Re: dynrelro section for read-only dynamic symbols copied into executable

[Palmer Dabbelt <palmer at dabbelt dot com>]

On Thu, 29 Dec 2016 14:24:02 PST (-0800), amodra@gmail.com wrote:
> On Thu, Dec 29, 2016 at 10:20:06AM -0800, Palmer Dabbelt wrote:
>> On Sun, 25 Dec 2016 21:44:48 PST (-0800), amodra@gmail.com wrote:
>> > riscv scripts are hosed for -z relro.
>>
>> Andrew and I can't figure out why relro is broken on RISC-V.
>
> You have this at the start of your scripts.
>
>   .interp         : { *(.interp) }
>   .data           : { *(.data) *(.data.*) *(.gnu.linkonce.d.*) }
>   .rodata         : { *(.rodata) *(.rodata.*) *(.gnu.linkonce.r.*) }
>
> So .data.rel.ro goes into .data since it matches *(.data.*).  Also,
> .rodata after .data is a problem.  Since you don't give a page gap
> between sections with differing write protection, you will make
> .interp and .rodata writable.  As shown below.
>
> [snip]
>>   Program Headers:
>>     Type           Offset             VirtAddr           PhysAddr
>>                    FileSiz            MemSiz              Flags  Align
>>     PHDR           0x0000000000000040 0x0000000000010040 0x0000000000010040
>>                    0x00000000000001f8 0x00000000000001f8  R E    0x8
>>     INTERP         0x0000000000000238 0x0000000000010238 0x0000000000010238
>>                    0x0000000000000014 0x0000000000000014  R      0x1
>>         [Requesting program interpreter: /lib64/lp64/ld.so.1]
>>     LOAD           0x0000000000000000 0x0000000000010000 0x0000000000010000
>>                    0x00000000000039b4 0x00000000000039f8  RW     0x1000
> [snip]
>>      02     .interp .note.ABI-tag .data .rodata .sdata .sbss .bss
>
> Run-time permission is determined by the PT_LOAD program header flags.
> The section permissions don't matter, nor does the PT_INTERP program
> header flags.

Thankn!  I believe we have a fix, it's in a patcheset I'm just mailing out now.