This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Sriraman Tallam <tmsriram at google dot com>
- Cc: Paul Pluzhnikov <ppluzhnikov at google dot com>, GLIBC Devel <libc-alpha at sourceware dot org>, Ian Lance Taylor <iant at google dot com>, David Li <davidxl at google dot com>
- Date: Tue, 11 Aug 2015 19:08:25 -0700
- Subject: Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
- Authentication-results: sourceware.org; auth=none
- References: <CAAs8Hmy32PV1z0D7So6TEzFosCyJNUB_yco_6SYi=tKHUpBMQg at mail dot gmail dot com> <CALoOobNX0PaUHjydC1rCr8qeRbmVZj76mZnC6DdbOLwGPnhAGQ at mail dot gmail dot com> <CAMe9rOp6EaE-sM7AV5TcUUZPC_qnnmLE6yDVtTyFazXnAHU7fw at mail dot gmail dot com> <CALoOobNU2cLioa-nM7qYpRS0oEYw5XoP1QgiLHyF25h5C6S7sg at mail dot gmail dot com> <CAMe9rOq0yrTdi2jRGA5LgsBN+Ed9POe5-S7c3Y8X-JhMJk9ivw at mail dot gmail dot com> <CALoOobPuh-kjcttgWQWZujEfr13rNG-BKUbwsBGE8NQrXwFCtw at mail dot gmail dot com> <CAMe9rOq30b4WCNveLjg8meskiBqVwJyQf25W+U1d2n_viy447A at mail dot gmail dot com> <CAAs8Hmx8LgKeR=PUcXcUjucpRzW7u8EJwNwA6vthyTeu8ch5iw at mail dot gmail dot com> <CAMe9rOq+5=8E0XLxA2P32wkwZpn0obnbPWPCk=3DE2VtYzm=nQ at mail dot gmail dot com> <CAAs8HmxKwgh-sxXThBSko9a53XEwN=_7fEbsTRwqgZgeFucK9A at mail dot gmail dot com>
On Tue, Aug 11, 2015 at 5:55 PM, Sriraman Tallam <tmsriram@google.com> wrote:
> On Tue, Aug 11, 2015 at 5:02 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
>> On Tue, Aug 11, 2015 at 3:57 PM, Sriraman Tallam <tmsriram@google.com> wrote:
>>> On Tue, Aug 11, 2015 at 3:54 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
>>>> On Tue, Aug 11, 2015 at 3:37 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
>>>>> On Tue, Aug 11, 2015 at 3:31 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
>>>>>
>>>>>> No. I am proposing that linker issues an error if there is TEXTREL
>>>>>> with IFUNC unless "-z now'" is used, assuming that this doesn't
>>>>>> require changes to ld.so nor SELinux.
>>>>>
>>>>> Ah, ok. But that *doesn't* help current crash at all: "-z now" will
>>>>> force IFUNC resolver (if any) to be called, and that call will fail
>>>>> since we are currently removing execute protections.
>>>>> (This is in fact the situation we've discovered the crash in originally.)
>>>>
>>>> Can you try adding -Wl,-z,execstack?
>>>
>>> Yes, making the stack executable will solve the problem. My test case
>>> needed ".note.GNU-stack" specifically for this.
>>
>> Given SELinux issue, I don't think we should change ld.so. Instead,
>> we can change ld to issue an error for TEXTREL with IFUNC and
>> suggest -fPIE and -Wl,-z,execstack as workaround.
>
> I am not sure I understand the problem. What is wrong with the patch?
> Why should IFUNC+TEXTREL be disallowed?
Since this will cause any TEXTREL binary to fail under SELinux config that
prohibits "W+E" permissions, which is OK without IFUNC.
--
H.J.