From: Xi Ruoyao <xry111@xry111.site>
To: mengqinggang <mengqinggang@loongson.cn>, binutils@sourceware.org
Cc: xuchenghua@loongson.cn, chenglulu@loongson.cn,
cailulu@loongson.cn, i.swmail@xen0n.name, maskray@google.com,
luweining@loongson.cn, hejinyang@loongson.cn
Subject: Re: [PATCH v1] LoongArch: ld: Move .got .got.plt before .data and protect .got with relro
Date: Sun, 07 Apr 2024 21:30:32 +0800 [thread overview]
Message-ID: <b84d6c7ef90405d3cd6ee08a94d3e4e6586268cf.camel@xry111.site> (raw)
In-Reply-To: <20240403063144.2812402-1-mengqinggang@loongson.cn>
On Wed, 2024-04-03 at 14:31 +0800, mengqinggang wrote:
> Move .got .got.plt before .data so .got can be protected with -zrelro.
> And the first two entries of .got.plt (_dl_runtime_resolve and link map)
> are placed within the relro region.
It seems a nice security improvement. I'm including this patch into the
system rebuild to see if there will be any issue.
> ---
> bfd/elfnn-loongarch.c | 2 ++
> ld/emulparams/elf64loongarch-defs.sh | 5 ++++-
> ld/testsuite/ld-loongarch-elf/data-got.d | 16 ++++++++++++++++
> ld/testsuite/ld-loongarch-elf/data-got.s | 6 ++++++
> .../ld-loongarch-elf/ld-loongarch-elf.exp | 1 +
> 5 files changed, 29 insertions(+), 1 deletion(-)
> create mode 100644 ld/testsuite/ld-loongarch-elf/data-got.d
> create mode 100644 ld/testsuite/ld-loongarch-elf/data-got.s
>
> diff --git a/bfd/elfnn-loongarch.c b/bfd/elfnn-loongarch.c
> index eb70799b06a..e8632905019 100644
> --- a/bfd/elfnn-loongarch.c
> +++ b/bfd/elfnn-loongarch.c
> @@ -127,6 +127,8 @@ struct loongarch_elf_link_hash_table
>
> #define GOT_ENTRY_SIZE (LARCH_ELF_WORD_BYTES)
>
> +/* Reserve two entries of GOTPLT for ld.so, one is used for PLT
> + resolver _dl_runtime_resolve, the other is used for link map. */
> #define GOTPLT_HEADER_SIZE (GOT_ENTRY_SIZE * 2)
>
> #define elf_backend_want_got_plt 1
> diff --git a/ld/emulparams/elf64loongarch-defs.sh b/ld/emulparams/elf64loongarch-defs.sh
> index c793f5d8388..a8147bf71d7 100644
> --- a/ld/emulparams/elf64loongarch-defs.sh
> +++ b/ld/emulparams/elf64loongarch-defs.sh
> @@ -34,6 +34,9 @@ TEXT_START_ADDR=0x120000000
> MAXPAGESIZE="CONSTANT (MAXPAGESIZE)"
> COMMONPAGESIZE="CONSTANT (COMMONPAGESIZE)"
>
> -SEPARATE_GOTPLT=0
> +# Put .got before .data
> +DATA_GOT=" "
> +# First two entries for PLT resolver _dl_runtime_resolve and link map.
> +SEPARATE_GOTPLT="SIZEOF (.got.plt) >= 16 ? 16 : 0"
> INITIAL_READONLY_SECTIONS=".interp : { *(.interp) } ${CREATE_PIE-${INITIAL_READONLY_SECTIONS}}"
> INITIAL_READONLY_SECTIONS="${RELOCATING+${CREATE_SHLIB-${INITIAL_READONLY_SECTIONS}}}"
> diff --git a/ld/testsuite/ld-loongarch-elf/data-got.d b/ld/testsuite/ld-loongarch-elf/data-got.d
> new file mode 100644
> index 00000000000..d89e0a577ff
> --- /dev/null
> +++ b/ld/testsuite/ld-loongarch-elf/data-got.d
> @@ -0,0 +1,16 @@
> +# line 11 test the first two entries of .got.plt in relro region
> +# relro segment size is .dynamic size + .got size + 0x10
> +# line 13 test .got .got.plt before .got
> +# line 15 test .got in relro segment
> +#as:
> +#ld: -shared -z relro
> +#readelf: -l --wide
> +#skip: loongarch32-*-*
> +
> +#...
> + GNU_RELRO 0x003c10 0x0000000000007c10 0x0000000000007c10 0x0003f0 0x0003f0 R 0x1
> +#...
> + 01 .dynamic .got .got.plt .data
> +#...
> + 03 .dynamic .got
> +#pass
> diff --git a/ld/testsuite/ld-loongarch-elf/data-got.s b/ld/testsuite/ld-loongarch-elf/data-got.s
> new file mode 100644
> index 00000000000..364fcf64c0e
> --- /dev/null
> +++ b/ld/testsuite/ld-loongarch-elf/data-got.s
> @@ -0,0 +1,6 @@
> +.text
> +b foo
> +.section .got
> +.space 0x2a8, 4
> +.data
> +.zero 24
> diff --git a/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp b/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
> index 759acab80d4..c2d616b8d0a 100644
> --- a/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
> +++ b/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp
> @@ -133,6 +133,7 @@ if [istarget "loongarch64-*-*"] {
> run_dump_test "tlsdesc-dso"
> run_dump_test "desc-norelax"
> run_dump_test "desc-relax"
> + run_dump_test "data-got"
> }
>
> if [check_pie_support] {
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
next prev parent reply other threads:[~2024-04-07 13:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 6:31 mengqinggang
2024-04-07 13:30 ` Xi Ruoyao [this message]
2024-04-07 17:34 ` Xi Ruoyao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b84d6c7ef90405d3cd6ee08a94d3e4e6586268cf.camel@xry111.site \
--to=xry111@xry111.site \
--cc=binutils@sourceware.org \
--cc=cailulu@loongson.cn \
--cc=chenglulu@loongson.cn \
--cc=hejinyang@loongson.cn \
--cc=i.swmail@xen0n.name \
--cc=luweining@loongson.cn \
--cc=maskray@google.com \
--cc=mengqinggang@loongson.cn \
--cc=xuchenghua@loongson.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).