[PATCH v4 0/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
Adhemerval Zanella Netto
adhemerval.zanella@linaro.org
Thu Dec 19 20:13:59 GMT 2024
Ping (x2)
On 06/12/24 11:08, Adhemerval Zanella Netto wrote:
> Ping on this patchset.
>
> On 28/11/24 12:43, Adhemerval Zanella wrote:
>> elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
>>
>> The new GNU property is a way to mark binaries to be memory-sealed by
>> the loader, to avoid further changes of PT_LOAD segments (such as
>> unmapping or changing permission flags). This is done along with Linux
>> (the mseal syscall [1]), and C runtime supports to instruct the kernel
>> on the correct time to seal the mapping during program startup (for
>> instance, after RELRO setup). This support is added along the glibc
>> support to handle the new gnu property [2].
>>
>> The first patch adds the -Wl,memory-seal and -Wl,nomemory-seal optionsi
>> to ld.bfd. The GNU_PROPERTY_MEMORY_SEAL property is added only for
>> ET_EXEC or ET_DYN objects.
>>
>> The second patch adds similar support for ld.gold.
>>
>> The third patch adds the ld --enable-memory-seal configure option to
>> enable the memory sealing as default.
>>
>> [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370
>> [2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html
>>
>> Changes v3->v4:
>> * Rebase against master
>> * Address comments from last version
>>
>> Changes v2->v3:
>> * Do not add or merge the GNU_PROPERTY_MEMORY_SEAL property if present
>> on ET_REL.
>> * Extend testing.
>>
>> Changes v1->v2:
>> * Make the security hardening opt-in instead of opt-out.
>> * Add gold support.
>>
>> Adhemerval Zanella (3):
>> elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
>> gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property
>> ld: Add --enable-memory-seal configure option
>>
>> bfd/elf-properties.c | 85 +++++++++++++++++-----
>> bfd/elfxx-x86.c | 3 +-
>> binutils/readelf.c | 6 ++
>> binutils/testsuite/lib/binutils-common.exp | 22 ++++++
>> elfcpp/elfcpp.h | 1 +
>> gold/NEWS | 3 +
>> gold/layout.cc | 4 +
>> gold/options.h | 3 +
>> gold/testsuite/Makefile.am | 19 +++++
>> gold/testsuite/Makefile.in | 26 ++++++-
>> gold/testsuite/memory_seal_main.c | 5 ++
>> gold/testsuite/memory_seal_shared.c | 7 ++
>> gold/testsuite/memory_seal_test.sh | 45 ++++++++++++
>> include/bfdlink.h | 3 +
>> include/elf/common.h | 1 +
>> ld/NEWS | 4 +
>> ld/config.in | 3 +
>> ld/configure | 38 ++++++++--
>> ld/configure.ac | 17 +++++
>> ld/emultempl/elf.em | 5 ++
>> ld/ld.texi | 8 ++
>> ld/lexsup.c | 11 +++
>> ld/testsuite/config/default.exp | 8 ++
>> ld/testsuite/ld-elf/property-seal-1.d | 16 ++++
>> ld/testsuite/ld-elf/property-seal-1.s | 11 +++
>> ld/testsuite/ld-elf/property-seal-2.d | 17 +++++
>> ld/testsuite/ld-elf/property-seal-3.d | 16 ++++
>> ld/testsuite/ld-elf/property-seal-4.d | 16 ++++
>> ld/testsuite/ld-elf/property-seal-5.d | 15 ++++
>> ld/testsuite/ld-elf/property-seal-6.d | 16 ++++
>> ld/testsuite/ld-elf/property-seal-7.d | 14 ++++
>> ld/testsuite/ld-elf/property-seal-8.d | 15 ++++
>> ld/testsuite/ld-srec/srec.exp | 4 +
>> ld/testsuite/lib/ld-lib.exp | 6 ++
>> 34 files changed, 445 insertions(+), 28 deletions(-)
>> create mode 100644 gold/testsuite/memory_seal_main.c
>> create mode 100644 gold/testsuite/memory_seal_shared.c
>> create mode 100755 gold/testsuite/memory_seal_test.sh
>> create mode 100644 ld/testsuite/ld-elf/property-seal-1.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-1.s
>> create mode 100644 ld/testsuite/ld-elf/property-seal-2.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-3.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-4.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-5.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-6.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-7.d
>> create mode 100644 ld/testsuite/ld-elf/property-seal-8.d
>>
>
More information about the Binutils
mailing list