From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) by sourceware.org (Postfix) with ESMTPS id D12FE3858C42 for ; Tue, 16 Jan 2024 18:14:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D12FE3858C42 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D12FE3858C42 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::b36 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1705428873; cv=none; b=NxXpggnUxRwkoF/sAfYFGZtvj//2pOiBXtVlILxhaqYtS7LyDyBDq2EhlcyX6Sig5J9IbypOMuTKUwX2jInTdrBdTClE43SYeyS3LZtyMHkujSdJRhv/9WhZthnYjVmB3vwLytrSJMupRNaLi+itDTXVIPo4ZZVvxYrwFY8mMew= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1705428873; c=relaxed/simple; bh=6IWmgdAFVUrGzv85AftOTnF3XKJoGh3b9aXSORrBjfk=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=X5f8dxmFYWw1SoRbJT77QJmuDP1njumOSxYTbrkI1M2/2nU3+yYdzkzkoDjqUc+dLjGRNye7rUa9hcQZEglmhf+Y+GHupROpb6Q1QM7dJ1ykmcO7mdzvfZWnCNyMEBqCaeAlVSYey+fWJaMQn6llL7aS4tLepmFBI2yJeZN1q2A= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-yb1-xb36.google.com with SMTP id 3f1490d57ef6-dbedb1ee3e4so8352616276.3 for ; Tue, 16 Jan 2024 10:14:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705428869; x=1706033669; darn=sourceware.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6WjR5E+sDQHasuRsRDtJWKyJG6QHRAsLHcV3ERltEWc=; b=G9pOT0M31RI0hblMNsq9OUyaZmQAJL7i46t4lkNnikTdlMTvHZGj2BayERdvMbeONC QkQ7z85eKGjWLwl7ntaZrMVmxCOpJpAUsU1KKjLQwwCodh2niak3jPZpUratbojRSDXQ EDUpLmTPoCKZa9iO1NA6xYDBXOFtCEJ8i0JA/4J/svbQDxP3TIVjW+maaC5vMrcLc2sg Yivx5EU8y2+Yv47GjGLi1aFR46O9dX8qkw+L5W2ro1hbP0aTbOUPMjlXqcHQaxa4mCsE dxjR7EFUbZaAKloJXgUJqMOP/aARyHtKDiqqZG8R/L5QaCp/JPuYZfbfNe9PmqZfPGMO 3zag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705428869; x=1706033669; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6WjR5E+sDQHasuRsRDtJWKyJG6QHRAsLHcV3ERltEWc=; b=I8ScyfkxULvLHZCFJ1cf6Ml7kSHlndOHknHErvvoHbfAxS9DZeBN1DvjlJIeFYh0z8 DDX6zhpWXVLYseTQAsxHPmqZrgVcEZVdjmInQhYxBklLwt1Wk6+7YGXqV/jAAkO6V5kI yuIa3+XkMtisw3LxCp8+fd+VLH+ajMQx+na835UAvUm1ODHdmjuYvvvNeGehLqjFHy51 FvHYrEN6xoIY7YpjqHJ/d55dVL3ZM5LeC/nPlkvB1ZAntkb1nvcti+IlHQ7/YrFrJPhZ KeVY5Nw2rSbR+u5Tsdg7ZhJdXMCHGZIIDFRhRe53s1S5OZuUg6sXyENskQz6psFE9G2w Vo0Q== X-Gm-Message-State: AOJu0YwfcZsaNVHZZu+R2ELfLdKpPXSdVZ5TakPmYh5Q1NL67EIVYZuZ aP/wTN97v8EEuavqYaWhL6EmTnMsG7i0G82us7M= X-Google-Smtp-Source: AGHT+IHzjGoR6WJQvrIsyTyaSstRafjtCcF22pXcraCHk+jvLrSOocSSmxSnz6xwXYzFmGarmm55IOWVSqebD6GozPI= X-Received: by 2002:a5b:60d:0:b0:dc2:276e:70a6 with SMTP id d13-20020a5b060d000000b00dc2276e70a6mr908488ybq.61.1705428869136; Tue, 16 Jan 2024 10:14:29 -0800 (PST) MIME-Version: 1.0 References: <20240112181941.3536012-1-hjl.tools@gmail.com> In-Reply-To: From: "H.J. Lu" Date: Tue, 16 Jan 2024 10:13:53 -0800 Message-ID: Subject: Re: [PATCH v2] x86-64: Check if mprotect works before rewriting PLT To: Adhemerval Zanella Netto Cc: libc-alpha@sourceware.org, Rich Felker Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-3014.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Jan 16, 2024 at 9:36=E2=80=AFAM Adhemerval Zanella Netto wrote: > > > > On 12/01/24 15:19, H.J. Lu wrote: > > Systemd execution environment configuration may prohibit changing a mem= ory > > mapping to become executable: > > > > MemoryDenyWriteExecute=3D > > Takes a boolean argument. If set, attempts to create memory mappings > > that are writable and executable at the same time, or to change existin= g > > memory mappings to become executable, or mapping shared memory segments > > as executable, are prohibited. > > > > When it is set, systemd service stops working if PLT rewrite is enabled= . > > Check if mprotect works before rewriting PLT. This fixes BZ #31230. > > This also works with SELinux when deny_execmem is on. > > On musl channel Rich has raised some points for this optimization that > made me curious. His main points are this should not be faster than > -fno-plt, so the main advantage is for old binaries or environments That is true for most cases. But in some cases, direct call + direct jump is faster than indirect call. > where PLT is required (either for audit or any other instrumentation). This is also true. > Since this new tunable requires more resources (either for the probing, > plus the setup itself, and the extra VMA for the new PLT rewrite), with > recent Linux security modules that would most likely to prevent it in > a lot of deployments; the question is how really useful this would be This also applies to all JITs. > and whether this is really more like an experiment to show a new x86 > feature. This feature has a minimal performance impact for most people. But it is very useful for cases where PLT performance is critical. --=20 H.J.