From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from xry111.site (xry111.site [89.208.246.23]) by sourceware.org (Postfix) with ESMTPS id 4AB1D3858D20 for ; Sun, 7 Apr 2024 13:30:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4AB1D3858D20 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=xry111.site Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=xry111.site ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4AB1D3858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=89.208.246.23 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712496642; cv=none; b=bSg8nwR0AIXA6GeCuEjZpt6QY4YXLSWodMjHw38pA9kQ0auuWpFtua7grgAY75i5Y4Dmc+zM31GsuOpsEg0RSML7GhZ3mu2xxnbrovfyrzOLsC9UuzjkhWyB4kgfrO9wsl6mVx/t4gMostdewtWf89/oDjk5ROTH8s3y1WQSp3w= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712496642; c=relaxed/simple; bh=zkyWkdXPQ4jfDYwqKjsnH6b9Fb2A3IFlX19G3T4GH1w=; h=DKIM-Signature:Message-ID:Subject:From:To:Date:MIME-Version; b=qtaCnpkdJjn3IAH3Sp8EbjPiuXzM95EWr+YKaIqnECDHvHrdIfc6VxgfrzLwxMxxrkO0lMpmpEgkt0QAwjAu6NUIgZp0TaiL0Pj1zbQ/yFHB8MvMoaxYA485Y+TyzvsPF/46sWY15E6Zz6U3SR/J4XhO5XvTt0tjWejoZZwd1iY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xry111.site; s=default; t=1712496640; bh=zkyWkdXPQ4jfDYwqKjsnH6b9Fb2A3IFlX19G3T4GH1w=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=N69URQB3uaedMcZgdOSc4MG2wO1i/mAmX7FcLy2ddrRsyGPUC6sLRwoeZ/rq2B8Cs n8ft+8HaNh49mwAZ1uLUcwyUvAT/ol4PZlAw6ImIKMwgKdxfrpsr/IJLbQH/PUgrzO WkzP0VQg8gpvhjP61Jf1agehn70/AjllJA87FvNk= Received: from [127.0.0.1] (unknown [IPv6:2001:470:683e::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) (Authenticated sender: xry111@xry111.site) by xry111.site (Postfix) with ESMTPSA id B344566C8C; Sun, 7 Apr 2024 09:30:35 -0400 (EDT) Message-ID: Subject: Re: [PATCH v1] LoongArch: ld: Move .got .got.plt before .data and protect .got with relro From: Xi Ruoyao To: mengqinggang , binutils@sourceware.org Cc: xuchenghua@loongson.cn, chenglulu@loongson.cn, cailulu@loongson.cn, i.swmail@xen0n.name, maskray@google.com, luweining@loongson.cn, hejinyang@loongson.cn Date: Sun, 07 Apr 2024 21:30:32 +0800 In-Reply-To: <20240403063144.2812402-1-mengqinggang@loongson.cn> References: <20240403063144.2812402-1-mengqinggang@loongson.cn> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.52.0 MIME-Version: 1.0 X-Spam-Status: No, score=-6.3 required=5.0 tests=BAYES_00,BODY_8BITS,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,LIKELY_SPAM_FROM,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Wed, 2024-04-03 at 14:31 +0800, mengqinggang wrote: > Move .got .got.plt before .data so .got can be protected with -zrelro. > And the first two entries of .got.plt (_dl_runtime_resolve and link map) > are placed within the relro region. It seems a nice security improvement. I'm including this patch into the system rebuild to see if there will be any issue. > --- > =C2=A0bfd/elfnn-loongarch.c=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 2 ++ > =C2=A0ld/emulparams/elf64loongarch-defs.sh=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 5 ++++- > =C2=A0ld/testsuite/ld-loongarch-elf/data-got.d=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 | 16 ++++++++++++++++ > =C2=A0ld/testsuite/ld-loongarch-elf/data-got.s=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 |=C2=A0 6 ++++++ > =C2=A0.../ld-loongarch-elf/ld-loongarch-elf.exp=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 |=C2=A0 1 + > =C2=A05 files changed, 29 insertions(+), 1 deletion(-) > =C2=A0create mode 100644 ld/testsuite/ld-loongarch-elf/data-got.d > =C2=A0create mode 100644 ld/testsuite/ld-loongarch-elf/data-got.s >=20 > diff --git a/bfd/elfnn-loongarch.c b/bfd/elfnn-loongarch.c > index eb70799b06a..e8632905019 100644 > --- a/bfd/elfnn-loongarch.c > +++ b/bfd/elfnn-loongarch.c > @@ -127,6 +127,8 @@ struct loongarch_elf_link_hash_table > =C2=A0 > =C2=A0#define GOT_ENTRY_SIZE (LARCH_ELF_WORD_BYTES) > =C2=A0 > +/* Reserve two entries of GOTPLT for ld.so, one is used for PLT > +=C2=A0=C2=A0 resolver _dl_runtime_resolve, the other is used for link ma= p.=C2=A0 */ > =C2=A0#define GOTPLT_HEADER_SIZE (GOT_ENTRY_SIZE * 2) > =C2=A0 > =C2=A0#define elf_backend_want_got_plt 1 > diff --git a/ld/emulparams/elf64loongarch-defs.sh b/ld/emulparams/elf64lo= ongarch-defs.sh > index c793f5d8388..a8147bf71d7 100644 > --- a/ld/emulparams/elf64loongarch-defs.sh > +++ b/ld/emulparams/elf64loongarch-defs.sh > @@ -34,6 +34,9 @@ TEXT_START_ADDR=3D0x120000000 > =C2=A0MAXPAGESIZE=3D"CONSTANT (MAXPAGESIZE)" > =C2=A0COMMONPAGESIZE=3D"CONSTANT (COMMONPAGESIZE)" > =C2=A0 > -SEPARATE_GOTPLT=3D0 > +# Put .got before .data > +DATA_GOT=3D" " > +# First two entries for PLT resolver _dl_runtime_resolve and link map. > +SEPARATE_GOTPLT=3D"SIZEOF (.got.plt) >=3D 16 ? 16 : 0" > =C2=A0INITIAL_READONLY_SECTIONS=3D".interp=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 : { *(.interp) } ${CREATE_PIE-${INITIAL_READONLY_SECTION= S}}" > =C2=A0INITIAL_READONLY_SECTIONS=3D"${RELOCATING+${CREATE_SHLIB-${INITIAL_= READONLY_SECTIONS}}}" > diff --git a/ld/testsuite/ld-loongarch-elf/data-got.d b/ld/testsuite/ld-l= oongarch-elf/data-got.d > new file mode 100644 > index 00000000000..d89e0a577ff > --- /dev/null > +++ b/ld/testsuite/ld-loongarch-elf/data-got.d > @@ -0,0 +1,16 @@ > +# line 11 test the first two entries of .got.plt in relro region > +# relro segment size is .dynamic size + .got size + 0x10 > +# line 13 test .got .got.plt before .got > +# line 15 test .got in relro segment > +#as: > +#ld: -shared -z relro > +#readelf: -l --wide > +#skip: loongarch32-*-* > + > +#... > +=C2=A0 GNU_RELRO=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0x003c10 0x0000000000007c= 10 0x0000000000007c10 0x0003f0 0x0003f0 R=C2=A0=C2=A0 0x1 > +#... > +=C2=A0=C2=A0 01=C2=A0=C2=A0=C2=A0=C2=A0 .dynamic .got .got.plt .data=20 > +#... > +=C2=A0=C2=A0 03=C2=A0=C2=A0=C2=A0=C2=A0 .dynamic .got=20 > +#pass > diff --git a/ld/testsuite/ld-loongarch-elf/data-got.s b/ld/testsuite/ld-l= oongarch-elf/data-got.s > new file mode 100644 > index 00000000000..364fcf64c0e > --- /dev/null > +++ b/ld/testsuite/ld-loongarch-elf/data-got.s > @@ -0,0 +1,6 @@ > +.text > +b foo > +.section .got > +.space 0x2a8, 4 > +.data > +.zero 24 > diff --git a/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp b/ld/test= suite/ld-loongarch-elf/ld-loongarch-elf.exp > index 759acab80d4..c2d616b8d0a 100644 > --- a/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp > +++ b/ld/testsuite/ld-loongarch-elf/ld-loongarch-elf.exp > @@ -133,6 +133,7 @@ if [istarget "loongarch64-*-*"] { > =C2=A0=C2=A0=C2=A0=C2=A0 run_dump_test "tlsdesc-dso" > =C2=A0=C2=A0=C2=A0=C2=A0 run_dump_test "desc-norelax" > =C2=A0=C2=A0=C2=A0=C2=A0 run_dump_test "desc-relax" > +=C2=A0=C2=A0=C2=A0 run_dump_test "data-got" > =C2=A0=C2=A0 } > =C2=A0 > =C2=A0=C2=A0 if [check_pie_support] { --=20 Xi Ruoyao School of Aerospace Science and Technology, Xidian University