From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22395 invoked by alias); 17 Mar 2018 13:31:23 -0000 Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: gnu-gabi-owner@sourceware.org Received: (qmail 22373 invoked by uid 89); 17 Mar 2018 13:31:19 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=HX-Received:sk:i4-v6mr, HX-Received:6884, reserved, Audit X-Spam-Status: No, score=-4.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mail-pl0-f48.google.com Received: from mail-pl0-f48.google.com (HELO mail-pl0-f48.google.com) (209.85.160.48) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 17 Mar 2018 13:31:18 +0000 Received: by mail-pl0-f48.google.com with SMTP id f23-v6so7488837plr.10 for ; Sat, 17 Mar 2018 06:31:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=1i+rw9XVFVAfkvDdLYqJiMmWz67nGUsc/IKmNJfejsE=; b=ZpKBf9sE56FW9HeD3JGY/Y4usLOfJX8SA+4vZUm1WJQh8HeTKbRBtAWQ2khbsCd3Ng MiAqyz78+NRPmidNMaSqMCZPH7WCaYqsOdIdxCkdqtpIwF7RMStZZAtTr07r8tMrKxym MR/pT6cVek8+TfWtuGG2ZFeBBvGrC696NvNpoAtqWpQtaIJpw2Wc43ITL3lhwPWYul2f HFPAmOVtoClklaIUcc46nKw1Lbv9+MxmA50KQMZ3YGIYkZoWB3FIWjnaZi0GQIecx+Rl ihRbBh6umKSr/4VNUkczyxzkyHwnSZL/I2QLtOq0imAHtTudn1qVrI7reAVlr2bt1pc0 CicQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=1i+rw9XVFVAfkvDdLYqJiMmWz67nGUsc/IKmNJfejsE=; b=V76v1oY+jHCUoDN7RG5quPxawnGkLgEdkEK72XaoxxBP8GwlvRjRVVk1V8UG9HQQkD U3qLW3+2bLDwjINZxy+7ufE+TKz8qrc80X1p3C//DzC4m7N3SnNcd9coesBS0I/XXMyr 7rDNiPVXaY96Z7idZEjSwj2aYm3uKYSDMkK9AACOFgp57O9j2e21JYj6B6ySsFfCf0We LKbCy2VUWEC4WccCqpvTnRdLv/3qotvmjvEoVEYVTGA6FtcXN8VGEPHA8E2JaFcE4qdt bh6okf66t2cMqvgGk1xrWXNrVY6beq6150o8shDXAuBaj8k51md+RMi27pFvB8xLWqq/ 2kWQ== X-Gm-Message-State: AElRT7HEMxcFuG9jouCWXc4zQd2r6pWRZGI2J3uM9sRtiGjgqSLoeHOy ll+uEkMQBFOdqRt0YRObLPU= X-Google-Smtp-Source: AG47ELv0ZIgpxCbmN3m+y5vVQvPycDhmQsj3IsyQalcZIAtOQL1bScMynlVHR4to1jrPb5kkNpJASg== X-Received: by 2002:a17:902:6884:: with SMTP id i4-v6mr5858420plk.259.1521293476671; Sat, 17 Mar 2018 06:31:16 -0700 (PDT) Received: from gnu-tools-1.localdomain (c-73-93-86-59.hsd1.ca.comcast.net. [73.93.86.59]) by smtp.gmail.com with ESMTPSA id g5sm18454011pfh.6.2018.03.17.06.31.15 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 17 Mar 2018 06:31:16 -0700 (PDT) Received: by gnu-tools-1.localdomain (Postfix, from userid 1000) id 269AD21F80; Sat, 17 Mar 2018 06:31:15 -0700 (PDT) Date: Mon, 01 Jan 2018 00:00:00 -0000 From: "H.J. Lu" To: generic-abi@googlegroups.com Cc: gnu-gabi@sourceware.org Subject: RFC: Audit external function called indirectly via GOT Message-ID: <20180317133115.GA4681@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.9.2 (2017-12-15) X-IsSubscribed: yes X-SW-Source: 2018-q1/txt/msg00001.txt.bz2 Auditing of external function calls and their return values relies on lazy binding with PLT. When external functions are called indirectly via GOT without using PLT, auditing stops working. Here is a proposal to support auditing of external function called indirectly via GOT: 1. Add optional dynamic tags: #define DT_GNU_PLT 0x6ffffef4 /* Address of PLT section */ #define DT_GNU_PLTSZ 0x6ffffdf1 /* Size of PLT section */ #define DT_GNU_PLTENT 0x6ffffdf2 /* Size of one PLT entry */ #define DT_GNU_PLT0SZ 0x6ffffdf3 /* Size of the first PLT entry */ #define DT_GNU_PLTGOTSZ 0x6ffffdf4 /* Size of PLTGOT section */ and update DT_FLAGS_1 with: #define DF_1_JMPRELIGN 0x10000000 /* DT_JMPREL can be ignored */ 2. Linker creates PLT entries for auditing external function calls via GOT and sets DT_GNU_PLT, DT_GNU_PLTSZ, DT_GNU_PLTENT, DT_GNU_PLT0SZ and DT_GNU_PLTGOTSZ. If PLT isn't required for lazy binding, set the DF_1_JMPRELIGN bit in DT_FLAGS_1. 3. When auditing is enabled at run-time, dynamic linker resolves GLOB_DAT relocation to its corresponding PLT entry by finding JUMP_SLOT relocation against the same function and use its PLT slot as the function address. On x86, the first PLT entry and the 3 GOT slots are reserved. GOT slot is (JUMP_SLOT relocation offset - DT_PLTGOT) / size of GOT entry. PLT offset is (GOT slot - 3) * DT_GNU_PLTENT + DT_GNU_PLT0SZ. PLT address is DT_GNU_PLT + PLT offset. DT_GNU_PLT, DT_GNU_PLTSZ, DT_PLTGOT and DT_GNU_PLTGOTSZ can be used to check if GOT and PLT offsets are within range. 4. If DF_1_JMPRELIGN is set, dynamic linker can ignore DT_JMPREL when lazy binding is disabled. Any comments? H.J.