* [PATCH] RISC-V: Protect .got with relro
@ 2023-09-25 8:19 Andreas Schwab
2023-09-25 9:26 ` Palmer Dabbelt
0 siblings, 1 reply; 5+ messages in thread
From: Andreas Schwab @ 2023-09-25 8:19 UTC (permalink / raw)
To: binutils; +Cc: nelson, palmer
Move .got before .data so that it can be protected with -zrelro. Also
separate .got.plt from .got if -znow is not in effect; the first two words
of .got.plt are placed within the relro region.
ld:
PR ld/30877
* emulparams/elf32lriscv-defs.sh (DATA_GOT, SEPARATE_GOTPLT):
Define.
* emulparams/elf64lriscv-defs.sh (SEPARATE_GOTPLT): Define.
---
ld/emulparams/elf32lriscv-defs.sh | 4 ++++
ld/emulparams/elf64lriscv-defs.sh | 1 +
2 files changed, 5 insertions(+)
diff --git a/ld/emulparams/elf32lriscv-defs.sh b/ld/emulparams/elf32lriscv-defs.sh
index b823cedacab..016556168c3 100644
--- a/ld/emulparams/elf32lriscv-defs.sh
+++ b/ld/emulparams/elf32lriscv-defs.sh
@@ -47,3 +47,7 @@ INITIAL_READONLY_SECTIONS="${RELOCATING+${CREATE_SHLIB-${INITIAL_READONLY_SECTIO
OTHER_END_SYMBOLS="${CREATE_SHLIB-__BSS_END__ = .;
__global_pointer$ = MIN(__SDATA_BEGIN__ + 0x800,
MAX(__DATA_BEGIN__ + 0x800, __BSS_END__ - 0x800));}"
+
+# Put .got before .data
+DATA_GOT=" "
+SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 8 ? 8 : 0"
diff --git a/ld/emulparams/elf64lriscv-defs.sh b/ld/emulparams/elf64lriscv-defs.sh
index 84a700a5f58..ca15338428f 100644
--- a/ld/emulparams/elf64lriscv-defs.sh
+++ b/ld/emulparams/elf64lriscv-defs.sh
@@ -1,2 +1,3 @@
source_sh ${srcdir}/emulparams/elf32lriscv-defs.sh
ELFSIZE=64
+SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 16 ? 16 : 0"
--
2.42.0
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] RISC-V: Protect .got with relro
2023-09-25 8:19 [PATCH] RISC-V: Protect .got with relro Andreas Schwab
@ 2023-09-25 9:26 ` Palmer Dabbelt
2023-09-25 9:47 ` Andreas Schwab
0 siblings, 1 reply; 5+ messages in thread
From: Palmer Dabbelt @ 2023-09-25 9:26 UTC (permalink / raw)
To: schwab; +Cc: binutils, nelson
On Mon, 25 Sep 2023 01:19:57 PDT (-0700), schwab@suse.de wrote:
> Move .got before .data so that it can be protected with -zrelro. Also
> separate .got.plt from .got if -znow is not in effect; the first two words
> of .got.plt are placed within the relro region.
>
> ld:
> PR ld/30877
> * emulparams/elf32lriscv-defs.sh (DATA_GOT, SEPARATE_GOTPLT):
> Define.
> * emulparams/elf64lriscv-defs.sh (SEPARATE_GOTPLT): Define.
> ---
> ld/emulparams/elf32lriscv-defs.sh | 4 ++++
> ld/emulparams/elf64lriscv-defs.sh | 1 +
> 2 files changed, 5 insertions(+)
>
> diff --git a/ld/emulparams/elf32lriscv-defs.sh b/ld/emulparams/elf32lriscv-defs.sh
> index b823cedacab..016556168c3 100644
> --- a/ld/emulparams/elf32lriscv-defs.sh
> +++ b/ld/emulparams/elf32lriscv-defs.sh
> @@ -47,3 +47,7 @@ INITIAL_READONLY_SECTIONS="${RELOCATING+${CREATE_SHLIB-${INITIAL_READONLY_SECTIO
> OTHER_END_SYMBOLS="${CREATE_SHLIB-__BSS_END__ = .;
> __global_pointer$ = MIN(__SDATA_BEGIN__ + 0x800,
> MAX(__DATA_BEGIN__ + 0x800, __BSS_END__ - 0x800));}"
> +
> +# Put .got before .data
> +DATA_GOT=" "
> +SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 8 ? 8 : 0"
> diff --git a/ld/emulparams/elf64lriscv-defs.sh b/ld/emulparams/elf64lriscv-defs.sh
> index 84a700a5f58..ca15338428f 100644
> --- a/ld/emulparams/elf64lriscv-defs.sh
> +++ b/ld/emulparams/elf64lriscv-defs.sh
> @@ -1,2 +1,3 @@
> source_sh ${srcdir}/emulparams/elf32lriscv-defs.sh
> ELFSIZE=64
> +SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 16 ? 16 : 0"
I think we also want something like this
diff --git a/ld/testsuite/ld-elf/binutils.exp b/ld/testsuite/ld-elf/binutils.exp
index 674e8e9a575..b38e29ed6fb 100644
--- a/ld/testsuite/ld-elf/binutils.exp
+++ b/ld/testsuite/ld-elf/binutils.exp
@@ -95,7 +95,6 @@ proc binutils_test { prog_name ld_options test {test_name ""} {readelf_options "
|| [istarget "mips*-*-*"] \
|| [istarget "nios2*-*-*"] \
|| [istarget "or1k-*-*"] \
- || [istarget "riscv*-*-*"] \
|| [istarget "sh*-*-*"] \
|| [istarget "x86_64-*-rdos*"])]
# Check if GNU_RELRO segment is generated.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] RISC-V: Protect .got with relro
2023-09-25 9:26 ` Palmer Dabbelt
@ 2023-09-25 9:47 ` Andreas Schwab
2023-09-25 9:53 ` Palmer Dabbelt
2023-09-27 21:55 ` Jeff Law
0 siblings, 2 replies; 5+ messages in thread
From: Andreas Schwab @ 2023-09-25 9:47 UTC (permalink / raw)
To: Palmer Dabbelt; +Cc: binutils, nelson
On Sep 25 2023, Palmer Dabbelt wrote:
> I think we also want something like this
>
> diff --git a/ld/testsuite/ld-elf/binutils.exp b/ld/testsuite/ld-elf/binutils.exp
> index 674e8e9a575..b38e29ed6fb 100644
> --- a/ld/testsuite/ld-elf/binutils.exp
> +++ b/ld/testsuite/ld-elf/binutils.exp
> @@ -95,7 +95,6 @@ proc binutils_test { prog_name ld_options test {test_name ""} {readelf_options "
> || [istarget "mips*-*-*"] \
> || [istarget "nios2*-*-*"] \
> || [istarget "or1k-*-*"] \
> - || [istarget "riscv*-*-*"] \
> || [istarget "sh*-*-*"] \
> || [istarget "x86_64-*-rdos*"])]
> # Check if GNU_RELRO segment is generated.
Thanks, I will squash that in.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] RISC-V: Protect .got with relro
2023-09-25 9:47 ` Andreas Schwab
@ 2023-09-25 9:53 ` Palmer Dabbelt
2023-09-27 21:55 ` Jeff Law
1 sibling, 0 replies; 5+ messages in thread
From: Palmer Dabbelt @ 2023-09-25 9:53 UTC (permalink / raw)
To: schwab; +Cc: binutils, nelson
On Mon, 25 Sep 2023 02:47:11 PDT (-0700), schwab@suse.de wrote:
> On Sep 25 2023, Palmer Dabbelt wrote:
>
>> I think we also want something like this
>>
>> diff --git a/ld/testsuite/ld-elf/binutils.exp b/ld/testsuite/ld-elf/binutils.exp
>> index 674e8e9a575..b38e29ed6fb 100644
>> --- a/ld/testsuite/ld-elf/binutils.exp
>> +++ b/ld/testsuite/ld-elf/binutils.exp
>> @@ -95,7 +95,6 @@ proc binutils_test { prog_name ld_options test {test_name ""} {readelf_options "
>> || [istarget "mips*-*-*"] \
>> || [istarget "nios2*-*-*"] \
>> || [istarget "or1k-*-*"] \
>> - || [istarget "riscv*-*-*"] \
>> || [istarget "sh*-*-*"] \
>> || [istarget "x86_64-*-rdos*"])]
>> # Check if GNU_RELRO segment is generated.
>
> Thanks, I will squash that in.
Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com>
Acked-by: Palmer Dabbelt <palmer@rivosinc.com>
Thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] RISC-V: Protect .got with relro
2023-09-25 9:47 ` Andreas Schwab
2023-09-25 9:53 ` Palmer Dabbelt
@ 2023-09-27 21:55 ` Jeff Law
1 sibling, 0 replies; 5+ messages in thread
From: Jeff Law @ 2023-09-27 21:55 UTC (permalink / raw)
To: Andreas Schwab, Palmer Dabbelt; +Cc: binutils, nelson
On 9/25/23 03:47, Andreas Schwab via Binutils wrote:
> On Sep 25 2023, Palmer Dabbelt wrote:
>
>> I think we also want something like this
>>
>> diff --git a/ld/testsuite/ld-elf/binutils.exp b/ld/testsuite/ld-elf/binutils.exp
>> index 674e8e9a575..b38e29ed6fb 100644
>> --- a/ld/testsuite/ld-elf/binutils.exp
>> +++ b/ld/testsuite/ld-elf/binutils.exp
>> @@ -95,7 +95,6 @@ proc binutils_test { prog_name ld_options test {test_name ""} {readelf_options "
>> || [istarget "mips*-*-*"] \
>> || [istarget "nios2*-*-*"] \
>> || [istarget "or1k-*-*"] \
>> - || [istarget "riscv*-*-*"] \
>> || [istarget "sh*-*-*"] \
>> || [istarget "x86_64-*-rdos*"])]
>> # Check if GNU_RELRO segment is generated.
>
> Thanks, I will squash that in.
Thanks for taking care of the RELRO stuff. One of the many items that
could have easily slipped through the cracks.
jeff
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-09-27 21:55 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-25 8:19 [PATCH] RISC-V: Protect .got with relro Andreas Schwab
2023-09-25 9:26 ` Palmer Dabbelt
2023-09-25 9:47 ` Andreas Schwab
2023-09-25 9:53 ` Palmer Dabbelt
2023-09-27 21:55 ` Jeff Law
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).