g=; b=JwshSrch86XLZ6kuIQ/5PVp4HqHDac+VaTiXCdc2qVysuO8Z98IdjXlsMYVKunUhkl QcX56DpLzSVGdyZgWdqHf6lvPinRBhVj2BQ4fsHY4CkHbOo1cn2iGRWrsF9vESy22vHp jvr1uyYBhkkziZCQKYUPBxTA6EGXp8Da/HOUQW4H6wOmy8Mf6GQrUU0COHtugZQPGDXc zlJK0QFS8LKrTAz1g+cn+8bPBIxDt112fy/c/b1rrIyz1CCRTH6fBqjXRG3m9gif+YiD zp9rwVdKZqJG1UyK25op3GdvqcA5oSQVGHw6v9XP4ZIKz2Q8fh19suZmXdHB4s8+dYvD VXkA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OdrtnMiM; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id af79cd13be357-7ae3da3ddcdsi739082585a.238.2024.09.30.13.09.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:09:03 -0700 (PDT) Received-SPF: pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OdrtnMiM; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 885CD38460BD for ; Mon, 30 Sep 2024 20:09:03 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) by sourceware.org (Postfix) with ESMTPS id CFBEC3846459 for ; Mon, 30 Sep 2024 20:08:38 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CFBEC3846459 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CFBEC3846459 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1030 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726923; cv=none; b=DOviqRz9k7EUs7kNew8mTIYbu506Q9s/Jhu2x9Op1KbZE2/kMYoqUiVjKnQE8hGm3e9d3pGXAnIzxM0S8G/ipNWHZlx0jsdCeWF/ZrKJUPhEZqezqs4tBUMmEVC2UkkKmJ8dfjZ3G91FU7/RiVu9AXbhAaA08FNFBS17Mp/LatE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726923; c=relaxed/simple; bh=6pv1rXGXYW9XVELZOV33biAdRMjAcG3W2dlEghzDKi0=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=U5rdHa/xnmQ/8vcQ76pzQVi/C4kAoO1LlTbz5+zNwrsuG9ab3FWPHU3bhcLfCBXqTcWnuQIlagthT5s8vrpZDGEU/S2pNcZwyEf44huA9GvYm0ABQwGHU5qDOlPhFKlskEXCIe6gVmKqaRcjFibMUaFqjFnJarwJIv+XdBowWwE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-2e09fe0a878so3145644a91.1 for ; Mon, 30 Sep 2024 13:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726917; x=1728331717; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rcAMEy/gQDVDkzSX7JPGuyERSO+AT9bghXdWr6eZjDI=; b=OdrtnMiMFpOOEE1bYB3+dbzDjznlEutxa0qZ0RylgWksLrxLg8cpyWXLoexne7/9uZ kK+jWKEyOZmpzDOb4HxD3j+8av+HWtbw/gPfKFzTp9N72eVjkeCJ61KwwcLobiTyxN2J pij9X3SZF5SXnh0LAoioHlyKosGkRWJQgqSC+Uij5mpg5YaLxODHO4mm46tPRPLVw2BQ FlUtPaCS0M/jNWgYRyHqSqnPYw7t7q5pR2QOJNB3Yb8iY3r7XePK4stPMmL/+Ox7Mq7B Zo4hS8I62SfPMGRZtAfYNb72I9oasWaF9KpD4BfE21EWDJBqnsQJ90OnSmLZ0JoWaknn CcqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726917; x=1728331717; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rcAMEy/gQDVDkzSX7JPGuyERSO+AT9bghXdWr6eZjDI=; b=F5ShdOsZ8X4xV9FNBec9tf3ghbZGfQfKwbiRlcVO+gsmGEEw56+4mvZFa3dHsE52nW XrNsTNcyBs+PHg81WIc1REbgK87Eop3YmrnSahNuWsKUHGzjtbdpIHALXKkRr+gIpPEB kqLj769sHNNtHpzVyXLBncjursGEh/LgibbURC3ySMGY7meS0qDcW3WWCAh4MmVT3moz HNYEtjGfh42sZUgggAM7bfdLvjuqTPjLYsZzPAOLHTd7Pnf88D1Buv9ssQn0YrjfFXYF awv0BBLNhok162BHRgHzgvlbSEJs8ToACqQpF/vny8ShoAjWhx5uW7KjqtGidPClNmo/ +pCg== X-Gm-Message-State: AOJu0YwHW+K3q+1ULjajNLC64EwZNtiPx1oOuNrVJSE3wZ4+KCB14ysX 74jfpfRZ/el7O4CyliCTY0e0KbY5GdgLbvrMJtWu2Em+0+gE4RHdIn0CfBD4jInvjkqhkIxmXtF Il6o= X-Received: by 2002:a17:90a:fd84:b0:2d8:27c3:87d7 with SMTP id 98e67ed59e1d1-2e0b866cdc7mr14088380a91.8.1727726917181; Mon, 30 Sep 2024 13:08:37 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c9b438sm8464787a91.28.2024.09.30.13.08.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:36 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v2 1/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property Date: Mon, 30 Sep 2024 17:08:20 -0300 Message-Id: <20240930200822.1669666-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> References: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patch=linaro.org@sourceware.org Along with -Wl,memory-seal/-Wl,nomemory-seal options to ld.bfd. The new attribute indicates that an ET_EXEC or ET_DYN ELF object should be memory-sealed if the loader supports it. Memory sealing is useful as a hardening mechanism to avoid either remapping the memory segments or changing the memory protection segments layout by the dynamic loader (for instance, the RELRO hardening). The Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370) added the mseal syscall accomplishes it. A GNU property is used instead of a new dynamic section tag (like the one proposed for DT_GNU_FLAGS_1) because the memory sealing should be selectable for ET_EXEC and not only for ET_DYN. It also fits new opt-in security features like x86 CET or AArch64 BTI. --- bfd/elf-properties.c | 72 ++++++++++++++++++++------- bfd/elfxx-x86.c | 3 +- binutils/readelf.c | 6 +++ include/bfdlink.h | 3 ++ include/elf/common.h | 1 + ld/NEWS | 3 ++ ld/emultempl/elf.em | 4 ++ ld/ld.texi | 8 +++ ld/lexsup.c | 4 ++ ld/testsuite/ld-elf/property-seal-1.d | 15 ++++++ ld/testsuite/ld-elf/property-seal-2.d | 14 ++++++ 11 files changed, 115 insertions(+), 18 deletions(-) create mode 100644 ld/testsuite/ld-elf/property-seal-1.d create mode 100644 ld/testsuite/ld-elf/property-seal-2.d diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c index ee8bd37f2bd..17c89d9e876 100644 --- a/bfd/elf-properties.c +++ b/bfd/elf-properties.c @@ -177,6 +177,9 @@ _bfd_elf_parse_gnu_properties (bfd *abfd, Elf_Internal_Note *note) prop->pr_kind = property_number; goto next; + case GNU_PROPERTY_MEMORY_SEAL: + goto next; + default: if ((type >= GNU_PROPERTY_UINT32_AND_LO && type <= GNU_PROPERTY_UINT32_AND_HI) @@ -258,6 +261,9 @@ elf_merge_gnu_properties (struct bfd_link_info *info, bfd *abfd, bfd *bbfd, be added to ABFD. */ return aprop == NULL; + case GNU_PROPERTY_MEMORY_SEAL: + return aprop == NULL; + default: updated = false; if (pr_type >= GNU_PROPERTY_UINT32_OR_LO @@ -607,6 +613,33 @@ elf_write_gnu_properties (struct bfd_link_info *info, } } +static asection * +_bfd_elf_link_create_gnu_property_sec (struct bfd_link_info *info, bfd *elf_bfd, + unsigned int elfclass) +{ + asection *sec; + + sec = bfd_make_section_with_flags (elf_bfd, + NOTE_GNU_PROPERTY_SECTION_NAME, + (SEC_ALLOC + | SEC_LOAD + | SEC_IN_MEMORY + | SEC_READONLY + | SEC_HAS_CONTENTS + | SEC_DATA)); + if (sec == NULL) + info->callbacks->einfo (_("%F%P: failed to create GNU property section\n")); + + if (!bfd_set_section_alignment (sec, + elfclass == ELFCLASS64 ? 3 : 2)) + info->callbacks->einfo (_("%F%pA: failed to align section\n"), + sec); + + elf_section_type (sec) = SHT_NOTE; + return sec; +} + + /* Set up GNU properties. Return the first relocatable ELF input with GNU properties if found. Otherwise, return NULL. */ @@ -656,23 +689,7 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info) /* Support -z indirect-extern-access. */ if (first_pbfd == NULL) { - sec = bfd_make_section_with_flags (elf_bfd, - NOTE_GNU_PROPERTY_SECTION_NAME, - (SEC_ALLOC - | SEC_LOAD - | SEC_IN_MEMORY - | SEC_READONLY - | SEC_HAS_CONTENTS - | SEC_DATA)); - if (sec == NULL) - info->callbacks->einfo (_("%F%P: failed to create GNU property section\n")); - - if (!bfd_set_section_alignment (sec, - elfclass == ELFCLASS64 ? 3 : 2)) - info->callbacks->einfo (_("%F%pA: failed to align section\n"), - sec); - - elf_section_type (sec) = SHT_NOTE; + sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass); first_pbfd = elf_bfd; has_properties = true; } @@ -690,6 +707,27 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info) |= GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS; } + if (info->memory_seal && elf_bfd != NULL) + { + /* Support -z no-memory-seal. */ + if (first_pbfd == NULL) + { + sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass); + first_pbfd = elf_bfd; + has_properties = true; + } + + p = _bfd_elf_get_property (first_pbfd, GNU_PROPERTY_MEMORY_SEAL, 0); + if (p->pr_kind == property_unknown) + { + /* Create GNU_PROPERTY_NO_MEMORY_SEAL. */ + p->u.number = GNU_PROPERTY_MEMORY_SEAL; + p->pr_kind = property_number; + } + else + p->u.number |= GNU_PROPERTY_MEMORY_SEAL; + } + /* Do nothing if there is no .note.gnu.property section. */ if (!has_properties) return NULL; diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c index dd951b91f50..8a4405c8a79 100644 --- a/bfd/elfxx-x86.c +++ b/bfd/elfxx-x86.c @@ -4815,7 +4815,8 @@ _bfd_x86_elf_link_fixup_gnu_properties for (p = *listp; p; p = p->next) { unsigned int type = p->property.pr_type; - if (type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED + if (type == GNU_PROPERTY_MEMORY_SEAL + || type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED || type == GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED || (type >= GNU_PROPERTY_X86_UINT32_AND_LO && type <= GNU_PROPERTY_X86_UINT32_AND_HI) diff --git a/binutils/readelf.c b/binutils/readelf.c index 0f8dc1b9716..bf25425bb8d 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -21464,6 +21464,12 @@ print_gnu_property_note (Filedata * filedata, Elf_Internal_Note * pnote) printf (_(" "), datasz); goto next; + case GNU_PROPERTY_MEMORY_SEAL: + printf ("memory seal "); + if (datasz) + printf (_(" "), datasz); + goto next; + default: if ((type >= GNU_PROPERTY_UINT32_AND_LO && type <= GNU_PROPERTY_UINT32_AND_HI) diff --git a/include/bfdlink.h b/include/bfdlink.h index f802ec627ef..8b9e391e6ff 100644 --- a/include/bfdlink.h +++ b/include/bfdlink.h @@ -429,6 +429,9 @@ struct bfd_link_info /* TRUE if only one read-only, non-code segment should be created. */ unsigned int one_rosegment: 1; + /* TRUE if GNU_PROPERTY_MEMORY_SEAL should be generated. */ + unsigned int memory_seal: 1; + /* Nonzero if .eh_frame_hdr section and PT_GNU_EH_FRAME ELF segment should be created. 1 for DWARF2 tables, 2 for compact tables. */ unsigned int eh_frame_hdr_type: 2; diff --git a/include/elf/common.h b/include/elf/common.h index c9920e7731a..8938e2f4754 100644 --- a/include/elf/common.h +++ b/include/elf/common.h @@ -890,6 +890,7 @@ /* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0). */ #define GNU_PROPERTY_STACK_SIZE 1 #define GNU_PROPERTY_NO_COPY_ON_PROTECTED 2 +#define GNU_PROPERTY_MEMORY_SEAL 3 /* A 4-byte unsigned integer property: A bit is set if it is set in all relocatable inputs. */ diff --git a/ld/NEWS b/ld/NEWS index 1f14dd6bc77..4a28592fa32 100644 --- a/ld/NEWS +++ b/ld/NEWS @@ -23,6 +23,9 @@ Changes in 2.43: * Add -plugin-save-temps to store plugin intermediate files permanently. +* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the + object to memory sealed. + Changes in 2.42: * Add -z mark-plt/-z nomark-plt options to x86-64 ELF linker to mark PLT diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em index 2e865728587..ccd43531237 100644 --- a/ld/emultempl/elf.em +++ b/ld/emultempl/elf.em @@ -1075,6 +1075,10 @@ fragment < X-Patchwork-Id: 831581 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2121607wrw; Mon, 30 Sep 2024 13:12:33 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUZ5N6ep1xXfvfaxe56DENHf7+xC/tXDdDKuXfpkPal5dZ0ImkEOOjfUsc7TYmOtutyH4Cd5w==@linaro.org X-Google-Smtp-Source: AGHT+IHKI9RqwiwIIFlgVJzX49Rv37OXU9JB/bQz/CzeswyoJ/CQwWh3ALe0hGm702mz2cUz3J3t X-Received: by 2002:a05:622a:2d4:b0:458:3301:72aa with SMTP id d75a77b69052e-45c9f20912bmr228113391cf.13.1727727153444; Mon, 30 Sep 2024 13:12:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727727153; cv=pass; d=google.com; s=arc-20240605; b=DH3qIy8PkjZerYAGbHf75FigHjmehFbSJxRekffqnd34AWBPmQiUmJuTk4S6xal198 e4h4P+gD6Q0Sx3EgfPOMzHqasiEhf1Z3wFfYLoOHXfNdydALjxQmegjCgPfysG/3rmsc 2zZyIWNr2DU1vbox0l50Ct6TWNdX4k+2liiISM/C4WJqVO8Oj5e3Iq4uw6Zdm1aejVcZ YDflZuxwqABfV1J7DLrd/t+EzCuaLr/qvcFREefWTGaiNkLmWGy003hCGiWkndX8Lm/k VAsi9Ahrvu5EGPYsfPac7ukqpr1aLdintCZv5Ljs9WwCDBH9TAYR5fMAHDdl+ePL0oYk EOsg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=ZqUNIXWr6XoO2VKLl2GYVRxCVNY61dz8t2/iMmNUKrM=; fh=jV+RmF17NVd0KO+x04CXEAt2ahoCnMlV5/fgLD2kZ2g=; b=LxFSo10iaPkQd962zgLmbCxvt2orGCpXHlbSyqI+7Goa7SL15g8CHjc4WcT6ZLG6xp ysTUKl+/SGogYvrqTB1fLWxe1e/OH1zfdnWb1aIBaBsIOVe0ARxgfntMnzRa/kCHJ/94 KVZ1Oor6HBknonuAdu5OijKENBJgWdsgweU2/I8fmzB9Wg++zpDfe3mL6JSqZ0+7sJeQ 9THx/G4g10CB+1kkxiZjaNYy75XXg19qZhsYbQQkpforNoRTgUPhyALpHeMOG0I5SxgH uy4UHz0/oCTuFIxODU7ov5uMqrO8o5yaO1ezRVRod9lNE900QBIVECOjSAy//CcmrfO0 /ZTw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cMtA3RqT; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-45c9f2beb84si90632131cf.197.2024.09.30.13.12.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:12:33 -0700 (PDT) Received-SPF: pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cMtA3RqT; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0C8C638460B4 for ; Mon, 30 Sep 2024 20:12:33 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) by sourceware.org (Postfix) with ESMTPS id BF50F3849AD7 for ; Mon, 30 Sep 2024 20:08:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BF50F3849AD7 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BF50F3849AD7 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::52a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726928; cv=none; b=x8mJyZ85s3XShGvhsahO9Cl4p6CHa9Q8p9CWteHXTNwajJ4hLlYo+G7zh/2LIi5ykrEAG1utghzZDR7e2C49JVdoj3PwOki6pOWR55srEoj1/izPuDdpBnmd4Y0VdJVFPN8cmASpjQA82Q31hInkbyTBU7FyLt61Ml/UY2UBh7I= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726928; c=relaxed/simple; bh=d6QvFYI1aB3zt+BQ/yS21FDAGsWPT8lWoAmT+26lvb4=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=PuEC7F11ti8q7CHKhfVsucY1O0/IXUcRJ62iCa4Ctp4y5eOqOhrb+xHPL7oj0ZYI41TQb28s9tvm4VseMC1x6xE47maYLRWdl2c7R+FdaJVoNFiG3KjR1lo1qUNCeLKAKlzfbHT6O9sG0iCV/yVavZ4WFlm6V7CY2+HIbrFuOFk= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pg1-x52a.google.com with SMTP id 41be03b00d2f7-7d7a9200947so3207654a12.3 for ; Mon, 30 Sep 2024 13:08:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726924; x=1728331724; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZqUNIXWr6XoO2VKLl2GYVRxCVNY61dz8t2/iMmNUKrM=; b=cMtA3RqTEpJCUNm/pjBUCE8dIq6Qz/ebQmAy03etFc9EOrxER1Tlh09q13YT/G9HTL Imzbhy+rlQogWGzgl3R1pyNfS8aU2iEgwlrzgCVWb0PoWjhDWAWHZGiTVoW1jeCff5KP dLgYxHjsbgoC95Wph7NdLl/YYgpa7UoDhfHhNi/nWirJwj7BKtSkvqXEx2RGhShQOTdh 3c+EoBgLx2seTTk1v6hkVOF4iBfhMyu22cn1uUBkh8BJ6fsdFqqz4yShyyXX9Q+G21PG BvwQ++0qXR7G6kSauP1oKAC2QvvYHJ5rXAXGgM9ei/cy9KD6A5uvU1z5pjHaC/DPZoIf Ay1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726924; x=1728331724; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZqUNIXWr6XoO2VKLl2GYVRxCVNY61dz8t2/iMmNUKrM=; b=BkU3CN0LIzhJxuUzqeUtiUiqGOqItduYFTqsViIrXYxqAYRSLE5DrKT43e1vfyLL23 hsaxbzm9zpnyC26AeQKyGsCxNTEw9B7EXBedWFZ41bry2XYubOL3LGdItXKbXAcDGUxP TphiXYpkSR+kNLAbtvFjEcU6O7LWXs71aAo4OdFRRr6HxK3iWqMAQ6+Mk4aj9tBHURsk mtgnxcYH+409hlW2M8YiG7644ZyF2VghwWssUFs9VkfazuhpsBaQPsytSrSD9cngMUwe PbJAWgd5x/R3yuomTPuJ9xQIdnU1PxnA8Qi1VscqkMbRAVdBKOUcDcjjX5/aZjTUicSx 4HYA== X-Gm-Message-State: AOJu0Yzu2boGnrOVsPOY+ibFctqZCoX39Uc4w7ePccErbkr8DA1qwvb7 70vfVguv1Ev638sV1FViz/dQOfxagouU4PPf4H1nkHMHGFpQlbV4iePk5eQVbLL/MNe83bsQmYf k1X4= X-Received: by 2002:a17:90a:bd81:b0:2d8:ebef:547 with SMTP id 98e67ed59e1d1-2e0b8ed4be7mr14843320a91.35.1727726924120; Mon, 30 Sep 2024 13:08:44 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c9b438sm8464787a91.28.2024.09.30.13.08.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:43 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v2 2/3] gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property Date: Mon, 30 Sep 2024 17:08:21 -0300 Message-Id: <20240930200822.1669666-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> References: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patch=linaro.org@sourceware.org Similar to the ld.bfd, with the -z,memory-seal and -z,no-memory-seal which adds the .gnu.attribute GNU_PROPERTY_MEMORY_SEAL. --- elfcpp/elfcpp.h | 1 + gold/NEWS | 3 ++ gold/layout.cc | 4 +++ gold/options.h | 3 ++ gold/testsuite/Makefile.am | 19 ++++++++++++ gold/testsuite/Makefile.in | 26 +++++++++++++++-- gold/testsuite/memory_seal_main.c | 5 ++++ gold/testsuite/memory_seal_shared.c | 7 +++++ gold/testsuite/memory_seal_test.sh | 45 +++++++++++++++++++++++++++++ 9 files changed, 110 insertions(+), 3 deletions(-) create mode 100644 gold/testsuite/memory_seal_main.c create mode 100644 gold/testsuite/memory_seal_shared.c create mode 100755 gold/testsuite/memory_seal_test.sh diff --git a/elfcpp/elfcpp.h b/elfcpp/elfcpp.h index f2fe7330f7c..94cfdbfc448 100644 --- a/elfcpp/elfcpp.h +++ b/elfcpp/elfcpp.h @@ -1023,6 +1023,7 @@ enum { GNU_PROPERTY_STACK_SIZE = 1, GNU_PROPERTY_NO_COPY_ON_PROTECTED = 2, + GNU_PROPERTY_MEMORY_SEAL = 3, GNU_PROPERTY_LOPROC = 0xc0000000, GNU_PROPERTY_X86_COMPAT_ISA_1_USED = 0xc0000000, GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED = 0xc0000001, diff --git a/gold/NEWS b/gold/NEWS index 63610a45937..a8f82cd5186 100644 --- a/gold/NEWS +++ b/gold/NEWS @@ -5,6 +5,9 @@ * Remove support for -z bndplt (MPX prefix instructions). +* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the + object to memory sealed. + Changes in 1.16: * Improve warning messages for relocations that refer to discarded sections. diff --git a/gold/layout.cc b/gold/layout.cc index b43ae841a6c..b59494e0491 100644 --- a/gold/layout.cc +++ b/gold/layout.cc @@ -3277,6 +3277,10 @@ Layout::create_gnu_properties_note() { parameters->target().finalize_gnu_properties(this); + if (parameters->options().memory_seal()) + this->add_gnu_property(elfcpp::NT_GNU_PROPERTY_TYPE_0, + elfcpp::GNU_PROPERTY_MEMORY_SEAL, 0, 0); + if (this->gnu_properties_.empty()) return; diff --git a/gold/options.h b/gold/options.h index 446e8d42614..5a1ab9e4400 100644 --- a/gold/options.h +++ b/gold/options.h @@ -1546,6 +1546,9 @@ class General_options N_("Keep .text.hot, .text.startup, .text.exit and .text.unlikely " "as separate sections in the final binary."), N_("Merge all .text.* prefix sections.")); + DEFINE_bool(memory_seal, options::DASH_Z, '\0', false, + N_("Mark object be memory sealed"), + N_("Don't mark oject to be memory sealed")); public: diff --git a/gold/testsuite/Makefile.am b/gold/testsuite/Makefile.am index 8f158ba20cc..f6eddea65fd 100644 --- a/gold/testsuite/Makefile.am +++ b/gold/testsuite/Makefile.am @@ -4476,3 +4476,22 @@ package_metadata_test.o: package_metadata_main.c package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld $(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}' $(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}' + +check_SCRIPTS += memory_seal_test.sh +check_DATA += memory_seal_test_1.stdout memory_seal_test_2.stdout +MOSTLYCLEANFILES += memory_seal_test +memory_seal_test_1.stdout: memory_seal_main + $(TEST_READELF) -n $< >$@ +memory_seal_test_2.stdout: memory_seal_shared.so + $(TEST_READELF) -n $< >$@ +memory_seal_main: gcctestdir/ld memory_seal_main.o + gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o +memory_seal_main.o: memory_seal_main.c + $(COMPILE) -c -o $@ $< +memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o + gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o +memory_seal_shared.o: memory_seal_shared.c + $(COMPILE) -c -fPIC -o $@ $< + + + diff --git a/gold/testsuite/Makefile.in b/gold/testsuite/Makefile.in index 357dec0d4f9..e95e8ed5d08 100644 --- a/gold/testsuite/Makefile.in +++ b/gold/testsuite/Makefile.in @@ -2888,7 +2888,7 @@ MOSTLYCLEANFILES = *.so *.syms *.stdout *.stderr $(am__append_4) \ $(am__append_88) $(am__append_91) $(am__append_93) \ $(am__append_102) $(am__append_105) $(am__append_108) \ $(am__append_111) $(am__append_114) $(am__append_117) \ - $(am__append_120) $(am__append_121) + $(am__append_120) $(am__append_121) memory_seal_test # We will add to these later, for each individual test. Note # that we add each test under check_SCRIPTS or check_PROGRAMS; @@ -2901,7 +2901,7 @@ check_SCRIPTS = $(am__append_2) $(am__append_21) $(am__append_25) \ $(am__append_89) $(am__append_96) $(am__append_100) \ $(am__append_103) $(am__append_106) $(am__append_109) \ $(am__append_112) $(am__append_115) $(am__append_118) \ - $(am__append_122) + $(am__append_122) memory_seal_test.sh check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \ $(am__append_32) $(am__append_38) $(am__append_45) \ $(am__append_50) $(am__append_54) $(am__append_58) \ @@ -2910,7 +2910,8 @@ check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \ $(am__append_90) $(am__append_97) $(am__append_101) \ $(am__append_104) $(am__append_107) $(am__append_110) \ $(am__append_113) $(am__append_116) $(am__append_119) \ - $(am__append_123) + $(am__append_123) memory_seal_test_1.stdout \ + memory_seal_test_2.stdout BUILT_SOURCES = $(am__append_42) TESTS = $(check_SCRIPTS) $(check_PROGRAMS) @@ -6524,6 +6525,13 @@ retain.sh.log: retain.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +memory_seal_test.sh.log: memory_seal_test.sh + @p='memory_seal_test.sh'; \ + b='memory_seal_test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) object_unittest.log: object_unittest$(EXEEXT) @p='object_unittest$(EXEEXT)'; \ b='object_unittest'; \ @@ -10524,6 +10532,18 @@ package_metadata_test.o: package_metadata_main.c package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld $(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}' $(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}' +memory_seal_test_1.stdout: memory_seal_main + $(TEST_READELF) -n $< >$@ +memory_seal_test_2.stdout: memory_seal_shared.so + $(TEST_READELF) -n $< >$@ +memory_seal_main: gcctestdir/ld memory_seal_main.o + gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o +memory_seal_main.o: memory_seal_main.c + $(COMPILE) -c -o $@ $< +memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o + gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o +memory_seal_shared.o: memory_seal_shared.c + $(COMPILE) -c -fPIC -o $@ $< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/gold/testsuite/memory_seal_main.c b/gold/testsuite/memory_seal_main.c new file mode 100644 index 00000000000..77bc677e8eb --- /dev/null +++ b/gold/testsuite/memory_seal_main.c @@ -0,0 +1,5 @@ +int +main(void) +{ + return 0; +} diff --git a/gold/testsuite/memory_seal_shared.c b/gold/testsuite/memory_seal_shared.c new file mode 100644 index 00000000000..8cf7b6143da --- /dev/null +++ b/gold/testsuite/memory_seal_shared.c @@ -0,0 +1,7 @@ +int foo (void); + +int +foo(void) +{ + return 0; +} diff --git a/gold/testsuite/memory_seal_test.sh b/gold/testsuite/memory_seal_test.sh new file mode 100755 index 00000000000..c2194213445 --- /dev/null +++ b/gold/testsuite/memory_seal_test.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +# memory_seal_test.sh -- test GNU_PROPERTY_MEMORY_SEAL gnu property + +# Copyright (C) 2018-2024 Free Software Foundation, Inc. + +# This file is part of gold. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, +# MA 02110-1301, USA. + +# This script checks that after linking the three object files +# gnu_property_[abc].S, each of which contains a .note.gnu.property +# section, the resulting output has only a single such note section, +# and that the properties have been correctly combined. + +check() +{ + if ! grep -q "$2" "$1" + then + echo "Did not find expected output in $1:" + echo " $2" + echo "" + echo "Actual output below:" + cat "$1" + exit 1 + fi +} + +check memory_seal_test_1.stdout "memory seal" +check memory_seal_test_2.stdout "memory seal" + +exit 0 From patchwork Mon Sep 30 20:08:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 831576 Delivered-To: patch@linaro.org Received: by 2002:a5d:66c8:0:b0:367:895a:4699 with SMTP id k8csp2121084wrw; Mon, 30 Sep 2024 13:11:13 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWPIT2A4eb5SHg/jjgBE7UAEEJhyIFjWCjnZB0FNpZzW4FpNVET6p2JKe0qf19rPXvXnup3nQ==@linaro.org X-Google-Smtp-Source: AGHT+IGsAZCBiqRr807A4MXblaz9Sr8fGi/fry6BGcWQmJy92meTrFMyxaWYjwZxOnejNHLUkSkV X-Received: by 2002:a05:6214:328e:b0:6cb:2ad6:78ef with SMTP id 6a1803df08f44-6cb3b5c6732mr186521396d6.4.1727727073123; Mon, 30 Sep 2024 13:11:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727727073; cv=pass; d=google.com; s=arc-20240605; b=ktj+HIT222h756n7UvEzsScWqQ4yIBL/lO1YCUSQDSYgiPranswnZYD33R80PfpeUt YiNUOruOAK685hG1o9uPQkggPJFc2pIgDSx87u9IhUd8dHbPArlVKVvsUmP4ROMuUgEj kdQcSf2/Htrg+8MRu1fgljU3b1kb0HMNJ97tAGbrFq2OYnyaHKx10aoWQsUfbgAUHyaL 03SIPqQIthbmas1uFvAfSOCCPKPHm966h4N740nIehL2RXDqR07+DAJdV3rIR22WM+zZ EhTXw/T0d8Wk4iId2pRBR+qz7Vq17Le6L0ZpnJ8Sp87G5eg/j2wXhZGVaY10HdiDkfCJ jSug== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=KcqHSH4OOMbOuPU6zl4selRYLGexNrc9UlSIQFNTexM=; fh=jV+RmF17NVd0KO+x04CXEAt2ahoCnMlV5/fgLD2kZ2g=; b=cuMT7zcf7mUIL8dEELb5cUrw/dVv9OcB+Ug0SJFTPYi5EWOfRuhUrgMlvbw3r5BS1v VLaGApjqsiZa4pRcML8Gw+rQEK5MqdN768x3dCgMhCEoJ7IsSeprnob4tDCwTxAxfPFu lZdXLrDYgkvyK1LhiR1KxvEAkYAXPiQFyA1rrd/x4zjGkx6LQEPSNDtZ9hZLaVnBxWcl 7US79rUw2Uo92wpRNv688RvpUfoJOv40MBMBRRrzlsrWs+HZ4z58ltfM+cVqm3pvQED4 xtijQzwJV7TtWycv/CrFOEuuBIVvOmfg4lq3kBuJq6Jm3L6gzY2E15ipXhJpXSZ2hyNu YFIg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZgfEtGpo; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id 6a1803df08f44-6cb3b6bea01si93691796d6.511.2024.09.30.13.11.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:11:13 -0700 (PDT) Received-SPF: pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZgfEtGpo; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id ACCA838449C6 for ; Mon, 30 Sep 2024 20:11:12 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) by sourceware.org (Postfix) with ESMTPS id 434453846403 for ; Mon, 30 Sep 2024 20:08:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 434453846403 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 434453846403 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726931; cv=none; b=XZeyuUOUJmiTNafvG9DvzoQlq63gn0AoZeSNzwywq23dD3Jsvgvly7bFhDF2U4rjpj6DSM7BjISr+o/d1muSDvo5mjkl/ALm/rpCqF5XvlxBG4cSZDm7ykgGlN57CUONPFpNl2TzrCN4tHcbLGJrLbi6YvMDczPtlB+XDYTpND0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1727726931; c=relaxed/simple; bh=z1JtsPEBYSqnMFx95xd6pQDRy8zvCkpnEwLmAgt1H2A=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=ROKypvpjsGxrtUESi8argkn/kSZf5wc33KHVFF4XNmPsrOEJZcMn7f6nivcUzN3+uecuZIHrrsAzUfeZMo2cuoI6zMubaMkWs17i4xdKfd/CRDK5LK+kBBeSpGP1Yh+l14qEk6gC82qbzdafkF91sMctKmO1MU7+bOK3Gk8f5KQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x102f.google.com with SMTP id 98e67ed59e1d1-2e137183587so960655a91.3 for ; Mon, 30 Sep 2024 13:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727726926; x=1728331726; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KcqHSH4OOMbOuPU6zl4selRYLGexNrc9UlSIQFNTexM=; b=ZgfEtGpoLavBaxM95fGe8+JlldwQzUHmtwHYVOpRWzgWMTkkVY7k4Em4XAhjLgbJ+C h0K+joKr2GWomaCGnpHVFH3RkJ4FFRySt/x+svm9YsAYOcYGV0JFIibS7cdUj2p6eihx G5xmtHoLDapmNE9hX1TyPRuga5HmScjqBf8nqpEl0yJBKwpAV8VklQW0hm4kRt9N6fbR aJrYpdz4z0Qd+gBSfEs2Yl9eRkw591PVhxQBWc3w874q0Pi7u4rfrOA8Fkv9Bm5W6Yb3 NJDr5FRtfJcuS9Vtc309myvlGoJz13I+yNTngkDI8qwA8tB9mDKCiowr2hndx6E22l7+ /XIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727726926; x=1728331726; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KcqHSH4OOMbOuPU6zl4selRYLGexNrc9UlSIQFNTexM=; b=LgwWNayAeore+D1tdur8uiQWIDSUbTsusaxOZ6tlcnCyHqiIUSVjugAsfhsLVtkhWo IUm3HcDDGOgBPhSz6sROTgvLb9afy370AqCxo2bgkpV4n0FbHKWyYmC23jgnRcgtYu6h SLZ+0NXhGDn7OedVcpZMs1VaD159slaotrQt3u4SLb2I73wbPzTkycummdBlkWaLKXOv lhQQJRU/1+MvJa338wAwz6cynuVfaBeZKZtwmLicIxxPEvvr785seIZT3fRvHo44lTEe UnifBipIq5NmiFtdeMo5TIKbnanzdSEOWnCs/mqyl8aqbbRBXe7PTFTu0iM3HGGud2mu FUiA== X-Gm-Message-State: AOJu0Yx+ikdLuzyPOE4jNzi/NOc5NEDf5ZqhiSOvJzhBkmZZsATbBtJM /imFrOT12RSAs1YbseJJcg4253uzdoh9l6th0YxeL8sOhNzWUTRPc/4bazBjPOdST8HFn5dW9Sb 2AMo= X-Received: by 2002:a17:90a:2dc1:b0:2c9:9f2a:2b20 with SMTP id 98e67ed59e1d1-2e0b8b19a63mr15726958a91.22.1727726926439; Mon, 30 Sep 2024 13:08:46 -0700 (PDT) Received: from ubuntu-vm.. (201-92-183-102.dsl.telesp.net.br. [201.92.183.102]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c9b438sm8464787a91.28.2024.09.30.13.08.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 13:08:46 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey , Adhemerval Zanella Subject: [PATCH v2 3/3] ld: Add --enable-memory-seal configure option Date: Mon, 30 Sep 2024 17:08:22 -0300 Message-Id: <20240930200822.1669666-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> References: <20240930200822.1669666-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patch=linaro.org@sourceware.org Add --enable-memory-seal linker configure option to enable memory sealing (GNU_PROPERTY_MEMORY_SEAL) by default. --- binutils/testsuite/lib/binutils-common.exp | 22 +++++++++++++++++ ld/NEWS | 3 ++- ld/config.in | 3 +++ ld/configure | 28 ++++++++++++++++++++-- ld/configure.ac | 17 +++++++++++++ ld/emultempl/elf.em | 1 + ld/lexsup.c | 7 ++++++ ld/testsuite/config/default.exp | 8 +++++++ ld/testsuite/ld-srec/srec.exp | 4 ++++ ld/testsuite/lib/ld-lib.exp | 6 +++++ 10 files changed, 96 insertions(+), 3 deletions(-) diff --git a/binutils/testsuite/lib/binutils-common.exp b/binutils/testsuite/lib/binutils-common.exp index 403103da366..2c3cae46a2d 100644 --- a/binutils/testsuite/lib/binutils-common.exp +++ b/binutils/testsuite/lib/binutils-common.exp @@ -408,6 +408,25 @@ proc check_relro_support { } { return $relro_available_saved } +proc check_memory_seal_support { } { + global memory_seal_available_saved + global ld + + if {![info exists memory_seal_available_saved]} { + remote_file host delete nomemory_seal + set ld_output [remote_exec host $ld "-z nomemory-seal"] + if { [string first "not supported" $ld_output] >= 0 + || [string first "unrecognized option" $ld_output] >= 0 + || [string first "-z nomemory-seal ignored" $ld_output] >= 0 + || [string first "cannot find nomemory-seal" $ld_output] >= 0 } { + set memory_seal_available_saved 0 + } else { + set memory_seal_available_saved 1 + } + } + return $memory_seal_available_saved +} + # Check for support of the .noinit section, used for data that is not # initialized at load, or during the application's initialization sequence. proc supports_noinit_section {} { @@ -1390,6 +1409,9 @@ proc run_dump_test { name {extra_options {}} } { if [check_relro_support] { set ld_extra_opt "-z norelro" } + if [check_memory_seal_support] { + append ld_extra_opt " -z nomemory-seal" + } # Add -L$srcdir/$subdir so that the linker command can use # linker scripts in the source directory. diff --git a/ld/NEWS b/ld/NEWS index 4a28592fa32..ba64ef221fb 100644 --- a/ld/NEWS +++ b/ld/NEWS @@ -24,7 +24,8 @@ Changes in 2.43: * Add -plugin-save-temps to store plugin intermediate files permanently. * Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the - object to memory sealed. + object to memory sealed. Also added --enable-memory-seal configure option + to enable the memory sealing by default. Changes in 2.42: diff --git a/ld/config.in b/ld/config.in index f2aaf0a6879..74c58ebb319 100644 --- a/ld/config.in +++ b/ld/config.in @@ -60,6 +60,9 @@ default. */ #undef DEFAULT_LD_Z_SEPARATE_CODE +/* Define to 1 if you want to enable -z memory-seal in ELF linker by default. */ +#undef DEFAULT_LD_Z_MEMORY_SEAL + /* Define to 1 if you want to set DT_RUNPATH instead of DT_RPATH by default. */ #undef DEFAULT_NEW_DTAGS diff --git a/ld/configure b/ld/configure index d905f1c6001..b9076008e3c 100755 --- a/ld/configure +++ b/ld/configure @@ -854,6 +854,7 @@ enable_textrel_check enable_separate_code enable_rosegment enable_mark_plt +enable_memory_seal enable_warn_execstack enable_error_execstack enable_warn_rwx_segments @@ -1551,6 +1552,7 @@ Optional Features: --enable-separate-code enable -z separate-code in ELF linker by default --enable-rosegment enable --rosegment in the ELF linker by default --enable-mark-plt enable -z mark-plt in ELF x86-64 linker by default + --enable-memory-seal enable -z memory-seal in ELF linker by default --enable-warn-execstack enable warnings when creating an executable stack --enable-error-execstack turn executable stack warnings into errors @@ -11686,7 +11688,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11689 "configure" +#line 11691 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11792,7 +11794,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11795 "configure" +#line 11797 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -15709,6 +15711,17 @@ esac fi +# Decide if -z memory-seal should be enabled in ELF linker by default. +ac_default_ld_z_memory_seal=unset +# Check whether --enable-memory-seal was given. +if test "${enable_memory_seal+set}" = set; then : + enableval=$enable_memory_seal; case "${enableval}" in + yes) ac_default_ld_z_memory_seal=1 ;; + no) ac_default_ld_z_memory_seal=0 ;; +esac +fi + + # By default warn when an executable stack is created due to object files # requesting such, not when the user specifies -z execstack. @@ -18975,6 +18988,8 @@ main () if (*(data + i) != *(data3 + i)) return 14; close (fd); + free (data); + free (data3); return 0; } _ACEOF @@ -19454,6 +19469,15 @@ cat >>confdefs.h <<_ACEOF _ACEOF +if test "${ac_default_ld_z_memory_seal}" = unset; then + ac_default_ld_z_memory_seal=0 +fi + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LD_Z_MEMORY_SEAL $ac_default_ld_z_memory_seal +_ACEOF + + cat >>confdefs.h <<_ACEOF diff --git a/ld/configure.ac b/ld/configure.ac index 5d10b38a528..7c90b9ad62b 100644 --- a/ld/configure.ac +++ b/ld/configure.ac @@ -232,6 +232,16 @@ AC_ARG_ENABLE(mark-plt, no) ac_default_ld_z_mark_plt=0 ;; esac]) +# Decide if -z memory-seal should be enabled in ELF linker by default. +ac_default_ld_z_memory_seal=unset +AC_ARG_ENABLE(memory-seal, + AS_HELP_STRING([--enable-memory-seal], + [enable -z memory-seal in ELF linker by default]), +[case "${enableval}" in + yes) ac_default_ld_z_memory_seal=1 ;; + no) ac_default_ld_z_memory_seal=0 ;; +esac]) + # By default warn when an executable stack is created due to object files # requesting such, not when the user specifies -z execstack. @@ -617,6 +627,13 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MARK_PLT, $ac_default_ld_z_mark_plt, [Define to 1 if you want to enable -z mark-plt in ELF x86-64 linker by default.]) +if test "${ac_default_ld_z_memory_seal}" = unset; then + ac_default_ld_z_memory_seal=0 +fi +AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MEMORY_SEAL, + $ac_default_ld_z_memory_seal, + [Define to 1 if you want to enable -z memory_seal in ELF linker by default.]) + AC_DEFINE_UNQUOTED(DEFAULT_LD_WARN_EXECSTACK, $ac_default_ld_warn_execstack, diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em index ccd43531237..58bd79b09d2 100644 --- a/ld/emultempl/elf.em +++ b/ld/emultempl/elf.em @@ -99,6 +99,7 @@ fragment <