From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gnu-gabi-return-243-listarch-gnu-gabi=sourceware.org@sourceware.org>
Received: (qmail 54119 invoked by alias); 22 Mar 2018 17:43:58 -0000
Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gnu-gabi.sourceware.org>
List-Post: <mailto:gnu-gabi@sourceware.org>
List-Help: <mailto:gnu-gabi-help@sourceware.org>
List-Subscribe: <mailto:gnu-gabi-subscribe@sourceware.org>
Sender: gnu-gabi-owner@sourceware.org
Received: (qmail 54105 invoked by uid 89); 22 Mar 2018 17:43:57 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org
X-Spam-Level:
X-HELO: mail-ot0-f179.google.com
Received: from mail-ot0-f179.google.com (HELO mail-ot0-f179.google.com) (74.125.82.179) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 22 Mar 2018 17:43:56 +0000
Received: by mail-ot0-f179.google.com with SMTP id i28-v6so10370852otf.8        for <gnu-gabi@sourceware.org>; Thu, 22 Mar 2018 10:43:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=mime-version:in-reply-to:references:from:date:message-id:subject:to         :cc;        bh=dOkkwN/4K9b7IyTFyFyfCEgcYIxr8rXqmKTtJg+n2gE=;        b=lgj+wd16gJ1dO1+w9NByjGpH7aAAGCX/62RVm7GetUMJeQwrAsf7zxSpmKNk8WjiJR         L/8mtMmBJr/QPn8Xq9DkNHFe77qrazvO7S09xclqdH5n0TfCpziARrQQuYowi7HDEsfg         4uYEnA5U4K6INihJUBsVPAO1QeviiR1XoE6US+PxKpbtMOUUPPbl3EQrjv1TKOwAMDNu         ebZJMDzyMB0+E4P5rF9nMcF+dlvQlHCNNOyNZ528mWBWyPKl2eZZAdGqNppIc9iaG4e8         xnB7fd9LWpwtG4hFjTKWzKhGuCUen7Zh6n2dL+J5Pc+pl87EeaPGwmYLxD0rEPF9XMJb         cGZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:mime-version:in-reply-to:references:from:date         :message-id:subject:to:cc;        bh=dOkkwN/4K9b7IyTFyFyfCEgcYIxr8rXqmKTtJg+n2gE=;        b=qhBwtWc+O14haRSOXIlwWBgd7kc79ARWrBLnzlR+bORmWSukYit7Fh34rmtsG527wi         /JJxpnRDXTZp+Xp8ngEYrpUZ2A0B90kwVTccX+aNQ3yYiV3Dj8VYYOBkIaNucPMtvkw/         rGTjtdZ6AmOtYx8+h4xRouukKQcAUULeKH0VObYaeGN60igy1UQWV0po4tw+LwZuKX9B         WXdwSCz/5cVJJ5FLOgCAIxgur4q9xA944lTckN4dTSnxpnq6XRJ3Ngd5qys17R+8cdaZ         EtgCP5IDowTl/s3bp2HpGzJxCUuVNQOSBcfun9Xy8X0Hy8uLtWC6HcED7E/3MLuf798T         SVqw==
X-Gm-Message-State: AElRT7HAk/lWhkApVUivpM3N84Bd4aEy8Sq5j+BypiL/J/xb93l2uMZS	qUYtp61Z6iCr7xq5L92+CvRBaAYmZallM6fHLgWrGw==
X-Google-Smtp-Source: AG47ELsqEvmMZHCuTE7vRghTEcj0ipM/6aGxiPfpRDiJBf+MgAoXyFyyiLnXjauG1stltZzRvzMWaVbZ7rXndvfiKww=
X-Received: by 2002:a9d:1f2a:: with SMTP id x39-v6mr17280865otd.125.1521740634951; Thu, 22 Mar 2018 10:43:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.10.20 with HTTP; Thu, 22 Mar 2018 10:43:54 -0700 (PDT)
In-Reply-To: <CAJimCsFNUMj8tDe5RcL6vv=B4ymga0OaPZnp=qJ-9CUEC3UTGA@mail.gmail.com>
References: <20180317133115.GA4681@gmail.com> <ba9013ec-7c77-9a3d-d474-3f5f4670d093@redhat.com> <CAMe9rOq3_U_T88+j8teyGRrrFoHWbvS=D+hHSBHZ01gQTWy=Hw@mail.gmail.com> <87370txhr1.fsf@mid.deneb.enyo.de> <3a203b82-1247-5538-4848-92c9227cc77e@redhat.com> <87po3wo589.fsf@mid.deneb.enyo.de> <76f5551d-e8dc-4915-e3d8-54a2305a5718@redhat.com> <CAJimCsFNUMj8tDe5RcL6vv=B4ymga0OaPZnp=qJ-9CUEC3UTGA@mail.gmail.com>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Mon, 01 Jan 2018 00:00:00 -0000
Message-ID: <CAMe9rOpeMrHNAc+2OdH-Oxo8fh+84++6Fm0H-oRdrzLAnUQqtA@mail.gmail.com>
Subject: Re: RFC: Audit external function called indirectly via GOT
To: Cary Coutant <ccoutant@gmail.com>
Cc: Generic System V Application Binary Interface <generic-abi@googlegroups.com>, Florian Weimer <fw@deneb.enyo.de>, 	gnu-gabi@sourceware.org
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes
X-SW-Source: 2018-q1/txt/msg00027.txt.bz2

On Thu, Mar 22, 2018 at 9:10 AM, Cary Coutant <ccoutant@gmail.com> wrote:
>> Today we have to admit that -fno-plt is not compatible with auditing.
>>
>> I would like to change that to ensure that in future releases we are
>> able to let users use -fno-plt *and* auditing.
>
> The security features are all about locking down the GOT and the
> PLTGOT at program startup. The auditing features take advantage of the
> lazy binding mechanism and want to fiddle with those tables
> dynamically. I don't see how you're going to make the two compatible.
>

That is exactly what my proposal does:

1.  Provide both GOT and PLTGOT without lazy binding.
2. PLTGOT is unused without LD_AUDIT.
3. With LD_AUDIT, ld.so redirects GLOB_DAT relocation against GOT to
JUMP_SLOT relocation against PLTGOT.  This is not the same as lazy
binding since it happens every time when a function is called, not just
the first time.

-- 
H.J.