| Message ID | 20210517201327.755689-1-romain.naour@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [RFC,for-next] package/gcc: enable secureplt for powerpc64 | expand |
Romain, All, On 2021-05-17 22:13 +0200, Romain Naour spake thusly: > GCC support enabling secureplt for powerpc64. > > From [1] > "PowerPC has two PLT models: BSS-PLT and Secure-PLT. BSS-PLT uses > runtime code generation to generate the PLT stubs. Secure-PLT was > introduced with GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and > Binutils 2.17), and is a more secure PLT format, using a read-only gcc 4.1 and binutils 2.17 are really old, now; everything and everyone has better than that nowadays. > linkage table, with the dynamic linker populating a non-executable > index table." > > This option is always enabled by glibc testing script > called build-many-glibcs.py [1]. This script exist since > glibc 2.25. > > Runtime tested with qemu_ppc64_e5500_defconfig. Good enough for me. > [1] https://reviews.freebsd.org/D20598 > [2] https://sourceware.org/git/?p=glibc.git;a=blob;f=scripts/build-many-glibcs.py;h=9c08ab7b326e6385abb835eb32dd143952a71942;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l345 > > Signed-off-by: Romain Naour <romain.naour@gmail.com> > Cc: Matt Weber <matthew.weber@collins.com> Applied to next, thanks. Regards, Yann E. MORIN. > --- > > While looking at ppc secureplt issue with BR2_PIC_PIE, I noticed > that gcc --enable-secureplt option was only used for BR2_powerpc > although it's also available for powerpc64. > > I don't have a powerpc64 hardware for real testing. > Test welcome. > --- > package/gcc/gcc.mk | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/package/gcc/gcc.mk b/package/gcc/gcc.mk > index 5e419f7ede..ed9b93e50f 100644 > --- a/package/gcc/gcc.mk > +++ b/package/gcc/gcc.mk > @@ -231,7 +231,7 @@ endif > # Set default to Secure-PLT to prevent run-time > # generation of PLT stubs (supports RELRO and > # SELinux non-exemem capabilities) > -ifeq ($(BR2_powerpc),y) > +ifeq ($(BR2_powerpc)$(BR2_powerpc64),y) > HOST_GCC_COMMON_CONF_OPTS += --enable-secureplt > endif > > -- > 2.31.1 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
All, > -----Original Message----- > From: Yann E. MORIN <yann.morin.1998@free.fr> > Sent: Tuesday, May 18, 2021 7:06 AM > To: Romain Naour <romain.naour@gmail.com> > Cc: buildroot@buildroot.org; Weber, Matthew L Collins > <Matthew.Weber@collins.com> > Subject: [External] Re: [Buildroot] [RFC for-next] package/gcc: enable > secureplt for powerpc64 > > Romain, All, > > On 2021-05-17 22:13 +0200, Romain Naour spake thusly: > > GCC support enabling secureplt for powerpc64. > > > > From [1] > > "PowerPC has two PLT models: BSS-PLT and Secure-PLT. BSS-PLT uses > > runtime code generation to generate the PLT stubs. Secure-PLT was > > introduced with GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and > > Binutils 2.17), and is a more secure PLT format, using a read-only [snip] > > linkage table, with the dynamic linker populating a non-executable > > index table." Interestingly, when doing SElinux policy, we didn't observe similar behavior with memory execute requests on PowerPC64 vs PowerPC. Without this option, we observed regular memory execute (access request) audits on PowerPC, and we couldn't cleanly write policy without really opening things up. > > > > This option is always enabled by glibc testing script called > > build-many-glibcs.py [1]. This script exist since glibc 2.25. > > > > Runtime tested with qemu_ppc64_e5500_defconfig. > > Good enough for me. Agree, the runtime test in QEMU should cover any lack of hardware testing. I've successfully moved kernels between emulation and devkits for this arch. Reviewed-by: Matt Weber <matthew.weber@collins.com>
Matthew, All, On 2021-05-18 13:20 +0000, Weber, Matthew L Collins via buildroot spake thusly: > > -----Original Message----- > > From: Yann E. MORIN <yann.morin.1998@free.fr> > > Sent: Tuesday, May 18, 2021 7:06 AM > > To: Romain Naour <romain.naour@gmail.com> > > Cc: buildroot@buildroot.org; Weber, Matthew L Collins > > <Matthew.Weber@collins.com> > > Subject: [External] Re: [Buildroot] [RFC for-next] package/gcc: enable > > secureplt for powerpc64 > > > > Romain, All, > > > > On 2021-05-17 22:13 +0200, Romain Naour spake thusly: > > > GCC support enabling secureplt for powerpc64. > > > > > > From [1] > > > "PowerPC has two PLT models: BSS-PLT and Secure-PLT. BSS-PLT uses > > > runtime code generation to generate the PLT stubs. Secure-PLT was > > > introduced with GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and > > > Binutils 2.17), and is a more secure PLT format, using a read-only > [snip] > > > linkage table, with the dynamic linker populating a non-executable > > > index table." > Interestingly, when doing SElinux policy, we didn't observe similar > behavior with memory execute requests on PowerPC64 vs PowerPC. Without > this option, we observed regular memory execute (access request) > audits on PowerPC, and we couldn't cleanly write policy without really > opening things up. > > > This option is always enabled by glibc testing script called > > > build-many-glibcs.py [1]. This script exist since glibc 2.25. > > > > > > Runtime tested with qemu_ppc64_e5500_defconfig. > > > > Good enough for me. > Agree, the runtime test in QEMU should cover any lack of hardware > testing. I've successfully moved kernels between emulation and > devkits for this arch. > > Reviewed-by: Matt Weber <matthew.weber@collins.com> Already applied, so your rev-tag will not be recorded, sorry... But still, this is good to read a positive feedback nonetheless. Thanks! Regards, Yann E. MORIN.
diff --git a/package/gcc/gcc.mk b/package/gcc/gcc.mk index 5e419f7ede..ed9b93e50f 100644 --- a/package/gcc/gcc.mk +++ b/package/gcc/gcc.mk @@ -231,7 +231,7 @@ endif # Set default to Secure-PLT to prevent run-time # generation of PLT stubs (supports RELRO and # SELinux non-exemem capabilities) -ifeq ($(BR2_powerpc),y) +ifeq ($(BR2_powerpc)$(BR2_powerpc64),y) HOST_GCC_COMMON_CONF_OPTS += --enable-secureplt endif
GCC support enabling secureplt for powerpc64. From [1] "PowerPC has two PLT models: BSS-PLT and Secure-PLT. BSS-PLT uses runtime code generation to generate the PLT stubs. Secure-PLT was introduced with GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and Binutils 2.17), and is a more secure PLT format, using a read-only linkage table, with the dynamic linker populating a non-executable index table." This option is always enabled by glibc testing script called build-many-glibcs.py [1]. This script exist since glibc 2.25. Runtime tested with qemu_ppc64_e5500_defconfig. [1] https://reviews.freebsd.org/D20598 [2] https://sourceware.org/git/?p=glibc.git;a=blob;f=scripts/build-many-glibcs.py;h=9c08ab7b326e6385abb835eb32dd143952a71942;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l345 Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: Matt Weber <matthew.weber@collins.com> --- While looking at ppc secureplt issue with BR2_PIC_PIE, I noticed that gcc --enable-secureplt option was only used for BR2_powerpc although it's also available for powerpc64. I don't have a powerpc64 hardware for real testing. Test welcome. --- package/gcc/gcc.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)