From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 122450 invoked by alias); 7 May 2017 17:00:57 -0000 Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org Received: (qmail 122423 invoked by uid 89); 7 May 2017 17:00:57 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.2 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_1,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=ham version=3.3.2 spammy=H*RU:209.85.216.195, Hx-spam-relays-external:209.85.216.195, pros, act X-Spam-User: qpsmtpd, 2 recipients X-HELO: mail-qt0-f195.google.com Received: from mail-qt0-f195.google.com (HELO mail-qt0-f195.google.com) (209.85.216.195) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 07 May 2017 17:00:55 +0000 Received: by mail-qt0-f195.google.com with SMTP id r58so6899125qtb.2; Sun, 07 May 2017 10:00:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QloMHudGsFt1FINoUJgrP8FSTmXVAMQ64+X+fiMakWI=; b=nNzpPQIBDy7xAWknANkdmR7CUSw/kSzIsKp+2n5fyXpJdER8eXAM/OzHl4jvZc28zv YjQ993dXTayMrQ3JCAOjdCoV/WEKCibOheHyaxY4t+nz+QK+H/prW5xFJNs6pFPqtte4 JP41jadcN7UBIc90agLwA/+fVJuXhs/AvKeflo9Nb7XUm3N7gJ8R6g6TNisQVO8vVVns WMGmmpSYrj48ExRtrMH7sP7xxk2OwjPwyqmr1m4AU8DW6tQc+M9NzJJGSDknCRHooVib wj/se9x7QCdXn/RwfR9QRoKMRD/QxZ/nplGA3e2LD2nMtWdELT1HqKu9SXhCKnLjtdWC 9rYA== X-Gm-Message-State: AN3rC/68FxYEFQ3paNWXV5jORwU4D9tggUuD3dpCIb2fmoBdAWHrQ+R5 7BiwvOB9uzgeDVcxKFAcjmtQj2XOjA== X-Received: by 10.200.33.182 with SMTP id 51mr49913592qty.216.1494176456387; Sun, 07 May 2017 10:00:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.55.48.197 with HTTP; Sun, 7 May 2017 10:00:55 -0700 (PDT) In-Reply-To: References: <20170502203156.GA11102@intel.com> <20170504163120.GA19140@intel.com> <20170506151138.GA4151@intel.com> From: "H.J. Lu" Date: Sun, 07 May 2017 17:00:00 -0000 Message-ID: Subject: Re: [PATCH] i386: Remove PLT0 and use non-lazy PLT if PLT0 is unused To: Florian Weimer Cc: Binutils , "Carlos O'Donell" , GNU C Library Content-Type: text/plain; charset=UTF-8 X-IsSubscribed: yes X-SW-Source: 2017-05/txt/msg00078.txt.bz2 On Sat, May 6, 2017 at 11:55 AM, Florian Weimer wrote: > On 05/06/2017 05:11 PM, H.J. Lu wrote: >> >> 1. Call external function. >> 2. Call internal IFUNC function. The best implementation is selected >> for the target processor at run-time. >> 3. Act as the canonical function address. > > > Audit support is missing from this list. Audit support needs a PLT stub > which calls the audit trampoline with some sort of function index or > address. This behavior disables LD_AUDIT support with -z now, in addition to export LD_BIND_NOW=1 or compiling with -fno-plt. Also should LD_AUDIT work on external calls inside shared objects linked with -z now? > I'm concerned that -z now in recent binutils (even without this patch) > removes audit support, when before, audit support was not impacted by -z now > (I think, I'm not sure on this point). > > We really must avoid hardening flags which have profound semantic > implications on generated binaries because it discourages people from > enabling them. The impacts for removing PLT0 with -z now are Cons: 1. LD_AUDIT no longer works. Pros: 1. Make the run-time behavior the same with "export LD_BIND_NOW=1". 2. Disable LD_AUDIT to further improve security. I can add a new "-z audit" option to enable LD_AUDIT as much as possible, including -- extern void foo (void); void * foo_p () { foo (); return foo; } -- -- H.J.