From: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>, "H . J . Lu" <hjl.tools@gmail.com>
Subject: Re: [PATCH v4 0/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
Date: Thu, 19 Dec 2024 17:13:59 -0300 [thread overview]
Message-ID: <ed0123f8-0dcf-4fd3-9644-66e67c78bb88@linaro.org> (raw)
In-Reply-To: <6cde3ebe-b6f3-4861-9506-c4f267e612f5@linaro.org>
Ping (x2)
On 06/12/24 11:08, Adhemerval Zanella Netto wrote:
> Ping on this patchset.
>
> On 28/11/24 12:43, Adhemerval Zanella wrote:
>> elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
>>
>> The new GNU property is a way to mark binaries to be memory-sealed by
>> the loader, to avoid further changes of PT_LOAD segments (such as
>> unmapping or changing permission flags). This is done along with Linux
>> (the mseal syscall [1]), and C runtime supports to instruct the kernel
>> on the correct time to seal the mapping during program startup (for
>> instance, after RELRO setup). This support is added along the glibc
>> support to handle the new gnu property [2].
>>
>> The first patch adds the -Wl,memory-seal and -Wl,nomemory-seal optionsi
>> to ld.bfd. The GNU_PROPERTY_MEMORY_SEAL property is added only for
>> ET_EXEC or ET_DYN objects.
>>
>> The second patch adds similar support for ld.gold.
>>
>> The third patch adds the ld --enable-memory-seal configure option to
>> enable the memory sealing as default.
>>
>> [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370
>> [2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html
>>
>> Changes v3->v4:
>> * Rebase against master
>> * Address comments from last version
>>
>> Changes v2->v3:
>> * Do not add or merge the GNU_PROPERTY_MEMORY_SEAL property if present
>> on ET_REL.
>> * Extend testing.
>>
>> Changes v1->v2:
>> * Make the security hardening opt-in instead of opt-out.
>> * Add gold support.
>>
>> Adhemerval Zanella (3):
>> elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
>> gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property
>> ld: Add --enable-memory-seal configure option
>>
>> bfd/elf-properties.c | 85 +++++++++++++++++-----
>> bfd/elfxx-x86.c | 3 +-
>> binutils/readelf.c | 6 ++
>> binutils/testsuite/lib/binutils-common.exp | 22 ++++++
>> elfcpp/elfcpp.h | 1 +
>> gold/NEWS | 3 +
>> gold/layout.cc | 4 +
>> gold/options.h | 3 +
>> gold/testsuite/Makefile.am | 19 +++++
>> gold/testsuite/Makefile.in | 26 ++++++-
>> gold/testsuite/memory_seal_main.c | 5 ++
>> gold/testsuite/memory_seal_shared.c | 7 ++
>> gold/testsuite/memory_seal_test.sh | 45 ++++++++++++
>> include/bfdlink.h | 3 +
>> include/elf/common.h | 1 +
>> ld/NEWS | 4 +
>> ld/config.in | 3 +
>> ld/configure | 38 ++++++++--
>> ld/configure.ac | 17 +++++
>> ld/emultempl/elf.em | 5 ++
>> ld/ld.texi | 8 ++
>> ld/lexsup.c | 11 +++
>> ld/testsuite/config/default.exp | 8 ++
>> ld/testsuite/ld-elf/property-seal-1.d | 16 ++++
>> ld/testsuite/ld-elf/property-seal-1.s | 11 +++
>> ld/testsuite/ld-elf/property-seal-2.d | 17 +++++
>> ld/testsuite/ld-elf/property-seal-3.d | 16 ++++
>> ld/testsuite/ld-elf/property-seal-4.d | 16 ++++
>> ld/testsuite/ld-elf/property-seal-5.d | 15 ++++
>> ld/testsuite/ld-elf/property-seal-6.d | 16 ++++
>> ld/testsuite/ld-elf/property-seal-7.d | 14 ++++
>> ld/testsuite/ld-elf/property-seal-8.d | 15 ++++
>> ld/testsuite/ld-srec/srec.exp | 4 +
>> ld/testsuite/lib/ld-lib.exp | 6 ++
>> 34 files changed, 445 insertions(+), 28 deletions(-)
>> create mode 100644 gold/testsuite/memory_seal_main.c
>> create mode 100644 gold/testsuite/memory_seal_shared.c
>> create mode 100755 gold/testsuite/memory_seal_test.sh
>> create mode 100644 ld/testsuite/ld-elf/property-seal-1.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-1.s
>> create mode 100644 ld/testsuite/ld-elf/property-seal-2.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-3.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-4.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-5.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-6.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-7.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-8.d
>>
>
prev parent reply other threads:[~2024-12-19 20:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-28 15:43 Adhemerval Zanella
2024-11-28 15:43 ` [PATCH v4 1/3] " Adhemerval Zanella
2024-11-28 15:43 ` [PATCH v4 2/3] gold: " Adhemerval Zanella
2024-11-28 15:43 ` [PATCH v4 3/3] ld: Add --enable-memory-seal configure option Adhemerval Zanella
2024-12-06 14:08 ` [PATCH v4 0/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property Adhemerval Zanella Netto
2024-12-19 20:13 ` Adhemerval Zanella Netto [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ed0123f8-0dcf-4fd3-9644-66e67c78bb88@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=binutils@sourceware.org \
--cc=hjl.tools@gmail.com \
--cc=jeffxu@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).