From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 63158 invoked by alias); 20 Mar 2018 16:52:21 -0000 Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: gnu-gabi-owner@sourceware.org Received: (qmail 63146 invoked by uid 89); 20 Mar 2018 16:52:21 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=reserved X-Spam-Status: No, score=-2.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mail-oi0-f45.google.com Received: from mail-oi0-f45.google.com (HELO mail-oi0-f45.google.com) (209.85.218.45) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 20 Mar 2018 16:52:19 +0000 Received: by mail-oi0-f45.google.com with SMTP id c12-v6so1919777oic.7 for ; Tue, 20 Mar 2018 09:52:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tG07er4lKD4MketbjpZIeyFKgAihNQXthXPoabKUyos=; b=bw3OLDGe70HRQxsVjIaiLOUsM8a+VwzLDVLJa9o1R5r8egGkb9Cavye53XMfUFIUqV N9788p742bL5fC00kjEFMix0w7rw1NBNAP0Sb1PEj/hSdJ0fkTjxxkugntfj8ieZVO5M YRSr/Mi94fGStYO7+3f63yNMQU8aXs8u8vovpTayNetka1F6GWvAiN4xTpyYdq3qeymD eIjSyFOxYJpIb6N9KkvW5z0BKjJcpyidUOx6/eYjewQDPrMk9mv7BdfW/OKMPoIIXuWd 1cWLNpW5Djcdkd4QopTOg1SNB6xufX8krUcVAr5k72bm0n4O4c1sB0bIZsOfG2BrJuUC S86g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tG07er4lKD4MketbjpZIeyFKgAihNQXthXPoabKUyos=; b=BNXJXBl2z618VEgcMzzOvca//hZmuGVp+IFb+Zvilr4QZlF9+j/XUEbB4A0gV25CTq fkMsl2LadwNGn611zn/dPS9EB0SKqD9H9EO7SXPNN7P5gkuAty5kHCOpzwBlrPhBr6fP faiYntL6OCWOTn5h9IK8sXfwuWHu/dpfHvSqUW3n142m1kFzajm60r/gqPoqcLUm3eKv 7abIStzppPPf7VSiS1m36Qu7VSneAPlZj+Q6galsJnZzUx0ulOK8sCKjPeOBg20tC+2x 3XSZOh8doMZ01D839NiTaHxTQRiUOArvO1IU8vmYRVf1Z21NMRiAnOWAoUbl3JPib0si qO5Q== X-Gm-Message-State: AElRT7HBaKWJwxy2PBLUpy3faNt/7N0YJwCCT4OFelf/fxhPJqKn2Cps qNi60bLW3dJuLsrqLKEoFcTMWSsZcDK4pRvrpoY= X-Google-Smtp-Source: AG47ELuD/Y/7rR7gitYTChVFPLgl7U/XHWGA0RwPzWlgHOAHEXz3mPQyrSso9mfJ6TpvTOgkRAjtw/NAAtSwwtwKhUM= X-Received: by 10.202.234.70 with SMTP id i67mr9352009oih.316.1521564737952; Tue, 20 Mar 2018 09:52:17 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.10.20 with HTTP; Tue, 20 Mar 2018 09:52:17 -0700 (PDT) In-Reply-To: References: <20180317133115.GA4681@gmail.com> From: "H.J. Lu" Date: Mon, 01 Jan 2018 00:00:00 -0000 Message-ID: Subject: Re: RFC: Audit external function called indirectly via GOT To: Florian Weimer Cc: Generic System V Application Binary Interface , gnu-gabi@sourceware.org Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2018-q1/txt/msg00003.txt.bz2 On Mon, Mar 19, 2018 at 1:21 AM, Florian Weimer wrote: > On 03/17/2018 02:31 PM, H.J. Lu wrote: >> >> Auditing of external function calls and their return values relies on >> lazy binding with PLT. When external functions are called indirectly >> via GOT without using PLT, auditing stops working. >> >> Here is a proposal to support auditing of external function called >> indirectly via GOT: >> >> 1. Add optional dynamic tags: >> >> #define DT_GNU_PLT 0x6ffffef4 /* Address of PLT section */ >> #define DT_GNU_PLTSZ 0x6ffffdf1 /* Size of PLT section */ >> #define DT_GNU_PLTENT 0x6ffffdf2 /* Size of one PLT entry */ >> #define DT_GNU_PLT0SZ 0x6ffffdf3 /* Size of the first PLT entry */ >> #define DT_GNU_PLTGOTSZ 0x6ffffdf4 /* Size of PLTGOT section */ >> >> and update DT_FLAGS_1 with: >> >> #define DF_1_JMPRELIGN 0x10000000 /* DT_JMPREL can be ignored */ >> 2. Linker creates PLT entries for auditing external function calls via >> GOT and sets DT_GNU_PLT, DT_GNU_PLTSZ, DT_GNU_PLTENT, DT_GNU_PLT0SZ and >> DT_GNU_PLTGOTSZ. If PLT isn't required for lazy binding, set the >> DF_1_JMPRELIGN bit in DT_FLAGS_1. > > > Could we ship a template for the PLT entries in ld.so instead? And if > needed, map it from the file together with an address array, like this? This won't work since linker needs to know exactly PLT layout to generate JUMP_SLOT relocations for LD_AUDIT. > Data page with pointer > PLT template from ld.so (loading pointers from the previous page) > > This process can get be repeated, to obtain as many PLT stubs as needed. > It's not a real JIT, so SELinux will still be happy. > > The data page would probably contain two pointers per PLT entry, not just > one, so that the reserved PLT entries aren't necessary. > >> 3. When auditing is enabled at run-time, dynamic linker resolves GLOB_DAT >> relocation to its corresponding PLT entry by finding JUMP_SLOT relocation >> against the same function and use its PLT slot as the function address. > > > This step would stay the same. > > I wonder if this would make it possible to restore audit support for > existing binaries which lack PLT entries today. > I don't think so. -- H.J.