Re: RFC: Audit external function called indirectly via GOT

[Alan Modra <amodra@gmail.com>]

On Thu, Mar 22, 2018 at 05:39:18AM -0700, H.J. Lu wrote:
> On Thu, Mar 22, 2018 at 5:29 AM, Alan Modra <amodra@gmail.com> wrote:
> > On Wed, Mar 21, 2018 at 10:15:26PM -0700, Cary Coutant wrote:
> >> If you get rid of the GOT entry, and have the point of call jump
> >> indirectly through the PLTGOT entry, which is initialized to point to
> >> part (b) of the PLT entry, everything should work the same as without
> >> -fno-plt. Essentially, all -fno-plt would do is inline part (a) of the
> >> PLT entry.
> >>
> >> -cary
> >>
> >> * I'm using parts (a) and (b) to refer to the two parts of a PLT
> >> entry: (a) an indirect jump via the PLTGOT entry, and (b) code that
> >> jumps to the lazy binding routine, passing the JUMP_SLOT index.
> >
> > Yes, that essentially is what I've done for -fno-plt on powerpc.
> > The call stub code is inlined while the rest of the PLT is more or
> > less unchanged.  So you get all of the usual lazy-binding features
> > by default, and can use "-z now -z relro" if you want a read-only
> > PLT.
> >
> 
> On x86, PLT is always read-only.  The issue is the writable PLTGOT.

Yes, I do know how the x86 PLT works.  (Or to be more honest, how it
used to work..)  To be clear, I was using PLT to refer to the whole
scheme, ie. the code to do an indirect jump (x86 .plt), plus a table
of addresses (x86 .plt.got), plus code for lazy binding (x86 .plt
again).  Like x86 the powerpc PLT code to do indirect jumps and lazy
binding is read-only nowadays.  -fno-plt on powerpc inlines the code
to do the indirect jump, but leaves the table of addresses and the
lazy binding code functionally unchanged.

> On x86, -fno-plt removes the writable PLTGOT.

I think that may have been a mistake.  You could have kept .plt.got
functionally unchanged, giving you a writable .plt.got by default with
-fno-plt, and read-only when "-z now -z relro".  Just like the usual
-fplt case.

-- 
Alan Modra
Australia Development Lab, IBM