+2004-01-13 Ulrich Drepper <drepper@redhat.com>
+
+ * Makeconfig: Define relro-LDFLAGS if have-z-relro==yes. Add it to
+ LDFLAGS.so and LDFLAGS-rtld.
+ (+link): Add relro-LDFLAGS.
+ * Makeconfig (shlib.lds): Place __libc_subfreeres, __libc_atexit, and
+ __libc_thread_subfreeres sections after .jcr section.
+ * config.make.in: Add have-z-relro.
+ * configure.in: Add check for -z relro option.
+ * include/link.h (struct link_map): Add relro_addr and relro_size
+ members.
+ * elf/dl-load.c (_dl_map_object_from_fd): Recognize PT_GNU_RELRO.
+ * elf/dl-reloc.c (_dl_relocate_object): At the end, make relro
+ part of loaded segments read-only.
+ * elf/elf.h: Define PT_GNU_RELRO.
+ * elf/rtld.c (_dl_start): Recognize PT_GNU_RELRO of ld.so.
+ (dl_main): Recognize PT_GNU_RELRO of the application. Call
+ _dl_debug_initialize and initialize l_info[DT_DEBUG] before
+ relocations.
+
2004-01-12 Jakub Jelinek <jakub@redhat.com>
* sysdeps/x86_64/strcspn.S: Fix typo in last patch.
-# Copyright (C) 1991-2002, 2003 Free Software Foundation, Inc.
+# Copyright (C) 1991-2002, 2003, 2004 Free Software Foundation, Inc.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
-e 's/^.*\*(\.dynbss).*$$/& \
PROVIDE(__start___libc_freeres_ptrs = .); \
*(__libc_freeres_ptrs) \
- PROVIDE(__stop___libc_freeres_ptrs = .);/'
+ PROVIDE(__stop___libc_freeres_ptrs = .);/'\
+ -e 's/^.*\*(\.jcr).*$$/&\n\
+ PROVIDE(__start___libc_subfreeres = .);\n\
+ __libc_subfreeres : { *(__libc_subfreeres) }\n\
+ PROVIDE(__stop___libc_subfreeres = .);\n\
+ PROVIDE(__start___libc_atexit = .);\n\
+ __libc_atexit : { *(__libc_atexit) }\n\
+ PROVIDE(__stop___libc_atexit = .);\n\
+ PROVIDE(__start___libc_thread_subfreeres = .);\n\
+ __libc_thread_subfreeres : { *(__libc_thread_subfreeres) }\n\
+ PROVIDE(__stop___libc_thread_subfreeres = .);/'
mv -f $@T $@
common-generated += shlib.lds
have-z-combreloc = @libc_cv_z_combreloc@
have-z-execstack = @libc_cv_z_execstack@
have-initfini = @libc_cv_have_initfini@
+have-z-relro = @libc_cv_z_relro@
have-Bgroup = @libc_cv_Bgroup@
need-nopic-initfini = @nopic_initfini@
with-fp = @with_fp@
# include <unistd.h>
#endif"
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS with_fp with_cvs enable_check_abi oldest_abi subdirs force_install all_warnings build build_cpu build_vendor build_os host host_cpu host_vendor host_os base_machine sysnames INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC OBJEXT BUILD_CC cross_compiling CPP CXX CXXFLAGS ac_ct_CXX AR OBJDUMP RANLIB ac_ct_RANLIB MIG AS LD PWD_P MAKE MSGFMT MAKEINFO SED AUTOCONF CCVERSION SYSINCLUDES libc_cv_gcc_static_libgcc BASH libc_cv_have_bash2 KSH libc_cv_have_ksh AWK PERL INSTALL_INFO BISON VERSIONING libc_cv_asm_protected_directive libc_cv_initfinit_array libc_cv_cc_with_libunwind libc_cv_z_nodelete libc_cv_z_nodlopen libc_cv_z_initfirst libc_cv_Bgroup ASFLAGS_config libc_cv_z_combreloc libc_cv_z_execstack libc_cv_fpie fno_unit_at_a_time libc_cv_have_initfini libc_cv_cpp_asm_debuginfo no_whole_archive exceptions LIBGD EGREP sizeof_long_double libc_cv_gcc_unwind_find_fde uname_sysname uname_release uname_version old_glibc_headers libc_cv_slibdir libc_cv_localedir libc_cv_sysconfdir libc_cv_rootsbindir libc_cv_forced_unwind use_ldconfig ldd_rewrite_script gnu_ld gnu_as elf xcoff static shared pic_default profile omitfp bounded static_nss nopic_initfini DEFINES linux_doors mach_interface_list VERSION RELEASE LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS with_fp with_cvs enable_check_abi oldest_abi subdirs force_install all_warnings build build_cpu build_vendor build_os host host_cpu host_vendor host_os base_machine sysnames INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC OBJEXT BUILD_CC cross_compiling CPP CXX CXXFLAGS ac_ct_CXX AR OBJDUMP RANLIB ac_ct_RANLIB MIG AS LD PWD_P MAKE MSGFMT MAKEINFO SED AUTOCONF CCVERSION SYSINCLUDES libc_cv_gcc_static_libgcc BASH libc_cv_have_bash2 KSH libc_cv_have_ksh AWK PERL INSTALL_INFO BISON VERSIONING libc_cv_asm_protected_directive libc_cv_initfinit_array libc_cv_cc_with_libunwind libc_cv_z_nodelete libc_cv_z_nodlopen libc_cv_z_initfirst libc_cv_z_relro libc_cv_Bgroup ASFLAGS_config libc_cv_z_combreloc libc_cv_z_execstack libc_cv_fpie fno_unit_at_a_time libc_cv_have_initfini libc_cv_cpp_asm_debuginfo no_whole_archive exceptions LIBGD EGREP sizeof_long_double libc_cv_gcc_unwind_find_fde uname_sysname uname_release uname_version old_glibc_headers libc_cv_slibdir libc_cv_localedir libc_cv_sysconfdir libc_cv_rootsbindir libc_cv_forced_unwind use_ldconfig ldd_rewrite_script gnu_ld gnu_as elf xcoff static shared pic_default profile omitfp bounded static_nss nopic_initfini DEFINES linux_doors mach_interface_list VERSION RELEASE LIBOBJS LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
echo "${ECHO_T}$libc_cv_z_initfirst" >&6
+ echo "$as_me:$LINENO: checking for -z relro option" >&5
+echo $ECHO_N "checking for -z relro option... $ECHO_C" >&6
+if test "${libc_cv_z_relro+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if { ac_try='${CC-cc} -v --help 2>&1|grep "z relro" 1>&5'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }
+ then
+ libc_cv_z_relro=yes
+ else
+ libc_cv_z_relro=no
+ fi
+fi
+echo "$as_me:$LINENO: result: $libc_cv_z_relro" >&5
+echo "${ECHO_T}$libc_cv_z_relro" >&6
+
+
echo "$as_me:$LINENO: checking for -Bgroup option" >&5
echo $ECHO_N "checking for -Bgroup option... $ECHO_C" >&6
if test "${libc_cv_Bgroup+set}" = set; then
s,@libc_cv_z_nodelete@,$libc_cv_z_nodelete,;t t
s,@libc_cv_z_nodlopen@,$libc_cv_z_nodlopen,;t t
s,@libc_cv_z_initfirst@,$libc_cv_z_initfirst,;t t
+s,@libc_cv_z_relro@,$libc_cv_z_relro,;t t
s,@libc_cv_Bgroup@,$libc_cv_Bgroup,;t t
s,@ASFLAGS_config@,$ASFLAGS_config,;t t
s,@libc_cv_z_combreloc@,$libc_cv_z_combreloc,;t t
rm -f conftest*])
AC_SUBST(libc_cv_z_initfirst)
+ AC_CACHE_CHECK(for -z relro option,
+ libc_cv_z_relro, [dnl
+ if AC_TRY_COMMAND([${CC-cc} -v --help 2>&1|grep "z relro" 1>&AS_MESSAGE_LOG_FD])
+ then
+ libc_cv_z_relro=yes
+ else
+ libc_cv_z_relro=no
+ fi])
+ AC_SUBST(libc_cv_z_relro)
+
AC_CACHE_CHECK(for -Bgroup option,
libc_cv_Bgroup, [dnl
cat > conftest.c <<EOF
/* Map in a shared object's segments from the file.
- Copyright (C) 1995-2002, 2003 Free Software Foundation, Inc.
+ Copyright (C) 1995-2002, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
case PT_GNU_STACK:
stack_flags = ph->p_flags;
break;
+
+ case PT_GNU_RELRO:
+ l->l_relro_addr = ph->p_vaddr;
+ l->l_relro_size = ph->p_memsz;
+ break;
}
if (__builtin_expect (nloadcmds == 0, 0))
/* Relocate a shared object and resolve its references to other loaded objects.
- Copyright (C) 1995-2002, 2003 Free Software Foundation, Inc.
+ Copyright (C) 1995-2002, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
textrels = textrels->next;
}
+
+ /* In case we can protect the data now that the relocations are
+ done, do it. */
+ if (l->l_relro_size != 0)
+ {
+ ElfW(Addr) start = ((l->l_addr + l->l_relro_addr)
+ & ~(GL(dl_pagesize) - 1));
+ ElfW(Addr) end = ((l->l_addr + l->l_relro_addr + l->l_relro_size)
+ & ~(GL(dl_pagesize) - 1));
+
+ if (start != end
+ && __mprotect ((void *) start, end - start, PROT_READ) < 0)
+ {
+ errstring = N_("\
+cannot apply additional memory protection after relocation");
+ goto call_error;
+ }
+ }
}
INTDEF (_dl_relocate_object)
/* This file defines standard ELF types, structures, and macros.
- Copyright (C) 1995-1999,2000,2001,2002,2003 Free Software Foundation, Inc.
+ Copyright (C) 1995-2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
#define PT_LOOS 0x60000000 /* Start of OS-specific */
#define PT_GNU_EH_FRAME 0x6474e550 /* GCC .eh_frame_hdr segment */
#define PT_GNU_STACK 0x6474e551 /* Indicates stack executability */
+#define PT_GNU_RELRO 0x6474e552 /* Read-only after relocation */
#define PT_LOSUNW 0x6ffffffa
#define PT_SUNWBSS 0x6ffffffa /* Sun Specific segment */
#define PT_SUNWSTACK 0x6ffffffb /* Stack segment */
/* Run time dynamic linker.
- Copyright (C) 1995-2002, 2003 Free Software Foundation, Inc.
+ Copyright (C) 1995-2002, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
bootstrap_map.l_tls_offset = NO_TLS_OFFSET;
#endif
-#if USE___THREAD
/* Get the dynamic linker's own program header. First we need the ELF
file header. The `_begin' symbol created by the linker script points
to it. When we have something like GOTOFF relocs, we can use a plain
reference to find the runtime address. Without that, we have to rely
on the `l_addr' value, which is not the value we want when prelinked. */
+#if USE___THREAD
dtv_t initdtv[3];
+#endif /* USE___THREAD */
ElfW(Ehdr) *ehdr
# ifdef DONT_USE_BOOTSTRAP_MAP
= (ElfW(Ehdr) *) &_begin;
ElfW(Phdr) *phdr = (ElfW(Phdr) *) ((void *) ehdr + ehdr->e_phoff);
size_t cnt = ehdr->e_phnum; /* PT_TLS is usually the last phdr. */
while (cnt-- > 0)
+#if USE___THREAD
if (phdr[cnt].p_type == PT_TLS)
{
void *tlsblock;
/* So far this is module number one. */
bootstrap_map.l_tls_modid = 1;
-
- /* There can only be one PT_TLS entry. */
- break;
}
+ else
#endif /* USE___THREAD */
+ if (phdr[cnt].p_type == PT_GNU_RELRO)
+ {
+ bootstrap_map.l_relro_addr = phdr[cnt].p_vaddr;
+ bootstrap_map.l_relro_size = phdr[cnt].p_memsz;
+ }
#ifdef ELF_MACHINE_BEFORE_RTLD_RELOC
ELF_MACHINE_BEFORE_RTLD_RELOC (bootstrap_map.l_info);
GL(dl_stack_flags) = ph->p_flags;
break;
}
+ else if (ph->p_type == PT_GNU_RELRO)
+ {
+ GL(dl_loaded)->l_relro_addr = ph->p_vaddr;
+ GL(dl_loaded)->l_relro_size = ph->p_memsz;
+ }
if (__builtin_expect (mode, normal) == verify)
{
_dl_printf ("\nprelink checking: %s\n", prelinked ? "ok" : "failed");
}
+
+ /* Initialize _r_debug. */
+ struct r_debug *r = _dl_debug_initialize (GL(dl_rtld_map).l_addr);
+ {
+ struct link_map *l;
+
+ l = GL(dl_loaded);
+
+#ifdef ELF_MACHINE_DEBUG_SETUP
+
+ /* Some machines (e.g. MIPS) don't use DT_DEBUG in this way. */
+
+ ELF_MACHINE_DEBUG_SETUP (l, r);
+ ELF_MACHINE_DEBUG_SETUP (&GL(dl_rtld_map), r);
+
+#else
+
+ if (l->l_info[DT_DEBUG] != NULL)
+ /* There is a DT_DEBUG entry in the dynamic section. Fill it in
+ with the run-time address of the r_debug structure */
+ l->l_info[DT_DEBUG]->d_un.d_ptr = (ElfW(Addr)) r;
+
+ /* Fill in the pointer in the dynamic linker's own dynamic section, in
+ case you run gdb on the dynamic linker directly. */
+ if (GL(dl_rtld_map).l_info[DT_DEBUG] != NULL)
+ GL(dl_rtld_map).l_info[DT_DEBUG]->d_un.d_ptr = (ElfW(Addr)) r;
+#endif
+ }
+
if (prelinked)
{
struct link_map *l;
#endif
NONTLS_INIT_TP;
- {
- /* Initialize _r_debug. */
- struct r_debug *r = _dl_debug_initialize (GL(dl_rtld_map).l_addr);
- struct link_map *l;
-
- l = GL(dl_loaded);
-
-#ifdef ELF_MACHINE_DEBUG_SETUP
-
- /* Some machines (e.g. MIPS) don't use DT_DEBUG in this way. */
-
- ELF_MACHINE_DEBUG_SETUP (l, r);
- ELF_MACHINE_DEBUG_SETUP (&GL(dl_rtld_map), r);
-
-#else
-
- if (l->l_info[DT_DEBUG] != NULL)
- /* There is a DT_DEBUG entry in the dynamic section. Fill it in
- with the run-time address of the r_debug structure */
- l->l_info[DT_DEBUG]->d_un.d_ptr = (ElfW(Addr)) r;
-
- /* Fill in the pointer in the dynamic linker's own dynamic section, in
- case you run gdb on the dynamic linker directly. */
- if (GL(dl_rtld_map).l_info[DT_DEBUG] != NULL)
- GL(dl_rtld_map).l_info[DT_DEBUG]->d_un.d_ptr = (ElfW(Addr)) r;
-
-#endif
-
- /* Notify the debugger that all objects are now mapped in. */
- r->r_state = RT_ADD;
- INTUSE(_dl_debug_state) ();
- }
+ /* Notify the debugger that all objects are now mapped in. */
+ r->r_state = RT_ADD;
+ INTUSE(_dl_debug_state) ();
#ifndef MAP_COPY
/* We must munmap() the cache file. */
/* Data structure for communication from the run-time dynamic linker for
loaded ELF shared objects.
- Copyright (C) 1995-2002, 2003 Free Software Foundation, Inc.
+ Copyright (C) 1995-2002, 2003, 2004 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
/* Index of the module in the dtv array. */
size_t l_tls_modid;
#endif
+
+ /* Information used to change permission after the relocations are
+ done. */
+ ElfW(Addr) l_relro_addr;
+ size_t l_relro_size;
};
struct dl_phdr_info
git.samba.org / jlayton / glibc.git / commitdiff