From: Florian Weimer <fw@deneb.enyo.de>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH 5/7] elf: Enable relro for static build
Date: Sun, 01 Dec 2019 09:55:00 -0000 [thread overview]
Message-ID: <874kykfjyy.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <20191129210327.26434-5-adhemerval.zanella@linaro.org> (Adhemerval Zanella's message of "Fri, 29 Nov 2019 18:03:25 -0300")
* Adhemerval Zanella:
> The code is similar to the one at rtld.c, where its check for the
> PT_GNU_RELRO header values from program headers and call
> _dl_protected_relro with the updated l_relro_{addr,size} values.
This is not the actual code that does RELRO in most cases, it's only
used with prelink. _dl_relocate_object is what is used.
> diff --git a/elf/dl-support.c b/elf/dl-support.c
> index 5526d5ee6e..bdb5c2ae91 100644
> --- a/elf/dl-support.c
> +++ b/elf/dl-support.c
> @@ -367,14 +367,24 @@ _dl_non_dynamic_init (void)
> if (_dl_platform != NULL)
> _dl_platformlen = strlen (_dl_platform);
>
> - /* Scan for a program header telling us the stack is nonexecutable. */
> if (_dl_phdr != NULL)
> - for (uint_fast16_t i = 0; i < _dl_phnum; ++i)
> - if (_dl_phdr[i].p_type == PT_GNU_STACK)
> + for (const ElfW(Phdr) *ph = _dl_phdr; ph < &_dl_phdr[_dl_phnum]; ++ph)
> + switch (ph->p_type)
> {
> - _dl_stack_flags = _dl_phdr[i].p_flags;
> + /* Check if the stack is nonexecutable. */
> + case PT_GNU_STACK:
> + _dl_stack_flags = ph->p_flags;
> + break;
> +
> + case PT_GNU_RELRO:
> + _dl_main_map.l_relro_addr = ph->p_vaddr;
> + _dl_main_map.l_relro_size = ph->p_memsz;
> break;
> }
> +
> + /* Setup relro on the binary itself. */
> + if (_dl_main_map.l_relro_size)
> + _dl_protect_relro (&_dl_main_map);
Please use an explicit comparison with != 0.
I have a test case for this which I can post. Somewhat bizarrely,
full RELRO for statically linked binaries requires linking with -z now.
next prev parent reply other threads:[~2019-12-01 9:55 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-29 21:03 [PATCH 1/7] linux: Update x86 vDSO symbols Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 2/7] x86: Make x32 use x86 time implementation Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 7/7] elf: Move vDSO setup to rtld Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 4/7] linux: Update mips vDSO symbols Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 5/7] elf: Enable relro for static build Adhemerval Zanella
2019-12-01 9:55 ` Florian Weimer [this message]
2019-12-02 13:57 ` Adhemerval Zanella
2019-12-02 18:25 ` Florian Weimer
2019-12-02 18:54 ` Adhemerval Zanella
2019-12-02 19:03 ` Florian Weimer
2019-12-02 19:33 ` Adhemerval Zanella
2019-12-03 13:53 ` [PATCH v2] " Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 6/7] linux: Refactor sched_getcpu in terms of getcpu Adhemerval Zanella
2019-12-01 14:22 ` Florian Weimer
2019-12-02 14:00 ` Adhemerval Zanella
2019-12-03 13:56 ` [PATCH v2] linux: Add inline getcpu implementation for sched_getcpu and getcpu Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 3/7] Remove vDSO support from make-syscall.sh Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874kykfjyy.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=adhemerval.zanella@linaro.org \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).