From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 115121 invoked by alias); 28 Mar 2018 18:41:47 -0000 Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: gnu-gabi-owner@sourceware.org Received: (qmail 114037 invoked by uid 89); 28 Mar 2018 18:41:46 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=Anyway X-Spam-Status: No, score=-2.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mail-oi0-f44.google.com Received: from mail-oi0-f44.google.com (HELO mail-oi0-f44.google.com) (209.85.218.44) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 28 Mar 2018 18:41:45 +0000 Received: by mail-oi0-f44.google.com with SMTP id q71-v6so3010818oic.6 for ; Wed, 28 Mar 2018 11:41:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gzN++aNdsU9alilA/EVmmRfEaVRIierrk8t1pU+9PCw=; b=ant+HtSE+XPkWCAcCg1Kf5G0ZTjwTYKXUMVuLnTKeCEMuEzRWIgD+e3UO56Mu9ujhE gR7JDdG22PacLUFoIszlYNM7xmEFALTC/NWtTIZgoPeAUC0rFZfhX89TKLrOtES+PNB6 qBB1MT+nublFG2Ezz+ogTnvjN4xMgUzeA9Ol+PAoc4O9pa1w3dRcoS3/lKl+yU2bcfpI EfXDKWLXeu1FdnjZqalkjti9XJScx5V4AG7O0tqpXHjUbx9VI2rLMm/oDPUeiZzNZiNU ARWtD2GZVz0TmTDNeiYif27bRMY97ptLaaA1ruTKdMuNRqab4yxIo+nEVmDa8e4Y95Xp qetw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gzN++aNdsU9alilA/EVmmRfEaVRIierrk8t1pU+9PCw=; b=qInuVmnZXzkBTIrCnf1vVMqHTgiakFIpgZoVfhkQIv/kbOSEA2lGnnaifSMwLGLcef zzGQG51n6eLe9zi7gE8wlk74j+Fktji/eGG+Uqz8Oq9DIb5LGA5s85kdqbKKDA9E2hD4 xkXivEJFXGql6Bq3iK6O6K842tJcvK4tGe4P+W28C9UGaaCWDxI0GJXsyZ0hbpMSOss1 pb06W1iQD7heJ0K+fUIGVt5aVVqy9Ude4JvhkCvjkUT7ze/istOIVGxlxQtHcIr6pCyN RA2JaVeZ6Qfc/aDE8nCJIEQQ13/aGqV3C672LNLBCRGFohxGe+TeMJK6Dol00Oneza/X si1Q== X-Gm-Message-State: AElRT7EIWcQKJjZgyCTUoNrxnljkTD8Zsw6zxjS7VOPY7WfBA74+XFaI 7j6MXjaSdijSgmQxDzHjBwF0pdgspZpJRGUVP3HxJA== X-Google-Smtp-Source: AIpwx494vB3U8o4CdRdAGNLJKaEiZaLbYWEcG0A33sb91vKGIYDJptP/aIy0q89YtwukEro573tBVHfLyXu0oK+0R+c= X-Received: by 10.202.199.67 with SMTP id x64mr2900123oif.100.1522262498806; Wed, 28 Mar 2018 11:41:38 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.190.152 with HTTP; Wed, 28 Mar 2018 11:41:38 -0700 (PDT) In-Reply-To: References: <20180317133115.GA4681@gmail.com> From: "H.J. Lu" Date: Mon, 01 Jan 2018 00:00:00 -0000 Message-ID: Subject: Re: RFC: Audit external function called indirectly via GOT To: Florian Weimer Cc: Generic System V Application Binary Interface , gnu-gabi@sourceware.org Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2018-q1/txt/msg00032.txt.bz2 On Wed, Mar 28, 2018 at 11:37 AM, Florian Weimer wrote: > On 03/20/2018 05:52 PM, H.J. Lu wrote: >> >> On Mon, Mar 19, 2018 at 1:21 AM, Florian Weimer >> wrote: >>> >>> On 03/17/2018 02:31 PM, H.J. Lu wrote: >>>> >>>> >>>> Auditing of external function calls and their return values relies on >>>> lazy binding with PLT. When external functions are called indirectly >>>> via GOT without using PLT, auditing stops working. >>>> >>>> Here is a proposal to support auditing of external function called >>>> indirectly via GOT: >>>> >>>> 1. Add optional dynamic tags: >>>> >>>> #define DT_GNU_PLT 0x6ffffef4 /* Address of PLT section */ >>>> #define DT_GNU_PLTSZ 0x6ffffdf1 /* Size of PLT section */ >>>> #define DT_GNU_PLTENT 0x6ffffdf2 /* Size of one PLT entry */ >>>> #define DT_GNU_PLT0SZ 0x6ffffdf3 /* Size of the first PLT entry */ >>>> #define DT_GNU_PLTGOTSZ 0x6ffffdf4 /* Size of PLTGOT section */ >>>> >>>> and update DT_FLAGS_1 with: >>>> >>>> #define DF_1_JMPRELIGN 0x10000000 /* DT_JMPREL can be ignored */ >>>> 2. Linker creates PLT entries for auditing external function calls via >>>> GOT and sets DT_GNU_PLT, DT_GNU_PLTSZ, DT_GNU_PLTENT, DT_GNU_PLT0SZ and >>>> DT_GNU_PLTGOTSZ. If PLT isn't required for lazy binding, set the >>>> DF_1_JMPRELIGN bit in DT_FLAGS_1. >>> >>> >>> >>> Could we ship a template for the PLT entries in ld.so instead? And if >>> needed, map it from the file together with an address array, like this? >> >> >> This won't work since linker needs to know exactly PLT layout to generate >> JUMP_SLOT relocations for LD_AUDIT. > > > I don't see why it would need JUMP_SLOT relocations if it simply > auto-generates PLT stub equivalents and installs them in GLOB_DAT > relocations. My understanding is that LD_AUDIT is based on JUMP_SLOT relocations. > Anyway, going back to the larger question what we need here. > > I used this as a test case for audit support with BIND_NOW: > > latrace /bin/true --help > > Most of Fedora is compiled with BIND_NOW. Fedora 26 does not print latrace > messages (the problem I mentioned earlier), Fedora 27 works (yay), Fedora 28 > crashes (meh). > > So depending on which side Fedora 28+ falls, I think your approach might be > viable. I expect that a future binutils version would do this by default, > and beyond the additional dynamic section tags, new PLT stubs would only be > created for no-plt functions because current binutils is supposed to > generate PLT entries again (after they went missing for -z now binaries for > some time). > -fno-plt is a compiler option, not a linker option. Linker generates PLT for PLT32 relocations to external functions. -- H.J.