Reproducer cat > f.s <<\EOF .text .global _start _start: xor %edi, %edi mov $60, %eax syscall EOF cat > g.s <<\EOF .text .global main main: xor %edi, %edi mov $60, %eax syscall EOF cat > Makefile <<\EOF all: f g f: f.o; ld -o $@ $< -z shstk g: g.o; gcc -o $@ $< -Wl,-z,shstk f.o: f.s g.o: g.s .s.o:; as --64 -o $@ $< .PHONY: all EOF Now: $ make as --64 -o f.o f.s ld -o f f.o -z shstk as --64 -o g.o g.s gcc -o g g.o -Wl,-z,shstk $ readelf -n f # correct Displaying notes found in: .note.gnu.property Owner Data size Description GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 Properties: x86 feature: SHSTK $ readelf -n g # wrong Displaying notes found in: .note.gnu.property Owner Data size Description GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 Properties: x86 feature: IBT, SHSTK and indeed running "g" on a machine with CET fails with a segv at the beginning of "main" (it works if you add the endbr64 hint). More information: - the minimal ld command line that causes the bug and still allows "g" to build is /usr/bin/ld --no-add-needed \ -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o g \ /usr/lib64/crt1.o /usr/lib64/crti.o g.o -z shstk \ -L/lib64 -lc - the minimal ld command line that causes the bug (but does not build a runnable executable) is /usr/bin/ld --no-add-needed -r -o h \ /usr/lib64/crt1.o /usr/lib64/crti.o g.o -z shstk
Nick Clifton says: > The issue here is that g.o does not contain any notes of any kind. > In particular it does not contain any GNU Property notes indicating > which ABI features are enabled. So when you link g.o together with > other files which do have IBT enabled, the linker sees no reason not > to leave the IBT note intact. [..] My gut feeling is that the > linker should treat object files with executable code sections and > no GNU Property notes as if they did not have IBT enabled.
Please try https://sourceware.org/ml/binutils/2019-03/msg00069.html
The master branch has been updated by H.J. Lu <hjl@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b27f959abf267fc9ec228f4131c932597b01d4 commit 44b27f959abf267fc9ec228f4131c932597b01d4 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Mar 13 14:38:15 2019 +0800 x86: Properly set IBT and SHSTK properties for -z ibt/shstk There should be no AND properties if some input doesn't have them. We should set IBT and SHSTK properties for -z ibt and -z shstk if needed. bfd/ PR ld/24322 * elfxx-x86.c (_bfd_x86_elf_merge_gnu_properties): Properly merge GNU_PROPERTY_X86_FEATURE_1_[IBT|SHSTK]. ld/ PR ld/24322 * testsuite/ld-i386/i386.exp: Run PR ld/24322 tests. * testsuite/ld-x86-64/x86-64.exp: Likewise. * testsuite/ld-i386/pr24322a.d: New file. * testsuite/ld-i386/pr24322b.d: Likewise. * testsuite/ld-x86-64/pr24322a-x32.d: Likewise. * testsuite/ld-x86-64/pr24322a.d: Likewise. * testsuite/ld-x86-64/pr24322b-x32.d: Likewise. * testsuite/ld-x86-64/pr24322b.d: Likewise. * testsuite/ld-x86-64/pr24322a.s: Likewise. * testsuite/ld-x86-64/pr24322b.s: Likewise. * testsuite/ld-x86-64/pr24322c.s: Likewise.
Hi H.J. What happens if an input object files does not contain any GNU Property notes or any executable code ? Ie if it only contains data (or debug info, or other types of note). In this case, shouldn't the lack of GNU Propery notes not have any affect on the merging of other object files notes ? Cheers Nick
(In reply to Nick Clifton from comment #4) > Hi H.J. > > What happens if an input object files does not contain any GNU Property > notes or any executable code ? Ie if it only contains data (or debug > info, or other types of note). In this case, shouldn't the lack of GNU > Propery notes not have any affect on the merging of other object files > notes ? Linker will force to enable specified properties first.