This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 0/2] aarch64: Enable pointer auth in PLT
On 24/06/2019 20:13, Adhemerval Zanella wrote:
>
>
> On 24/06/2019 14:50, Szabolcs Nagy wrote:
>> On 24/06/2019 17:28, Florian Weimer wrote:
>>> * Szabolcs Nagy:
>>>
>>>> there is no easy way to mark binaries such that
>>>> old loader rejects them if it does not understand
>>>> the marking.
>>>
>>> There are symbol versions, new relocation types, and EI_ABIVERSION.
>>> For the latter, see libc-abis.
>>
>> bumping EI_ABIVERSION may work for pac-plt, i'll look
>> into it (that will have to be documented in the elf abi).
>>
>> an alternative is to leave the elf abi as is and solve this
>> in the bfd linker by -z pac-plt implying -u __pac_plt_supported
>> and adding __pac_plt_supported symbol to glibc.
>> (i.e. only solve this in the tooling, the magic symbol
>> ref is not required by the elf abi, just a safety net
>> provided by the binutils implementation, a huge hack,
>> but in practice it should be enough)
>
> I will follow the EI_ABIVERSION path since it changes how loader
> handles the PLTs (similar to IFUNC).
>
> If I understood correctly, the idea is just to prevent prevent
> old-loaders to fail for binaries built with -z pac-plt, wouldn't it
we want old loaders to fail loudly when
you use a new binary (independently of
what cpu you run it on).
EI_ABIVERSION can solve this.
i'm not yet sure if that's the right approach.
> happen anyway when kernel has pac enabled? Would it to make the
> failure more explicit (by printing a error message) or to just
> avoid ld.so to load it altogether?
we cannot retroactively print a helpful
error message in an old loader.
(well in principle a missing symbol reference
could be descriptive, but that's the closest
we can get)