* [PATCH v1] LoongArch: ld: Move .got .got.plt before .data and protect .got with relro
@ 2024-04-03 6:31 mengqinggang
2024-04-07 13:30 ` Xi Ruoyao
2024-04-07 17:34 ` Xi Ruoyao
0 siblings, 2 replies; 3+ messages in thread
From: mengqinggang @ 2024-04-03 6:31 UTC (permalink / raw)
To: binutils
Cc: xuchenghua, chenglulu, cailulu, xry111, i.swmail, maskray,
luweining, hejinyang, mengqinggang
Move .got .got.plt before .data so .got can be protected with -zrelro.
And the first two entries of .got.plt (_dl_runtime_resolve and link map)
are placed within the relro region.
---
bfd/elfnn-loongarch.c | 2 ++
ld/emulparams/elf64loongarch-defs.sh | 5 ++++-
ld/testsuite/ld-loongarch-elf/data-got.d | 16 ++++++++++++++++
ld/testsuite/ld-loongarch-elf/data-got.s | 6 ++++++
.../ld-loongarch-elf/ld-loongarch-elf.exp | 1 +
5 files changed, 29 insertions(+), 1 deletion(-)
create mode 100644 ld/testsuite/ld-loongarch-elf/data-got.d
create mode 100644 ld/testsuite/ld-loongarch-elf/data-got.s
diff --git a/bfd/elfnn-loongarch.c b/bfd/elfnn-loongarch.c
index eb70799b06a..e8632905019 100644
--- a/bfd/elfnn-loongarch.c
+++ b/bfd/elfnn-loongarch.c
@@ -127,6 +127,8 @@ struct loongarch_elf_link_hash_table
#define GOT_ENTRY_SIZE (LARCH_ELF_WORD_BYTES)
+/* Reserve two entries of GOTPLT for ld.so, one is used for PLT
+ resolver _dl_runtime_resolve, the other is used for link map. */
#define GOTPLT_HEADER_SIZE (GOT_ENTRY_SIZE * 2)
#define elf_backend_want_got_plt 1
diff --git a/ld/emulparams/elf64loongarch-defs.sh b/ld/emulparams/elf64loongarch-defs.sh
index c793f5d8388..a8147bf71d7 100644
--- a/ld/emulparams/elf64loongarch-defs.sh
+++ b/ld/emulparams/elf64loongarch-defs.sh
@@ -34,6 +34,9 @@ TEXT_START_ADDR=0x120000000
MAXPAGESIZE="CONSTANT (MAXPAGESIZE)"
COMMONPAGESIZE="CONSTANT (COMMONPAGESIZE)"
-SEPARATE_GOTPLT=0
+# Put .got before .data
+DATA_GOT=" "
+# First two entries for PLT resolver _dl_runtime_resolve and link map.
+SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 16 ? 16 : 0"
INITIAL_READONLY_SECTIONS=".interp : { *(.interp) } ${CREATE_PIE-${INITIAL_READONLY_SECTIONS}}"
INITIAL_READONLY_SECTIONS="${RELOCATING+${CREATE_SHLIB-${INITIAL_READONLY_SECTIONS}}}"
diff --git a/ld/testsuite/ld-loongarch-elf/data-got.d b/ld/testsuite/ld-loongarch-elf/data-got.d
new file mode 100644
index 00000000000..d89e0a577ff
--- /dev/null
+++ b/ld/testsuite/ld-loongarch-elf/data-got.d
@@ -0,0 +1,16 @@
+# line 11 test the first two entries of .got.plt in relro region
+# relro segment size is .dynamic size + .got size + 0x10
+# line 13 test .got .got.plt before .got
+# line 15 test .got in relro segment
+#as:
+#ld: -shared -z relro
+#readelf: -l --wide
+#skip: loongarch32-*-*
+
+#...
+ GNU_RELRO 0x003c10 0x0000000000007c10 0x0000000000007c10 0x0003f0 0x0003f0 R 0x1
+#...
+ 01 .dynamic .got .got.plt .data
+#...
+ 03 .dynamic .got
+#pass
diff --git a/ld/testsuite/ld-loongarch-elf/data-got.s b/ld/testsuite/ld-loongarch-elf/data-got.s
new file mode 100644
index 00000000000..364fcf64c0e
--- /dev/null
+++ b/ld/testsuite/ld-loongarch-elf/data-got.s
@@ -0,0 +1,6 @@
+.text
+b foo
+.section .got
+.space 0x2a8, 4
+.data
+.zero 24
diff --git a/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp b/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
index 759acab80d4..c2d616b8d0a 100644
--- a/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
+++ b/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
@@ -133,6 +133,7 @@ if [istarget "loongarch64-*-*"] {
run_dump_test "tlsdesc-dso"
run_dump_test "desc-norelax"
run_dump_test "desc-relax"
+ run_dump_test "data-got"
}
if [check_pie_support] {
--
2.36.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v1] LoongArch: ld: Move .got .got.plt before .data and protect .got with relro
2024-04-03 6:31 [PATCH v1] LoongArch: ld: Move .got .got.plt before .data and protect .got with relro mengqinggang
@ 2024-04-07 13:30 ` Xi Ruoyao
2024-04-07 17:34 ` Xi Ruoyao
1 sibling, 0 replies; 3+ messages in thread
From: Xi Ruoyao @ 2024-04-07 13:30 UTC (permalink / raw)
To: mengqinggang, binutils
Cc: xuchenghua, chenglulu, cailulu, i.swmail, maskray, luweining, hejinyang
On Wed, 2024-04-03 at 14:31 +0800, mengqinggang wrote:
> Move .got .got.plt before .data so .got can be protected with -zrelro.
> And the first two entries of .got.plt (_dl_runtime_resolve and link map)
> are placed within the relro region.
It seems a nice security improvement. I'm including this patch into the
system rebuild to see if there will be any issue.
> ---
> bfd/elfnn-loongarch.c | 2 ++
> ld/emulparams/elf64loongarch-defs.sh | 5 ++++-
> ld/testsuite/ld-loongarch-elf/data-got.d | 16 ++++++++++++++++
> ld/testsuite/ld-loongarch-elf/data-got.s | 6 ++++++
> .../ld-loongarch-elf/ld-loongarch-elf.exp | 1 +
> 5 files changed, 29 insertions(+), 1 deletion(-)
> create mode 100644 ld/testsuite/ld-loongarch-elf/data-got.d
> create mode 100644 ld/testsuite/ld-loongarch-elf/data-got.s
>
> diff --git a/bfd/elfnn-loongarch.c b/bfd/elfnn-loongarch.c
> index eb70799b06a..e8632905019 100644
> --- a/bfd/elfnn-loongarch.c
> +++ b/bfd/elfnn-loongarch.c
> @@ -127,6 +127,8 @@ struct loongarch_elf_link_hash_table
>
> #define GOT_ENTRY_SIZE (LARCH_ELF_WORD_BYTES)
>
> +/* Reserve two entries of GOTPLT for ld.so, one is used for PLT
> + resolver _dl_runtime_resolve, the other is used for link map. */
> #define GOTPLT_HEADER_SIZE (GOT_ENTRY_SIZE * 2)
>
> #define elf_backend_want_got_plt 1
> diff --git a/ld/emulparams/elf64loongarch-defs.sh b/ld/emulparams/elf64loongarch-defs.sh
> index c793f5d8388..a8147bf71d7 100644
> --- a/ld/emulparams/elf64loongarch-defs.sh
> +++ b/ld/emulparams/elf64loongarch-defs.sh
> @@ -34,6 +34,9 @@ TEXT_START_ADDR=0x120000000
> MAXPAGESIZE="CONSTANT (MAXPAGESIZE)"
> COMMONPAGESIZE="CONSTANT (COMMONPAGESIZE)"
>
> -SEPARATE_GOTPLT=0
> +# Put .got before .data
> +DATA_GOT=" "
> +# First two entries for PLT resolver _dl_runtime_resolve and link map.
> +SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 16 ? 16 : 0"
> INITIAL_READONLY_SECTIONS=".interp : { *(.interp) } ${CREATE_PIE-${INITIAL_READONLY_SECTIONS}}"
> INITIAL_READONLY_SECTIONS="${RELOCATING+${CREATE_SHLIB-${INITIAL_READONLY_SECTIONS}}}"
> diff --git a/ld/testsuite/ld-loongarch-elf/data-got.d b/ld/testsuite/ld-loongarch-elf/data-got.d
> new file mode 100644
> index 00000000000..d89e0a577ff
> --- /dev/null
> +++ b/ld/testsuite/ld-loongarch-elf/data-got.d
> @@ -0,0 +1,16 @@
> +# line 11 test the first two entries of .got.plt in relro region
> +# relro segment size is .dynamic size + .got size + 0x10
> +# line 13 test .got .got.plt before .got
> +# line 15 test .got in relro segment
> +#as:
> +#ld: -shared -z relro
> +#readelf: -l --wide
> +#skip: loongarch32-*-*
> +
> +#...
> + GNU_RELRO 0x003c10 0x0000000000007c10 0x0000000000007c10 0x0003f0 0x0003f0 R 0x1
> +#...
> + 01 .dynamic .got .got.plt .data
> +#...
> + 03 .dynamic .got
> +#pass
> diff --git a/ld/testsuite/ld-loongarch-elf/data-got.s b/ld/testsuite/ld-loongarch-elf/data-got.s
> new file mode 100644
> index 00000000000..364fcf64c0e
> --- /dev/null
> +++ b/ld/testsuite/ld-loongarch-elf/data-got.s
> @@ -0,0 +1,6 @@
> +.text
> +b foo
> +.section .got
> +.space 0x2a8, 4
> +.data
> +.zero 24
> diff --git a/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp b/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
> index 759acab80d4..c2d616b8d0a 100644
> --- a/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
> +++ b/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
> @@ -133,6 +133,7 @@ if [istarget "loongarch64-*-*"] {
> run_dump_test "tlsdesc-dso"
> run_dump_test "desc-norelax"
> run_dump_test "desc-relax"
> + run_dump_test "data-got"
> }
>
> if [check_pie_support] {
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v1] LoongArch: ld: Move .got .got.plt before .data and protect .got with relro
2024-04-03 6:31 [PATCH v1] LoongArch: ld: Move .got .got.plt before .data and protect .got with relro mengqinggang
2024-04-07 13:30 ` Xi Ruoyao
@ 2024-04-07 17:34 ` Xi Ruoyao
1 sibling, 0 replies; 3+ messages in thread
From: Xi Ruoyao @ 2024-04-07 17:34 UTC (permalink / raw)
To: mengqinggang, binutils
Cc: xuchenghua, chenglulu, cailulu, i.swmail, maskray, luweining, hejinyang
On Wed, 2024-04-03 at 14:31 +0800, mengqinggang wrote:
> +++ b/ld/testsuite/ld-loongarch-elf/data-got.d
> @@ -0,0 +1,16 @@
> +# line 11 test the first two entries of .got.plt in relro region
> +# relro segment size is .dynamic size + .got size + 0x10
> +# line 13 test .got .got.plt before .got
> +# line 15 test .got in relro segment
> +#as:
> +#ld: -shared -z relro
Need --hash-style=both here, or...
> +#readelf: -l --wide
> +#skip: loongarch32-*-*
> +
> +#...
> + GNU_RELRO 0x003c10 0x0000000000007c10 0x0000000000007c10 0x0003f0 0x0003f0 R 0x1
with --enable-default-hash-style=gnu we get a slightly different output:
GNU_RELRO 0x003c20 0x0000000000007c20 0x0000000000007c20 0x0003e0 0x0003e0 R 0x1
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-04-07 17:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-03 6:31 [PATCH v1] LoongArch: ld: Move .got .got.plt before .data and protect .got with relro mengqinggang
2024-04-07 13:30 ` Xi Ruoyao
2024-04-07 17:34 ` Xi Ruoyao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).