[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: Audit external function called indirectly via GOT

To: Generic System V Application Binary Interface <generic-abi@googlegroups.com>
Subject: Re: RFC: Audit external function called indirectly via GOT
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Thu, 22 Mar 2018 06:49:00 -0700
Authentication-results: sourceware.org; auth=none
Cc: "Carlos O'Donell" <carlos@redhat.com>, gnu-gabi@sourceware.org
Delivered-to: listarch-gnu-gabi@sourceware.org
Delivered-to: mailing list gnu-gabi@sourceware.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YAUPLxNJSx+VVTLylrb6V5FkJzwUTJwOc2jrWaT/aqU=; b=f+1XkZxFEMWSUryklzf0iiquhb/T9efyR9oZuOopBh41wHETg6mtv9JgMSt42yYIKK FyiHT4kISu1HF8DGiEQ7RkkqLIcxYs5GtjGmUFjiT1L79J4zusLsuodbgx7MwO9HdP2u IGZVWvlPIyVw9NLmjykODlHWS/uVDEtwLTYkSF1vuHHC3aD1NDHLKV1+EaQJMxL0H38X sBMQClL7l0A+mos2pAb7dh60RSM7Qw0wUCdv6r1wm0wVYG3hrAcn2nKf8gZ8QB0vYA5T 8TXw7zI8FOD+PdC2t8MDHscKfefoVLIgo0kdpo1o9pAr9sY2GVa7fOnyZ384V1ErDekv QDtQ==
In-reply-to: <20180322133034.GR3812@bubble.grove.modra.org>
List-help: <mailto:gnu-gabi-help@sourceware.org>
List-id: <gnu-gabi.sourceware.org>
List-post: <mailto:gnu-gabi@sourceware.org>
List-subscribe: <mailto:gnu-gabi-subscribe@sourceware.org>
Mailing-list: contact gnu-gabi-help@sourceware.org; run by ezmlm
References: <20180317133115.GA4681@gmail.com> <CAJimCsHksFELv9xi851jFN6_tdgRTP+8N9OAnZkiGX79phnD+Q@mail.gmail.com> <f9510da0-385b-621d-138c-38e36f89f171@redhat.com> <CAJimCsE4kOwuAZnjcOf3d7Ke_N0SVVH4oUFogEwBYZP-sG7MQA@mail.gmail.com> <20180322122957.GQ3812@bubble.grove.modra.org> <CAMe9rOrtf-ma=a4=HHxg1OqucUR5V_n6=6Uci2ntpDJKVrjfHg@mail.gmail.com> <20180322133034.GR3812@bubble.grove.modra.org>
Sender: gnu-gabi-owner@sourceware.org

On Thu, Mar 22, 2018 at 6:30 AM, Alan Modra <amodra@gmail.com> wrote:
> On Thu, Mar 22, 2018 at 05:39:18AM -0700, H.J. Lu wrote:
>> On Thu, Mar 22, 2018 at 5:29 AM, Alan Modra <amodra@gmail.com> wrote:
>> > On Wed, Mar 21, 2018 at 10:15:26PM -0700, Cary Coutant wrote:
>> >> If you get rid of the GOT entry, and have the point of call jump
>> >> indirectly through the PLTGOT entry, which is initialized to point to
>> >> part (b) of the PLT entry, everything should work the same as without
>> >> -fno-plt. Essentially, all -fno-plt would do is inline part (a) of the
>> >> PLT entry.
>> >>
>> >> -cary
>> >>
>> >> * I'm using parts (a) and (b) to refer to the two parts of a PLT
>> >> entry: (a) an indirect jump via the PLTGOT entry, and (b) code that
>> >> jumps to the lazy binding routine, passing the JUMP_SLOT index.
>> >
>> > Yes, that essentially is what I've done for -fno-plt on powerpc.
>> > The call stub code is inlined while the rest of the PLT is more or
>> > less unchanged.  So you get all of the usual lazy-binding features
>> > by default, and can use "-z now -z relro" if you want a read-only
>> > PLT.
>> >
>>
>> On x86, PLT is always read-only.  The issue is the writable PLTGOT.
>
> Yes, I do know how the x86 PLT works.  (Or to be more honest, how it
> used to work..)  To be clear, I was using PLT to refer to the whole
> scheme, ie. the code to do an indirect jump (x86 .plt), plus a table
> of addresses (x86 .plt.got), plus code for lazy binding (x86 .plt
> again).  Like x86 the powerpc PLT code to do indirect jumps and lazy
> binding is read-only nowadays.  -fno-plt on powerpc inlines the code
> to do the indirect jump, but leaves the table of addresses and the
> lazy binding code functionally unchanged.
>
>> On x86, -fno-plt removes the writable PLTGOT.
>
> I think that may have been a mistake.  You could have kept .plt.got
> functionally unchanged, giving you a writable .plt.got by default with
> -fno-plt, and read-only when "-z now -z relro".  Just like the usual
> -fplt case.
>

This is done on purpose.  See "Alternate Code Sequences For
Security" chapter on x86-64 psABI version 1.0.

-- 
H.J.

References:
- RFC: Audit external function called indirectly via GOT
  - From: "H.J. Lu" <hjl.tools@gmail.com>
- Re: RFC: Audit external function called indirectly via GOT
  - From: Cary Coutant <ccoutant@gmail.com>
- Re: RFC: Audit external function called indirectly via GOT
  - From: Carlos O'Donell <carlos@redhat.com>
- Re: RFC: Audit external function called indirectly via GOT
  - From: Cary Coutant <ccoutant@gmail.com>
- Re: RFC: Audit external function called indirectly via GOT
  - From: Alan Modra <amodra@gmail.com>
- Re: RFC: Audit external function called indirectly via GOT
  - From: "H.J. Lu" <hjl.tools@gmail.com>
- Re: RFC: Audit external function called indirectly via GOT
  - From: Alan Modra <amodra@gmail.com>

Prev by Date: Re: RFC: Audit external function called indirectly via GOT
Next by Date: Re: RFC: Audit external function called indirectly via GOT
Previous by thread: Re: RFC: Audit external function called indirectly via GOT
Index(es):
- Date
- Thread