| Message ID | 561FE77A.5000900@arm.com |
|---|---|
| State | New |
| Headers | show |
On Thu, Oct 15, 2015 at 1:50 PM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote: > A powerpc toolchain built with (or without) --enable-secureplt > currently creates a binary that uses bss plt if > > (1) any of the linked PIC objects have bss plt relocs > (2) or all the linked objects are non-PIC or have no relocs, > > because this is the binutils linker behaviour. > > This patch passes --secure-plt to the linker which makes the linker > warn in case (1) and produce a binary with secure plt in case (2). > > Without passing --secure-plt, case (2) can happen to the main executable. > Currently glibc avoids this because there is always PIC code linked > in (elf/elf-init.oS through libc_nonshared.a), but e.g. with musl libc > the linker heuristic fails to produce secure plt in the main executable. > > Shared objects have PIC code linked in from the compiler start code, > but with -nostartfiles one can create a shared object that is not secure > (has writable, executable section). > > Visible changes: > > * linking non-secureplt code with secureplt gcc will emit warnings > at link time (e.g. linking a main executable with non-secureplt > glibc). > * if binutils is old (<2.18 i think) then --secure-plt is unrecognised > (causing a link error). > > If these are undesirable then the flag can be made conditional > on musl libc. The patch is split out from the musl support patch: > https://gcc.gnu.org/ml/gcc-patches/2015-04/msg01640.html > > gcc/ChangeLog: > > 2015-10-15 Gregor Richards <gregor.richards@uwaterloo.ca> > Szabolcs Nagy <szabolcs.nagy@arm.com> > > * config/rs6000/secureplt.h (LINK_SECURE_PLT_DEFAULT_SPEC): Define. > * config/rs6000/sysv4.h (LINK_SECURE_PLT_DEFAULT_SPEC): Define. > (LINK_SPEC): Add %(link_secure_plt_default). > (SUBTARGET_EXTRA_SPECS): Add "link_secure_plt_default". I'll let Alan comment on this. - David
On Thu, Oct 15, 2015 at 06:50:50PM +0100, Szabolcs Nagy wrote: > A powerpc toolchain built with (or without) --enable-secureplt > currently creates a binary that uses bss plt if > > (1) any of the linked PIC objects have bss plt relocs > (2) or all the linked objects are non-PIC or have no relocs, > > because this is the binutils linker behaviour. > > This patch passes --secure-plt to the linker which makes the linker > warn in case (1) and produce a binary with secure plt in case (2). The idea is OK I think, but > @@ -574,6 +577,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEFAULT_ASM_ENDIAN) > %{R*} \ > %(link_shlib) \ > %{!T*: %(link_start) } \ > +%{!static: %(link_secure_plt_default)} \ > %(link_os)" this change needs to be conditional on !mbss-plt too.
On 19/10/15 12:12, Alan Modra wrote: > On Thu, Oct 15, 2015 at 06:50:50PM +0100, Szabolcs Nagy wrote: >> A powerpc toolchain built with (or without) --enable-secureplt >> currently creates a binary that uses bss plt if >> >> (1) any of the linked PIC objects have bss plt relocs >> (2) or all the linked objects are non-PIC or have no relocs, >> >> because this is the binutils linker behaviour. >> >> This patch passes --secure-plt to the linker which makes the linker >> warn in case (1) and produce a binary with secure plt in case (2). > > The idea is OK I think, but > >> @@ -574,6 +577,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEFAULT_ASM_ENDIAN) >> %{R*} \ >> %(link_shlib) \ >> %{!T*: %(link_start) } \ >> +%{!static: %(link_secure_plt_default)} \ >> %(link_os)" > > this change needs to be conditional on !mbss-plt too. > OK, will change that. if -msecure-plt and -mbss-plt are supposed to affect linking too (not just code gen) then shall i add %{msecure-plt: --secure-plt} too?
diff --git a/gcc/config/rs6000/secureplt.h b/gcc/config/rs6000/secureplt.h index b463463..77edf2a 100644 --- a/gcc/config/rs6000/secureplt.h +++ b/gcc/config/rs6000/secureplt.h @@ -18,3 +18,4 @@ along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ #define CC1_SECURE_PLT_DEFAULT_SPEC "-msecure-plt" +#define LINK_SECURE_PLT_DEFAULT_SPEC "--secure-plt" diff --git a/gcc/config/rs6000/sysv4.h b/gcc/config/rs6000/sysv4.h index 7b2f9bd..c77bf5c 100644 --- a/gcc/config/rs6000/sysv4.h +++ b/gcc/config/rs6000/sysv4.h @@ -537,6 +537,9 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEFAULT_ASM_ENDIAN) #ifndef CC1_SECURE_PLT_DEFAULT_SPEC #define CC1_SECURE_PLT_DEFAULT_SPEC "" #endif +#ifndef LINK_SECURE_PLT_DEFAULT_SPEC +#define LINK_SECURE_PLT_DEFAULT_SPEC "" +#endif /* Pass -G xxx to the compiler. */ #undef CC1_SPEC @@ -574,6 +577,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEFAULT_ASM_ENDIAN) %{R*} \ %(link_shlib) \ %{!T*: %(link_start) } \ +%{!static: %(link_secure_plt_default)} \ %(link_os)" /* Shared libraries are not default. */ @@ -889,6 +893,7 @@ ncrtn.o%s" { "link_os_openbsd", LINK_OS_OPENBSD_SPEC }, \ { "link_os_default", LINK_OS_DEFAULT_SPEC }, \ { "cc1_secure_plt_default", CC1_SECURE_PLT_DEFAULT_SPEC }, \ + { "link_secure_plt_default", LINK_SECURE_PLT_DEFAULT_SPEC }, \ { "cpp_os_ads", CPP_OS_ADS_SPEC }, \ { "cpp_os_yellowknife", CPP_OS_YELLOWKNIFE_SPEC }, \ { "cpp_os_mvme", CPP_OS_MVME_SPEC }, \