From patchwork Thu Nov 28 15:43:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 845946
Delivered-To: patch@linaro.org
Received: by 2002:adf:f2c4:0:b0:382:43a8:7b94 with SMTP id d4csp314209wrp;
 Thu, 28 Nov 2024 07:47:00 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCXnDBxOsUB+CNcHfpgy4p0fJjj1GFputWzUleAa1fsoZ9kGNrMhIwMtQT4PxMgn+zCb9aHtJg==@linaro.org
X-Google-Smtp-Source: AGHT+IFmymYC76G/0S+96ZodBrcMsh80QMi3jNVovj4dboJHWEusvjm29xCgWrNQUGipfOjqwdGv
X-Received: by 2002:ad4:4ee5:0:b0:6d4:10fd:3a36 with SMTP id
 6a1803df08f44-6d872971304mr54984636d6.7.1732808820032;
 Thu, 28 Nov 2024 07:47:00 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1732808820; cv=pass;
 d=google.com; s=arc-20240605;
 b=C2N8FEYP93S4mz4XdLM2Bq0E/XfotVW49qK1IiRnq56FmbQnydttVq0X7qg5k1825i
 51vPHgrdx/pQO9T7r5pHxQk928AudaUUtNEOJZnsO+mdY1LLYMIV7Gt6BMMuEIr9O5nB
 nMmbsAqkS0uuEKkHJbmR/KiLQ6wgmP87oLoVPc0QG+imlo37jn+J8A1TunRVf+UpxW3P
 dr7s9rnQWHa5WyhX2jvqElZKMo4XJSmY3esd1V7VtKSCuuaOcsV5o0N2M7ntaDlhCDdg
 w+oEmjOar6AiR42RDS4ptrodk8c3Bygx7agpfAdxXx1z+i2gX3K+G9pN1Kl+82gnUhI2
 kyHQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=mZWx1xaZLZn41m3WH17PRq7U7/O1vVcuXt997A/8/Xw=;
 fh=JruiOR+n5wiv4jZbtXJYp9lJ8UkedxUHyGOCC37Fjus=;
 b=k6EcYecP8WUzPdtckQ0An7KNeqxA5fFTyRROCd5hFjyZ+dzHrsX6feEBwVIpjzWoPc
 XePCWzey+3rg7IEH2UqueQP66N3tBjKfqz6pM+QK8Xo7woDRXKnguL/p/7uZ7l0oaYBX
 Erbw+1zsRB4rOM2aQ0Hv3CSo2qH7xWtYsVpvTmuDib0XtKi89qNuuXN4sBNgwjtapMTT
 GQQQcj4Vw54IRLjQVwJzvITkcVw6IDYwkD3BMppkBoWyshU/c+mnIZ16onaVgbJqMgY0
 2aMIoZDsjYckZXbrsRjdO3gGyFuD0LplUpaiyeh3xAef3CyavRM3KVEooKi86432zKMh
 9SqQ==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=TnTLI+zk;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <binutils-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id
 6a1803df08f44-6d8751ab1dasi19337076d6.49.2024.11.28.07.46.59
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 07:47:00 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=TnTLI+zk;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id 82BC03858C35
 for <patch@linaro.org>; Thu, 28 Nov 2024 15:46:59 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 82BC03858C35
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=TnTLI+zk
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com
 [IPv6:2607:f8b0:4864:20::643])
 by sourceware.org (Postfix) with ESMTPS id 6B7FD3858CDA
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 15:45:19 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6B7FD3858CDA
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6B7FD3858CDA
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::643
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732808724; cv=none;
 b=UIXNyvi2TFp0mi3Ur6+cUzzir8UCmAG6mJ8hbO3T9d+ADCRxbVdWeU1PrmfdHJ+Ck0ZQ6jNpximeLBJVIzXngsgtVEIjvo6fqfHc3BFQ5/ZIZgKtCOr2sfh4bHlFSlk+eQFYGu9nCS7ZawZvDjMk9y/tGWFR6ivyjMY4yXfR6iM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1732808724; c=relaxed/simple;
 bh=QZbZ5UH388WBckRIor8zDJYgJwfzJNn+taLwf+9ZrZ0=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=qbvs3FWskMjYpu5iwRVHl3spOWsJGo3ziwKoI9YR/D6ZM4KAzsvkb/rB3cvX+GM8ZRRH2BWSD+ooAXcPrvvJ45qS7IxywJ2sfUyooUn5WTSVe+gdxK3l6taHAuf5J1xIaEtbWppiPvN3ZTlTCQd3KJc6yM8jVeNcJbbH7sCNLiE=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6B7FD3858CDA
Received: by mail-pl1-x643.google.com with SMTP id
 d9443c01a7336-2120f9ec28eso7728585ad.1
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 07:45:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1732808718; x=1733413518; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=mZWx1xaZLZn41m3WH17PRq7U7/O1vVcuXt997A/8/Xw=;
 b=TnTLI+zkL60KPMK4aPdF+t1tyWFEVVatF2PiDa13JxLBv4qPMHxY5oOrYx+3imh7mB
 k2fZcG0yR8krJNo2DVfO3GKKyoNn/hLz64OIA07d7uasPGPoTuycXlSsKcUdUplsVTPg
 G9YmFxNo5WmQkZRpr5G9LIOW3Ux61HGdoN++c4CrhZWwXHVZgYqH131aDVyzsyBWRiI7
 kdwGx3kw6Oc5IXWOnNQJDaqNMAGnCCDz90ZHDHbftJBqg4ZK+vxopW10xw998IjZ2AsJ
 iACLvjqFUg4vQuVF4uVkLI4ekSji0w6vob76+4r6shT0K7UdpFkvuDylnS2saKZTyGFS
 Oj5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1732808718; x=1733413518;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=mZWx1xaZLZn41m3WH17PRq7U7/O1vVcuXt997A/8/Xw=;
 b=vf0afVpNlPPymscr9pbv3XypoOz1mT2SLTli7VA3KXUBPsejZa8uz6/o5osSmwAPJ8
 kCY8S0wPSFcjxMidm418GlqroZW1hX+cZ2qhSlnWC3lMcqk4QrEWmxIXkZYptoGgZN0z
 4BzoxWPRRxQuYpZIHma1dKdEycir8nN6gvkGOwLsvXMFryw+T1S4ihKt9vF36My4BDar
 1boczP+BMG3sRCjBKSf5PLK4oS7m86JMMRvd7qQtNcjzEL500M7rfUqW8SWUdUMSiPH+
 yntR1VvHIKzn4Kis8lprVbv5z4rpzRYC9sJ4n6huvoZdlig/D+XiMJpCH198T1tDdKra
 hpAQ==
X-Gm-Message-State: AOJu0YzttPZIyilIGmnK3971Jy34e5+nrheJvsOGL+2ZCt41/TvbISMN
 vyG26D9sxIlPS5eo1LFnzYjMiB8xMtAhWUhxywZi0OJp3PZHL0COhLUdpBsDaRefcwJ6D+3Gyhp
 b2L88cuKl
X-Gm-Gg: ASbGncvEbeO6iie/0mHD02c548E531zp+asz/khckffc9VmtPEPqDxQi1H+J1mT9ysg
 6l+P9BFgBshkZFAFLgg/QLc1n5NZuboCO5OQDXRr8yCP6WwlBQuSapYuAsH5sA5uEv1k32WQ/+a
 DPvrxm4/36q6iSqfXEZqma7khqCnbT+3eYz4UkChoTFGfmJyXMLWIr9NhmfLkJgRtVW2Oh7zZBK
 EDl8KoJzU8WCtDlHMlu4TCdnhiSFvsR+lKKEdRTNdS09t1TI33Mx/dtE73QulI=
X-Received: by 2002:a17:902:f644:b0:212:3f13:d4bc with SMTP id
 d9443c01a7336-2151d898654mr57940905ad.27.1732808717953;
 Thu, 28 Nov 2024 07:45:17 -0800 (PST)
Received: from mandiga.. ([2804:1b3:a7c1:68c8:2c85:3a76:728e:ead2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21521985773sm14877405ad.199.2024.11.28.07.45.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 07:45:17 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v4 1/3] elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
Date: Thu, 28 Nov 2024 12:43:19 -0300
Message-ID: <20241128154511.564500-2-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20241128154511.564500-1-adhemerval.zanella@linaro.org>
References: <20241128154511.564500-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patch=linaro.org@sourceware.org

The GNU_PROPERTY_MEMORY_SEAL gnu property is a way to mark binaries
to be memory-sealed by the loader, to avoid further changes of
PT_LOAD segments (such as unmapping or changing permission flags).
This is done along with Linux kernel (the mseal syscall [1]), and
C runtime supports to instruct the kernel on the correct time to
seal the mapping during program startup (for instance, after
RELRO setup).  This support is added along the glibc support to
handle the new gnu property [2].

This is a opt-in security features, like other security hardening
ones like NX-stack or RELRO.

The new property is ignored if present on ET_REL objects, and only
added on ET_EXEC/ET_DYN if the linker option is used.  A gnu property
is used instead of DT_FLAGS_1 flag to allow memory sealing to work
with ET_EXEC without PT_DYNAMIC support (at least on glibc some ports
still do no support static-pie).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html

Change-Id: Id47fadabecd24be0e83cff45653f7ce9a900ecf4
---
 bfd/elf-properties.c                  | 85 +++++++++++++++++++++------
 bfd/elfxx-x86.c                       |  3 +-
 binutils/readelf.c                    |  6 ++
 include/bfdlink.h                     |  3 +
 include/elf/common.h                  |  1 +
 ld/NEWS                               |  3 +
 ld/emultempl/elf.em                   |  4 ++
 ld/ld.texi                            |  8 +++
 ld/lexsup.c                           |  4 ++
 ld/testsuite/ld-elf/property-seal-1.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-1.s | 11 ++++
 ld/testsuite/ld-elf/property-seal-2.d | 17 ++++++
 ld/testsuite/ld-elf/property-seal-3.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-4.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-5.d | 15 +++++
 ld/testsuite/ld-elf/property-seal-6.d | 16 +++++
 ld/testsuite/ld-elf/property-seal-7.d | 14 +++++
 ld/testsuite/ld-elf/property-seal-8.d | 15 +++++
 18 files changed, 235 insertions(+), 18 deletions(-)
 create mode 100644 ld/testsuite/ld-elf/property-seal-1.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-1.s
 create mode 100644 ld/testsuite/ld-elf/property-seal-2.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-3.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-4.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-5.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-6.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-7.d
 create mode 100644 ld/testsuite/ld-elf/property-seal-8.d

diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c
index ee8bd37f2bd..dbbd387fddc 100644
--- a/bfd/elf-properties.c
+++ b/bfd/elf-properties.c
@@ -177,6 +177,20 @@ _bfd_elf_parse_gnu_properties (bfd *abfd, Elf_Internal_Note *note)
 	      prop->pr_kind = property_number;
 	      goto next;
 
+	    case GNU_PROPERTY_MEMORY_SEAL:
+	      if (datasz != 0)
+		{
+		  _bfd_error_handler
+		    (_("warning: %pB: corrupt memory sealing size: 0x%x"),
+		     abfd, datasz);
+		  /* Clear all properties.  */
+		  elf_properties (abfd) = NULL;
+		  return false;
+		}
+	      prop = _bfd_elf_get_property (abfd, type, datasz);
+	      prop->pr_kind = property_number;
+	      goto next;
+
 	    default:
 	      if ((type >= GNU_PROPERTY_UINT32_AND_LO
 		   && type <= GNU_PROPERTY_UINT32_AND_HI)
@@ -254,6 +268,7 @@ elf_merge_gnu_properties (struct bfd_link_info *info, bfd *abfd, bfd *bbfd,
       /* FALLTHROUGH */
 
     case GNU_PROPERTY_NO_COPY_ON_PROTECTED:
+    case GNU_PROPERTY_MEMORY_SEAL:
       /* Return TRUE if APROP is NULL to indicate that BPROP should
 	 be added to ABFD.  */
       return aprop == NULL;
@@ -607,6 +622,33 @@ elf_write_gnu_properties (struct bfd_link_info *info,
     }
 }
 
+static asection *
+_bfd_elf_link_create_gnu_property_sec (struct bfd_link_info *info, bfd *elf_bfd,
+				       unsigned int elfclass)
+{
+  asection *sec;
+
+  sec = bfd_make_section_with_flags (elf_bfd,
+				     NOTE_GNU_PROPERTY_SECTION_NAME,
+				     (SEC_ALLOC
+				      | SEC_LOAD
+				      | SEC_IN_MEMORY
+				      | SEC_READONLY
+				      | SEC_HAS_CONTENTS
+				      | SEC_DATA));
+  if (sec == NULL)
+    info->callbacks->einfo (_("%F%P: failed to create GNU property section\n"));
+
+  if (!bfd_set_section_alignment (sec,
+				  elfclass == ELFCLASS64 ? 3 : 2))
+    info->callbacks->einfo (_("%F%pA: failed to align section\n"),
+			    sec);
+
+  elf_section_type (sec) = SHT_NOTE;
+  return sec;
+}
+
+
 /* Set up GNU properties.  Return the first relocatable ELF input with
    GNU properties if found.  Otherwise, return NULL.  */
 
@@ -656,23 +698,7 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info)
       /* Support -z indirect-extern-access.  */
       if (first_pbfd == NULL)
 	{
-	  sec = bfd_make_section_with_flags (elf_bfd,
-					     NOTE_GNU_PROPERTY_SECTION_NAME,
-					     (SEC_ALLOC
-					      | SEC_LOAD
-					      | SEC_IN_MEMORY
-					      | SEC_READONLY
-					      | SEC_HAS_CONTENTS
-					      | SEC_DATA));
-	  if (sec == NULL)
-	    info->callbacks->einfo (_("%F%P: failed to create GNU property section\n"));
-
-	  if (!bfd_set_section_alignment (sec,
-					  elfclass == ELFCLASS64 ? 3 : 2))
-	    info->callbacks->einfo (_("%F%pA: failed to align section\n"),
-				    sec);
-
-	  elf_section_type (sec) = SHT_NOTE;
+	  sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass);
 	  first_pbfd = elf_bfd;
 	  has_properties = true;
 	}
@@ -690,6 +716,31 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info)
 	  |= GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS;
     }
 
+  if (elf_bfd != NULL)
+    {
+      if (info->memory_seal)
+	{
+	  /* Support -z no-memory-seal.  */
+	  if (first_pbfd == NULL)
+	    {
+	      sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass);
+	      first_pbfd = elf_bfd;
+	      has_properties = true;
+	    }
+
+	  p = _bfd_elf_get_property (first_pbfd, GNU_PROPERTY_MEMORY_SEAL, 0);
+	  if (p->pr_kind == property_unknown)
+	    {
+	      /* Create GNU_PROPERTY_NO_MEMORY_SEAL.  */
+	      p->u.number = GNU_PROPERTY_MEMORY_SEAL;
+	      p->pr_kind = property_number;
+	    }
+	}
+      else
+	elf_find_and_remove_property (&elf_properties (elf_bfd),
+				      GNU_PROPERTY_MEMORY_SEAL, true);
+    }
+
   /* Do nothing if there is no .note.gnu.property section.  */
   if (!has_properties)
     return NULL;
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index 0843803171b..be1ce8f61c4 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -4896,7 +4896,8 @@ _bfd_x86_elf_link_fixup_gnu_properties
   for (p = *listp; p; p = p->next)
     {
       unsigned int type = p->property.pr_type;
-      if (type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED
+      if (type == GNU_PROPERTY_MEMORY_SEAL
+	  || type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED
 	  || type == GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED
 	  || (type >= GNU_PROPERTY_X86_UINT32_AND_LO
 	      && type <= GNU_PROPERTY_X86_UINT32_AND_HI)
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 73163e0ee21..a25487c3335 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -21457,6 +21457,12 @@ print_gnu_property_note (Filedata * filedata, Elf_Internal_Note * pnote)
 		printf (_("<corrupt length: %#x> "), datasz);
 	      goto next;
 
+	    case GNU_PROPERTY_MEMORY_SEAL:
+	      printf ("memory seal ");
+	      if (datasz)
+		printf (_("<corrupt length: %#x> "), datasz);
+	      goto next;
+
 	    default:
 	      if ((type >= GNU_PROPERTY_UINT32_AND_LO
 		   && type <= GNU_PROPERTY_UINT32_AND_HI)
diff --git a/include/bfdlink.h b/include/bfdlink.h
index f802ec627ef..8b9e391e6ff 100644
--- a/include/bfdlink.h
+++ b/include/bfdlink.h
@@ -429,6 +429,9 @@ struct bfd_link_info
   /* TRUE if only one read-only, non-code segment should be created.  */
   unsigned int one_rosegment: 1;
 
+  /* TRUE if GNU_PROPERTY_MEMORY_SEAL should be generated.  */
+  unsigned int memory_seal: 1;
+
   /* Nonzero if .eh_frame_hdr section and PT_GNU_EH_FRAME ELF segment
      should be created.  1 for DWARF2 tables, 2 for compact tables.  */
   unsigned int eh_frame_hdr_type: 2;
diff --git a/include/elf/common.h b/include/elf/common.h
index c9920e7731a..8938e2f4754 100644
--- a/include/elf/common.h
+++ b/include/elf/common.h
@@ -890,6 +890,7 @@
 /* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0).  */
 #define GNU_PROPERTY_STACK_SIZE			1
 #define GNU_PROPERTY_NO_COPY_ON_PROTECTED	2
+#define GNU_PROPERTY_MEMORY_SEAL		3
 
 /* A 4-byte unsigned integer property: A bit is set if it is set in all
    relocatable inputs.  */
diff --git a/ld/NEWS b/ld/NEWS
index 47b5803a36f..babcf8753e8 100644
--- a/ld/NEWS
+++ b/ld/NEWS
@@ -33,6 +33,9 @@ Changes in 2.43:
 
 * Add -plugin-save-temps to store plugin intermediate files permanently.
 
+* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
+  object to memory sealed.
+
 Changes in 2.42:
 
 * Add -z mark-plt/-z nomark-plt options to x86-64 ELF linker to mark PLT
diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em
index dae610e07a2..b2d281f96c7 100644
--- a/ld/emultempl/elf.em
+++ b/ld/emultempl/elf.em
@@ -1083,6 +1083,10 @@ fragment <<EOF
 	link_info.combreloc = false;
       else if (strcmp (optarg, "nocopyreloc") == 0)
 	link_info.nocopyreloc = true;
+      else if (strcmp (optarg, "memory-seal") == 0)
+       link_info.memory_seal = true;
+      else if (strcmp (optarg, "nomemory-seal") == 0)
+       link_info.memory_seal = false;
 EOF
 if test -n "$COMMONPAGESIZE"; then
 fragment <<EOF
diff --git a/ld/ld.texi b/ld/ld.texi
index f1594043bfa..2610154b328 100644
--- a/ld/ld.texi
+++ b/ld/ld.texi
@@ -1590,6 +1590,14 @@ Disable relocation overflow check.  This can be used to disable
 relocation overflow check if there will be no dynamic relocation
 overflow at run-time.  Supported for x86_64.
 
+@item memory-seal
+@item nomemory-seal
+Instruct the executable or shared library that the all PT_LOAD segments
+should be sealed to avoid further manipulation (such as changing the
+protection flags, the segment size, or remove the mapping).
+This is a security hardening that requires system support.  This
+generates GNU_PROPERTY_MEMORY_SEAL in .note.gnu.property section
+
 @item now
 When generating an executable or shared library, mark it to tell the
 dynamic linker to resolve all symbols when the program is started, or
diff --git a/ld/lexsup.c b/ld/lexsup.c
index 533535c2b89..2bc7c953798 100644
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -2265,6 +2265,10 @@ elf_shlib_list_options (FILE *file)
       fprintf (file, _("\
   -z textoff                  Don't treat DT_TEXTREL in output as error\n"));
     }
+  fprintf (file, _("\
+  -z memory-seal              Mark object be memory sealed\n"));
+  fprintf (file, _("\
+  -z nomemory-seal            Don't mark oject to be memory sealed (default)\n"));
 }
 
 static void
diff --git a/ld/testsuite/ld-elf/property-seal-1.d b/ld/testsuite/ld-elf/property-seal-1.d
new file mode 100644
index 00000000000..a0b1feedf31
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-1.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_DYN.
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -shared
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-1.s b/ld/testsuite/ld-elf/property-seal-1.s
new file mode 100644
index 00000000000..aa28a3d0516
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-1.s
@@ -0,0 +1,11 @@
+	.section ".note.gnu.property", "a"
+	.p2align ALIGN
+	.long 1f - 0f		/* name length */
+	.long 3f - 2f		/* data length */
+	.long 5			/* note type */
+0:	.asciz "GNU"		/* vendor name */
+1:
+	.p2align ALIGN
+2:	.long 3			/* pr_type.  */
+	.long 0			/* pr_datasz.  */
+3:
diff --git a/ld/testsuite/ld-elf/property-seal-2.d b/ld/testsuite/ld-elf/property-seal-2.d
new file mode 100644
index 00000000000..ebdaa623e0c
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-2.d
@@ -0,0 +1,17 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_DYN.
+#source: empty.s
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -shared
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-3.d b/ld/testsuite/ld-elf/property-seal-3.d
new file mode 100644
index 00000000000..969729ee0f4
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-3.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_EXEC.
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -e _start
+#warning: .*: warning: cannot find entry symbol .*
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-4.d b/ld/testsuite/ld-elf/property-seal-4.d
new file mode 100644
index 00000000000..3dd990dd68a
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-4.d
@@ -0,0 +1,16 @@
+# Check if a GNU_PROPERTY_MEMORY_SEAL on a ET_REL is not replicated on
+# ET_EXEC.
+#source: empty.s
+#source: property-seal-1.s
+#as: --generate-missing-build-notes=no
+#ld: -e _start
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#failif
+#...
+Displaying notes found in: .note.gnu.property
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-5.d b/ld/testsuite/ld-elf/property-seal-5.d
new file mode 100644
index 00000000000..0b92a8eb6eb
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-5.d
@@ -0,0 +1,15 @@
+#source: empty.s
+#ld: -shared -z memory-seal
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-6.d b/ld/testsuite/ld-elf/property-seal-6.d
new file mode 100644
index 00000000000..725911acae7
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-6.d
@@ -0,0 +1,16 @@
+#source: empty.s
+#source: property-seal-1.s
+#ld: -shared -z memory-seal
+#readelf: -n
+#xfail: ![check_shared_lib_support]
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-7.d b/ld/testsuite/ld-elf/property-seal-7.d
new file mode 100644
index 00000000000..12339e83ebd
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-7.d
@@ -0,0 +1,14 @@
+#source: empty.s
+#ld: -z memory-seal
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass
diff --git a/ld/testsuite/ld-elf/property-seal-8.d b/ld/testsuite/ld-elf/property-seal-8.d
new file mode 100644
index 00000000000..0c4c4e4907e
--- /dev/null
+++ b/ld/testsuite/ld-elf/property-seal-8.d
@@ -0,0 +1,15 @@
+#source: empty.s
+#source: property-seal-1.s
+#ld: -z memory-seal
+#readelf: -n
+#notarget: am33_2.0-*-* hppa*-*-hpux* mn10300-*-*
+# Assembly source file for the HPPA assembler is renamed and modifed by
+# sed.  mn10300 has relocations in .note.gnu.property section which
+# elf_parse_notes doesn't support.
+
+#...
+Displaying notes found in: .note.gnu.property
+[ 	]+Owner[ 	]+Data size[ 	]+Description
+  GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+      Properties: memory seal 
+#pass

From patchwork Thu Nov 28 15:43:20 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 845948
Delivered-To: patch@linaro.org
Received: by 2002:adf:f2c4:0:b0:382:43a8:7b94 with SMTP id d4csp315857wrp;
 Thu, 28 Nov 2024 07:50:38 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCXYncd1Z27E7WJiX6m8y8f1VQx6sDLHP8Cn1zsUBaJIyg0VYqmUITlSspJ1N/iqkvVpRd8dQg==@linaro.org
X-Google-Smtp-Source: AGHT+IHYS3fYdOzDMHx2+EXzjfDkfyP28ZPvtS+xoK6CcEmrjVAfGiwUt7F0R/n7B8jJaizfq+PP
X-Received: by 2002:a05:6122:2a0f:b0:515:3bfb:d41f with SMTP id
 71dfb90a1353d-515569aa357mr9692941e0c.3.1732809037860;
 Thu, 28 Nov 2024 07:50:37 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1732809037; cv=pass;
 d=google.com; s=arc-20240605;
 b=kyyz0/ja+H7A/5sJ/E+X/j/XMY1KZyzrhz/Xf9Ql1swAfhfMwZ9rmgUFO0m8tyZMBi
 NNwVv7hBvIfyqkuVtlHrDwNYiLDm5rcYIvDcApEnHFzitBvHUeORTDpWRQ9H7XrmW8ak
 eHOUB65pAJvQ0vWWb+l8mZzQz8VnAQVTSfEvM7b7ddqs+zmNAaL8i1qB6+lEIb1OQ3xB
 Wb5H+bjLKrpFzHykH+svxki+682CbchBt7ptvcfZ8+I7ZlWKx+CsTZDyvjdJJUfWiraJ
 jYG4eRiSpJIOOHKgh9lFjEOZJ33fItP0lF86cdNTUisq0dZZYrRSWC2QMCUX5hb9f16V
 j8Mw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=zytNuzdnWEj6i7ZY5bt0r31CO9pU5KRWoNu/TjRWwQA=;
 fh=JruiOR+n5wiv4jZbtXJYp9lJ8UkedxUHyGOCC37Fjus=;
 b=KLSJhsfRl+31b2GpC5sOOHoGmbn/9XHdCiooLwnoCS5pfXeMStorPN6cOCdkg23rwF
 b7+n4MSMzH5u7yNdf25FlLyVYUe0vpI4OTUt7zIIBSXtFVo0UW6mZySY0bC/mHpeWrd0
 hfK+jtp+gXrAmKbKragcNfjVx/JNWekzA7uIW2FnoO6caNpEqGQJCdLpo10YtqEGda3T
 vF7tWugRNvZPqqcJTFqj4Lj6hcXOu13PVwPxJn0xiroEVYuKmObwn4J03L/jgR37C+JI
 6ivPTDeOASIZ59bQIC8+N2mI2miO2Bi6LN4bt3FjwSzCQMJWidVevAPTTUyM4ukg4ubI
 k0Og==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=A3QMmzfl;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <binutils-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id
 71dfb90a1353d-5156d10d803si707575e0c.196.2024.11.28.07.50.37
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 07:50:37 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=A3QMmzfl;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id 574DE3858C60
 for <patch@linaro.org>; Thu, 28 Nov 2024 15:50:37 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 574DE3858C60
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=A3QMmzfl
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com
 [IPv6:2607:f8b0:4864:20::443])
 by sourceware.org (Postfix) with ESMTPS id 189133858D29
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 15:45:21 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 189133858D29
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 189133858D29
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::443
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732808721; cv=none;
 b=wxwaYRfq1p3iY7wUZraKDFppsrbZFA9uv03TDU4wd4anNXmyN7GyKJ2vd3qNn+wDlutFmBBY6IytDgKV7wmQ8BHm39C05GbOt7sDn69hmvwoNHuaosKza4iTTKbDJp+Z+VEEiIpsUhZjJKP5Zj1ohiFcYjieU0FcGAVJvbt2Vow=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1732808721; c=relaxed/simple;
 bh=FmYdhK0GYB3Rral1oOqJUG5SIB544ETBmwD6ZXLGXVU=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=Nkys5gEq9lcs1aMBXoow7dLYN4bqlY1RhaMLvJmVhkdSRaMamN/D4EyDYCEDa4qDDOMmg2Cy0XhVbFYeMhb5KoZhfHJRAcXDnCm0B7nMnXO+i3ISigpEtwMD8dnPFfN0/eC3AFSZK9D3DU9eFv/1Rm0J+jYnI7W/GVAhYUcHPjk=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 189133858D29
Received: by mail-pf1-x443.google.com with SMTP id
 d2e1a72fcca58-724f42c1c38so889794b3a.1
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 07:45:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1732808720; x=1733413520; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=zytNuzdnWEj6i7ZY5bt0r31CO9pU5KRWoNu/TjRWwQA=;
 b=A3QMmzflPC0XtvBAxDrsla4nqSGC9duGiDlwDqC9ouSzMYnyCxUBBi/KW+GEB1oklV
 NoGKx+iMp7/AUolpzn16JJ1mhOdFAxNI7USzVBVyE78ZYiN3Uq7PJ7DjM2eatpw547Gg
 h1m9ozrdIOz2ofl8BY31r4znRijfYxnM5Ol2yL8iP3lz3J2XtQgyxg9VOwDbMNG5M96B
 4G/3pWEl2K1xRqJhlj0CJb95O0URec6lSoFwl1pD41m7s7stXNaqnsb/AzcKpQGqwCbR
 TnR+/K2Z1GvAm2DerC+xiETvyHMOA/mxOE0WeH7q8Wl0dJqAag8pgmY/dSs9jndI2Eqy
 5F/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1732808720; x=1733413520;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=zytNuzdnWEj6i7ZY5bt0r31CO9pU5KRWoNu/TjRWwQA=;
 b=ks9RiNuQmNfAZVG+0sB+EhXUNRTfMYiUAgL+4OrJKP4tMrtR0GSteBTn5QRHWjq0T7
 QX8TOJzsDoG6BfjHLFtE6DWwBvSeS018u5hokx78ZKrB75oOnyfBOjl5zXqFgH2Qs2PI
 +gwk7oYIilBGAnIIb8ZJvBkdYV8fWDjoow9taKnFAHd4IuHzQcy0oDHPXv4A8JzvU0ot
 Te5NvaVqehgnsEv3F/JgzkKBf3PYB4I3UMYKsuCCSVOYR+wbChtX17xoOz4GtDRChMQo
 IR9zlh3FN6xhbm/f1/CfHEdWQ8ybixyqmKdQk4Wvb7fQazouMxow1eBLb+C9mjzJFMYy
 2qYw==
X-Gm-Message-State: AOJu0YzxtvoIDI/WMNbXNMNISAjFb4N2brh+ZJzn4j3A7kyll42n8cs1
 UQlIsHkCT++vm3kWKjwu+UUm1A7eB1M76KB6Jl/enuxYyfIpDjtvTasD25HTAVJKV9SZ5L9Aq9b
 1TM6tN4ww
X-Gm-Gg: ASbGnctzmRdGaiP0Z3SDeFo1BYxMCOFlj4JC64YckS5i5uhhwVD2bnjDUiuBlmv9uF7
 NwD6BlFt8abnZbMDm9a9r4dg+mkI4JkzfRW426qwxXu+EiASPpp2Q6eImWVAAhOG5HrWvttlzLh
 dzzg/Q2gHfNfrte4MmevnT1j56p1+wCp+d7ooDHyCjqTCGFV07MNvetw5A5MGIlH6DnLXsz36qg
 yusyrRaq2n4kbKcrG1U+tLrgfrlucDlLR9NnBRy66KH+9WC8syNG3Vrp83cVDM=
X-Received: by 2002:a17:902:e844:b0:20f:aee9:d8b8 with SMTP id
 d9443c01a7336-21501096f07mr83968725ad.20.1732808719692;
 Thu, 28 Nov 2024 07:45:19 -0800 (PST)
Received: from mandiga.. ([2804:1b3:a7c1:68c8:2c85:3a76:728e:ead2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21521985773sm14877405ad.199.2024.11.28.07.45.18
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 07:45:19 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v4 2/3] gold: Add GNU_PROPERTY_MEMORY_SEAL gnu property
Date: Thu, 28 Nov 2024 12:43:20 -0300
Message-ID: <20241128154511.564500-3-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20241128154511.564500-1-adhemerval.zanella@linaro.org>
References: <20241128154511.564500-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patch=linaro.org@sourceware.org

Similar to the ld.bfd, with the -z,memory-seal and -z,no-memory-seal
which adds the .gnu.attribute GNU_PROPERTY_MEMORY_SEAL.

Change-Id: I31e194479912d3f468d5e5132a6eb566ed9aca78
---
 elfcpp/elfcpp.h                     |  1 +
 gold/NEWS                           |  3 ++
 gold/layout.cc                      |  4 +++
 gold/options.h                      |  3 ++
 gold/testsuite/Makefile.am          | 19 ++++++++++++
 gold/testsuite/Makefile.in          | 26 +++++++++++++++--
 gold/testsuite/memory_seal_main.c   |  5 ++++
 gold/testsuite/memory_seal_shared.c |  7 +++++
 gold/testsuite/memory_seal_test.sh  | 45 +++++++++++++++++++++++++++++
 9 files changed, 110 insertions(+), 3 deletions(-)
 create mode 100644 gold/testsuite/memory_seal_main.c
 create mode 100644 gold/testsuite/memory_seal_shared.c
 create mode 100755 gold/testsuite/memory_seal_test.sh

diff --git a/elfcpp/elfcpp.h b/elfcpp/elfcpp.h
index f2fe7330f7c..94cfdbfc448 100644
--- a/elfcpp/elfcpp.h
+++ b/elfcpp/elfcpp.h
@@ -1023,6 +1023,7 @@ enum
 {
   GNU_PROPERTY_STACK_SIZE = 1,
   GNU_PROPERTY_NO_COPY_ON_PROTECTED = 2,
+  GNU_PROPERTY_MEMORY_SEAL = 3,
   GNU_PROPERTY_LOPROC = 0xc0000000,
   GNU_PROPERTY_X86_COMPAT_ISA_1_USED = 0xc0000000,
   GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED = 0xc0000001,
diff --git a/gold/NEWS b/gold/NEWS
index 63610a45937..a8f82cd5186 100644
--- a/gold/NEWS
+++ b/gold/NEWS
@@ -5,6 +5,9 @@
 
 * Remove support for -z bndplt (MPX prefix instructions).
 
+* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
+  object to memory sealed.
+
 Changes in 1.16:
 
 * Improve warning messages for relocations that refer to discarded sections.
diff --git a/gold/layout.cc b/gold/layout.cc
index b43ae841a6c..b59494e0491 100644
--- a/gold/layout.cc
+++ b/gold/layout.cc
@@ -3277,6 +3277,10 @@ Layout::create_gnu_properties_note()
 {
   parameters->target().finalize_gnu_properties(this);
 
+  if (parameters->options().memory_seal())
+    this->add_gnu_property(elfcpp::NT_GNU_PROPERTY_TYPE_0,
+			   elfcpp::GNU_PROPERTY_MEMORY_SEAL, 0, 0);
+
   if (this->gnu_properties_.empty())
     return;
 
diff --git a/gold/options.h b/gold/options.h
index 446e8d42614..5a1ab9e4400 100644
--- a/gold/options.h
+++ b/gold/options.h
@@ -1546,6 +1546,9 @@ class General_options
 	      N_("Keep .text.hot, .text.startup, .text.exit and .text.unlikely "
 		 "as separate sections in the final binary."),
 	      N_("Merge all .text.* prefix sections."));
+  DEFINE_bool(memory_seal, options::DASH_Z, '\0', false,
+	      N_("Mark object be memory sealed"),
+	      N_("Don't mark oject to be memory sealed"));
 
 
  public:
diff --git a/gold/testsuite/Makefile.am b/gold/testsuite/Makefile.am
index 8f158ba20cc..f6eddea65fd 100644
--- a/gold/testsuite/Makefile.am
+++ b/gold/testsuite/Makefile.am
@@ -4476,3 +4476,22 @@ package_metadata_test.o: package_metadata_main.c
 package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld
 	$(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}'
 	$(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}'
+
+check_SCRIPTS += memory_seal_test.sh
+check_DATA += memory_seal_test_1.stdout memory_seal_test_2.stdout
+MOSTLYCLEANFILES += memory_seal_test
+memory_seal_test_1.stdout: memory_seal_main
+	$(TEST_READELF) -n $< >$@
+memory_seal_test_2.stdout: memory_seal_shared.so
+	$(TEST_READELF) -n $< >$@
+memory_seal_main: gcctestdir/ld memory_seal_main.o
+	gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o
+memory_seal_main.o: memory_seal_main.c
+	$(COMPILE) -c -o $@ $<
+memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o
+	gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o
+memory_seal_shared.o: memory_seal_shared.c
+	$(COMPILE) -c -fPIC -o $@ $<
+
+
+
diff --git a/gold/testsuite/Makefile.in b/gold/testsuite/Makefile.in
index 357dec0d4f9..e95e8ed5d08 100644
--- a/gold/testsuite/Makefile.in
+++ b/gold/testsuite/Makefile.in
@@ -2888,7 +2888,7 @@ MOSTLYCLEANFILES = *.so *.syms *.stdout *.stderr $(am__append_4) \
 	$(am__append_88) $(am__append_91) $(am__append_93) \
 	$(am__append_102) $(am__append_105) $(am__append_108) \
 	$(am__append_111) $(am__append_114) $(am__append_117) \
-	$(am__append_120) $(am__append_121)
+	$(am__append_120) $(am__append_121) memory_seal_test
 
 # We will add to these later, for each individual test.  Note
 # that we add each test under check_SCRIPTS or check_PROGRAMS;
@@ -2901,7 +2901,7 @@ check_SCRIPTS = $(am__append_2) $(am__append_21) $(am__append_25) \
 	$(am__append_89) $(am__append_96) $(am__append_100) \
 	$(am__append_103) $(am__append_106) $(am__append_109) \
 	$(am__append_112) $(am__append_115) $(am__append_118) \
-	$(am__append_122)
+	$(am__append_122) memory_seal_test.sh
 check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \
 	$(am__append_32) $(am__append_38) $(am__append_45) \
 	$(am__append_50) $(am__append_54) $(am__append_58) \
@@ -2910,7 +2910,8 @@ check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \
 	$(am__append_90) $(am__append_97) $(am__append_101) \
 	$(am__append_104) $(am__append_107) $(am__append_110) \
 	$(am__append_113) $(am__append_116) $(am__append_119) \
-	$(am__append_123)
+	$(am__append_123) memory_seal_test_1.stdout \
+	memory_seal_test_2.stdout
 BUILT_SOURCES = $(am__append_42)
 TESTS = $(check_SCRIPTS) $(check_PROGRAMS)
 
@@ -6524,6 +6525,13 @@ retain.sh.log: retain.sh
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+memory_seal_test.sh.log: memory_seal_test.sh
+	@p='memory_seal_test.sh'; \
+	b='memory_seal_test.sh'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 object_unittest.log: object_unittest$(EXEEXT)
 	@p='object_unittest$(EXEEXT)'; \
 	b='object_unittest'; \
@@ -10524,6 +10532,18 @@ package_metadata_test.o: package_metadata_main.c
 package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld
 	$(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}'
 	$(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}'
+memory_seal_test_1.stdout: memory_seal_main
+	$(TEST_READELF) -n $< >$@
+memory_seal_test_2.stdout: memory_seal_shared.so
+	$(TEST_READELF) -n $< >$@
+memory_seal_main: gcctestdir/ld memory_seal_main.o
+	gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o
+memory_seal_main.o: memory_seal_main.c
+	$(COMPILE) -c -o $@ $<
+memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o
+	gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o
+memory_seal_shared.o: memory_seal_shared.c
+	$(COMPILE) -c -fPIC -o $@ $<
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/gold/testsuite/memory_seal_main.c b/gold/testsuite/memory_seal_main.c
new file mode 100644
index 00000000000..77bc677e8eb
--- /dev/null
+++ b/gold/testsuite/memory_seal_main.c
@@ -0,0 +1,5 @@
+int
+main(void)
+{
+  return 0;
+}
diff --git a/gold/testsuite/memory_seal_shared.c b/gold/testsuite/memory_seal_shared.c
new file mode 100644
index 00000000000..8cf7b6143da
--- /dev/null
+++ b/gold/testsuite/memory_seal_shared.c
@@ -0,0 +1,7 @@
+int foo (void);
+
+int
+foo(void)
+{
+  return 0;
+}
diff --git a/gold/testsuite/memory_seal_test.sh b/gold/testsuite/memory_seal_test.sh
new file mode 100755
index 00000000000..c2194213445
--- /dev/null
+++ b/gold/testsuite/memory_seal_test.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# memory_seal_test.sh -- test GNU_PROPERTY_MEMORY_SEAL gnu property
+
+# Copyright (C) 2018-2024 Free Software Foundation, Inc.
+
+# This file is part of gold.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+# This script checks that after linking the three object files
+# gnu_property_[abc].S, each of which contains a .note.gnu.property
+# section, the resulting output has only a single such note section,
+# and that the properties have been correctly combined.
+
+check()
+{
+    if ! grep -q "$2" "$1"
+    then
+	echo "Did not find expected output in $1:"
+	echo "   $2"
+	echo ""
+	echo "Actual output below:"
+	cat "$1"
+	exit 1
+    fi
+}
+
+check memory_seal_test_1.stdout "memory seal"
+check memory_seal_test_2.stdout "memory seal"
+
+exit 0

From patchwork Thu Nov 28 15:43:21 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 845947
Delivered-To: patch@linaro.org
Received: by 2002:adf:f2c4:0:b0:382:43a8:7b94 with SMTP id d4csp314887wrp;
 Thu, 28 Nov 2024 07:48:33 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCV6jpy9DraHk784WcOIpB5CYbjRpEB0D6SS4IUwn2+DNxpl8AISMl+x2n+Qzn/8AounNhqfBA==@linaro.org
X-Google-Smtp-Source: AGHT+IH+pnSlgiioNgIZUlY2PX3uqwMeU1pzCiJLfi2kuBYKyZGiFXIXfibfbwC9CI/JLX8wOpSL
X-Received: by 2002:a05:620a:688c:b0:7b6:668a:5a5 with SMTP id
 af79cd13be357-7b67c460eb1mr903982285a.50.1732808913612;
 Thu, 28 Nov 2024 07:48:33 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1732808913; cv=pass;
 d=google.com; s=arc-20240605;
 b=N3EuRhTYDSwUUFZBZhFOXw/rT3xk3nA0Iji7YUUrR6kilgsw/XsPpx578tW9fdG969
 AgYRfGNFCK8aM6nMOMeb2nwcySqOPNLmSLRRh0Ut1yPcSY7Ih/0OOASk1ReTNUo13YvB
 AFiwO0nfVD/2zFACwnMH6LaZAvMW40gc4r2FSfa7+zuMU/wXjnjrfi3yE18p4xqepDFM
 xKILz3D/AxxIxNl9IYIYzjFwReOwjwnloF7rBVe5Pd+2B+sEg7d2+0jGgCFdI1uvc5DY
 bjG7kMzQNjEa3sIKkrZOVhdIfBHeyRfNS1bbqmnvKrmubB3+I0VjvVpGOpkjZp9OAyH8
 HvEQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=eFbHC6KJzF5KTMSUPsJZMaiMR5Lw8zdSDkrto+kLnuo=;
 fh=JruiOR+n5wiv4jZbtXJYp9lJ8UkedxUHyGOCC37Fjus=;
 b=JASSNUt27fVD4xJfxcNdaTsKySxQpyGniGkh6nGU6aihHjFebQpDYosue1XKYuk8O5
 93sqftVq1OM8elEocHnwA4mN3zAgbrwmteF0h+dnQE0I0WFfAgYNhccVk1UXcWgi+FYm
 6YtLndkldq7Sz5/Tk9LDHoUoNHVPZkHgBZAhZBC4fshGq5c1AsH3mC6UcIBcsn2R9CRp
 SIWnfQU23/PLqVJwhZRtc3Ga7/vQ0RDuXMXiBs2EbyTehY1JJIxUyKSEjh5sNh/EKOmZ
 0ZaQW+SzrdDY7pifMKpkiAkSfoslVgpKwBtbeJVQR8IHCqBbxHotghvQTePYfhqwpYuF
 GW1g==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=uLd3USVo;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <binutils-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id
 d75a77b69052e-466c446272fsi19948291cf.717.2024.11.28.07.48.33
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 07:48:33 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=uLd3USVo;
 arc=pass (i=1); spf=pass (google.com: domain of
 binutils-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id 97F963858C66
 for <patch@linaro.org>; Thu, 28 Nov 2024 15:48:32 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 97F963858C66
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=uLd3USVo
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com
 [IPv6:2607:f8b0:4864:20::644])
 by sourceware.org (Postfix) with ESMTPS id D76ED3858C98
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 15:45:22 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D76ED3858C98
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D76ED3858C98
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::644
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732808723; cv=none;
 b=JwVvygTGvh5lWvT0Q9Ajid7Ftcn5DXjBahmI4sWasLEusn9U3nX5oy2FKD3sIriwxr3YJ0+qt68Zpweg316r+bJRrZ9DJOYy1R4obQBG869Yp2BuIvKDaNhkOJJahoEelA1FtxVDvw0Tp2KSXWMFah9LlBNvWLWd0l4Ic2tkr9c=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1732808723; c=relaxed/simple;
 bh=PSZbumG6qnDoGE2f2fLd/IsH/K9xklLca4EnmzelKN4=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=CfiuheYH8AvVJiFkgzSXYGOQqm767Elft5qeyR6mlBd6nSs/8F7AQ7I5WxaSumZ0MULejAoRtMOIcWNc/m5RKCqYDbnILfegjz0+92FyhbmoKtKD3pMLLZ1R4yu6D7lXWhzGi9iQBbu+M6e5dWIVGYI2+l8M/LI3IpLxF5j7RKI=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D76ED3858C98
Received: by mail-pl1-x644.google.com with SMTP id
 d9443c01a7336-21269c8df64so8680005ad.2
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 07:45:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1732808721; x=1733413521; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=eFbHC6KJzF5KTMSUPsJZMaiMR5Lw8zdSDkrto+kLnuo=;
 b=uLd3USVofYjh2iSOBETt5f5o1ZKjwd4IBwWM267085mSeQB6NPHKn6/UDl1bAeXX/9
 OjgxPfLjqbzzFKxaN4uxQeGstDV9mDFIKwy7PzT/pFzz9ubZEPkAXIzkTD7hfU1urRuz
 r9znO9mLIWqgiI7e5tynH0qoZRzFWNdtc8XqzyJzPlQsZFu2aDbATeBIb9neXo8iKnLI
 RnYHAEmjmovfg9f67MQQ6xs3UTEOIhQBTxV+UYOUgWvtnsmnkLTRlqiDY0yTG1HbxI+4
 u1RwY35Tegx+P6Wactvyv3ZPKyfqksOgg3KgqDAnS7ZxVwmVykO3QPW4rB/Bo0URviMA
 5mYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1732808721; x=1733413521;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=eFbHC6KJzF5KTMSUPsJZMaiMR5Lw8zdSDkrto+kLnuo=;
 b=Sz7Yx95zxBqofvpFNTO58AYUd5JmNI0i8llWjMEQ2NkxgFauZonqO16AIQL4r61HKG
 qHwle/k3YNNxQfJ66nv7/q7JkOPXOlGFcd7yfnPm4ponrEktgy5lLdXFxPY3Ra3P8k13
 3IWYtmiNQsGiXS9AoihCGWABpcxnxONyuL3oI/vHNyQW/V4Jm5mDivbulHjihFfJc+ib
 ZTcB4Va3A6Kg2i2DNeurSF52c6bsxGaTpz8H4P7shkqilf/e/QuT0J2OqbPqvp4bmwsf
 IggizyPadGjWyeqFMU9/Hwi20IoWB8nz92yfBkqfpq4pnrIQLgwq84pIQ3r0dRvhkjGV
 ZK7A==
X-Gm-Message-State: AOJu0Yw52ZxWs/AvNoNR11ON4x4Zh6NAz8KpdP3tEZRpGQ3gsiwzGRbs
 INUPsHlIUO6nhqan5DZ+LQ1JOVs6lUxyAGgrJr7EjuuTM4+7VxGR/tyjccZXzXXv0akCmVftx8k
 DYJMnF1QS
X-Gm-Gg: ASbGncvy99JzHKwUqm1f3obEGuFoosmZKjiKJ+SH+qHv+ku6NmNYxYpYS1mwyTK/6rV
 hW++o7RMFe79HXL9ntrvAQX2wXqIXiOpBcouN8FkylF77JRz+ddGqvd/lvzXGPjTBjLAHGo4PvX
 EqPEMaAWcCo0/pl/tfzPTlLLDV9bwGDvzHjD5XjAs59oz34nXDNt+61j1cMA7ECoU0KWyBkdCmR
 symXOQ33aiQ1cARfDSQ4iUMTV0LLPNPWP05ZjwKIvBpjXnovdvAthAGMpvYaLM=
X-Received: by 2002:a17:902:c946:b0:211:eb15:9b75 with SMTP id
 d9443c01a7336-2150147a828mr64484955ad.27.1732808721444;
 Thu, 28 Nov 2024 07:45:21 -0800 (PST)
Received: from mandiga.. ([2804:1b3:a7c1:68c8:2c85:3a76:728e:ead2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21521985773sm14877405ad.199.2024.11.28.07.45.20
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 07:45:21 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: binutils@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v4 3/3] ld: Add --enable-memory-seal configure option
Date: Thu, 28 Nov 2024 12:43:21 -0300
Message-ID: <20241128154511.564500-4-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20241128154511.564500-1-adhemerval.zanella@linaro.org>
References: <20241128154511.564500-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patch=linaro.org@sourceware.org

Add --enable-memory-seal linker configure option to enable memory
sealing (GNU_PROPERTY_MEMORY_SEAL) by default.

Change-Id: I4ce4ff33657f0f09b1ceb06210b6fcaa501f1799
---
 binutils/testsuite/lib/binutils-common.exp | 22 +++++++++++++
 ld/NEWS                                    |  3 +-
 ld/config.in                               |  3 ++
 ld/configure                               | 38 ++++++++++++++++++----
 ld/configure.ac                            | 17 ++++++++++
 ld/emultempl/elf.em                        |  1 +
 ld/lexsup.c                                |  7 ++++
 ld/testsuite/config/default.exp            |  8 +++++
 ld/testsuite/ld-srec/srec.exp              |  4 +++
 ld/testsuite/lib/ld-lib.exp                |  6 ++++
 10 files changed, 101 insertions(+), 8 deletions(-)

diff --git a/binutils/testsuite/lib/binutils-common.exp b/binutils/testsuite/lib/binutils-common.exp
index 03e8dbb855b..063ba4f20c2 100644
--- a/binutils/testsuite/lib/binutils-common.exp
+++ b/binutils/testsuite/lib/binutils-common.exp
@@ -408,6 +408,25 @@ proc check_relro_support { } {
     return $relro_available_saved
 }
 
+proc check_memory_seal_support { } {
+    global memory_seal_available_saved
+    global ld
+
+    if {![info exists memory_seal_available_saved]} {
+	remote_file host delete nomemory_seal
+	set ld_output [remote_exec host $ld "-z nomemory-seal"]
+	if { [string first "not supported" $ld_output] >= 0
+	     || [string first "unrecognized option" $ld_output] >= 0
+	     || [string first "-z nomemory-seal ignored" $ld_output] >= 0
+	     || [string first "cannot find nomemory-seal" $ld_output] >= 0 } {
+	    set memory_seal_available_saved 0
+	} else {
+	    set memory_seal_available_saved 1
+	}
+    }
+    return $memory_seal_available_saved
+}
+
 # Check for support of the .noinit section, used for data that is not
 # initialized at load, or during the application's initialization sequence.
 proc supports_noinit_section {} {
@@ -1401,6 +1420,9 @@ proc run_dump_test { name {extra_options {}} } {
 	    if [check_relro_support] {
 		set ld_extra_opt "-z norelro"
 	    }
+	    if [check_memory_seal_support] {
+		append ld_extra_opt " -z nomemory-seal"
+	    }
 
 	    # Add -L$srcdir/$subdir so that the linker command can use
 	    # linker scripts in the source directory.
diff --git a/ld/NEWS b/ld/NEWS
index babcf8753e8..a129ad634e6 100644
--- a/ld/NEWS
+++ b/ld/NEWS
@@ -34,7 +34,8 @@ Changes in 2.43:
 * Add -plugin-save-temps to store plugin intermediate files permanently.
 
 * Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
-  object to memory sealed.
+  object to memory sealed.   Also added --enable-memory-seal configure option
+  to enable the memory sealing by default.
 
 Changes in 2.42:
 
diff --git a/ld/config.in b/ld/config.in
index 633105a43ad..ed838463856 100644
--- a/ld/config.in
+++ b/ld/config.in
@@ -60,6 +60,9 @@
    default. */
 #undef DEFAULT_LD_Z_SEPARATE_CODE
 
+/* Define to 1 if you want to enable -z memory-seal in ELF linker by default.  */
+#undef DEFAULT_LD_Z_MEMORY_SEAL
+
 /* Define to 1 if you want to set DT_RUNPATH instead of DT_RPATH by default.
    */
 #undef DEFAULT_NEW_DTAGS
diff --git a/ld/configure b/ld/configure
index 0b4197d1c4f..f34141bb238 100755
--- a/ld/configure
+++ b/ld/configure
@@ -854,6 +854,7 @@ enable_textrel_check
 enable_separate_code
 enable_rosegment
 enable_mark_plt
+enable_memory_seal
 enable_warn_execstack
 enable_error_execstack
 enable_warn_rwx_segments
@@ -1551,6 +1552,7 @@ Optional Features:
   --enable-separate-code  enable -z separate-code in ELF linker by default
   --enable-rosegment      enable --rosegment in the ELF linker by default
   --enable-mark-plt       enable -z mark-plt in ELF x86-64 linker by default
+  --enable-memory-seal    enable -z memory-seal in ELF linker by default
   --enable-warn-execstack enable warnings when creating an executable stack
   --enable-error-execstack
                           turn executable stack warnings into errors
@@ -11686,7 +11688,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11689 "configure"
+#line 11691 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11792,7 +11794,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11795 "configure"
+#line 11797 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -15251,7 +15253,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15297,7 +15299,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15321,7 +15323,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15366,7 +15368,7 @@ else
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15390,7 +15392,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
     We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
   int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
 		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
@@ -15709,6 +15711,17 @@ esac
 fi
 
 
+# Decide if -z memory-seal should be enabled in ELF linker by default.
+ac_default_ld_z_memory_seal=unset
+# Check whether --enable-memory-seal was given.
+if test "${enable_memory_seal+set}" = set; then :
+  enableval=$enable_memory_seal; case "${enableval}" in
+  yes) ac_default_ld_z_memory_seal=1 ;;
+  no) ac_default_ld_z_memory_seal=0 ;;
+esac
+fi
+
+
 
 # By default warn when an executable stack is created due to object files
 # requesting such, not when the user specifies -z execstack.
@@ -18965,6 +18978,8 @@ main ()
     if (*(data + i) != *(data3 + i))
       return 14;
   close (fd);
+  free (data);
+  free (data3);
   return 0;
 }
 _ACEOF
@@ -19444,6 +19459,15 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+if test "${ac_default_ld_z_memory_seal}" = unset; then
+  ac_default_ld_z_memory_seal=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define DEFAULT_LD_Z_MEMORY_SEAL $ac_default_ld_z_memory_seal
+_ACEOF
+
+
 
 
 cat >>confdefs.h <<_ACEOF
diff --git a/ld/configure.ac b/ld/configure.ac
index 3ac2b46ee03..2166f75b487 100644
--- a/ld/configure.ac
+++ b/ld/configure.ac
@@ -232,6 +232,16 @@ AC_ARG_ENABLE(mark-plt,
   no) ac_default_ld_z_mark_plt=0 ;;
 esac])
 
+# Decide if -z memory-seal should be enabled in ELF linker by default.
+ac_default_ld_z_memory_seal=unset
+AC_ARG_ENABLE(memory-seal,
+	      AS_HELP_STRING([--enable-memory-seal],
+	      [enable -z memory-seal in ELF linker by default]),
+[case "${enableval}" in
+  yes) ac_default_ld_z_memory_seal=1 ;;
+  no) ac_default_ld_z_memory_seal=0 ;;
+esac])
+
 
 # By default warn when an executable stack is created due to object files
 # requesting such, not when the user specifies -z execstack.
@@ -617,6 +627,13 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MARK_PLT,
   $ac_default_ld_z_mark_plt,
   [Define to 1 if you want to enable -z mark-plt in ELF x86-64 linker by default.])
 
+if test "${ac_default_ld_z_memory_seal}" = unset; then
+  ac_default_ld_z_memory_seal=0
+fi
+AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_MEMORY_SEAL,
+  $ac_default_ld_z_memory_seal,
+  [Define to 1 if you want to enable -z memory_seal in ELF linker by default.])
+
 
 AC_DEFINE_UNQUOTED(DEFAULT_LD_WARN_EXECSTACK,
   $ac_default_ld_warn_execstack,
diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em
index b2d281f96c7..7d7af8c8068 100644
--- a/ld/emultempl/elf.em
+++ b/ld/emultempl/elf.em
@@ -99,6 +99,7 @@ fragment <<EOF
   link_info.default_execstack = DEFAULT_LD_EXECSTACK;
   link_info.error_execstack = DEFAULT_LD_ERROR_EXECSTACK;
   link_info.warn_is_error_for_rwx_segments = DEFAULT_LD_ERROR_RWX_SEGMENTS;
+  link_info.memory_seal = DEFAULT_LD_Z_MEMORY_SEAL;
 }
 
 EOF
diff --git a/ld/lexsup.c b/ld/lexsup.c
index 2bc7c953798..e21ebc233b0 100644
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -2265,10 +2265,17 @@ elf_shlib_list_options (FILE *file)
       fprintf (file, _("\
   -z textoff                  Don't treat DT_TEXTREL in output as error\n"));
     }
+#if DEFAULT_LD_Z_MEMORY_SEAL
+  fprintf (file, _("\
+  -z memory-seal              Mark object be memory sealed (default)\n"));
+  fprintf (file, _("\
+  -z nomemory-seal            Don't mark oject to be memory sealed\n"));
+#else
   fprintf (file, _("\
   -z memory-seal              Mark object be memory sealed\n"));
   fprintf (file, _("\
   -z nomemory-seal            Don't mark oject to be memory sealed (default)\n"));
+#endif
 }
 
 static void
diff --git a/ld/testsuite/config/default.exp b/ld/testsuite/config/default.exp
index 9ffcc58779f..666f6660c0d 100644
--- a/ld/testsuite/config/default.exp
+++ b/ld/testsuite/config/default.exp
@@ -382,6 +382,14 @@ if { ![info exists NO_DT_RELR_CC_LDFLAGS] } then {
     }
 }
 
+if { ![info exists NO_MEMORY_SEAL_LDFLAGS] } then {
+    if { [check_memory_seal_support] } then {
+	set NO_MEMORY_SEAL_LDFLAGS "-z nomemory-seal"
+    } else {
+	set NO_MEMORY_SEAL_LDFLAGS {}
+    }
+}
+
 # Set LD_CLASS to "64bit" for a 64-bit *host* linker.
 if { ![info exists LD_CLASS] } then {
     set REAL_LD [findfile $base_dir/.libs/ld-new .libs/ld-new $LD [transform ld]]
diff --git a/ld/testsuite/ld-srec/srec.exp b/ld/testsuite/ld-srec/srec.exp
index bf440a2fa39..cbb58e719ed 100644
--- a/ld/testsuite/ld-srec/srec.exp
+++ b/ld/testsuite/ld-srec/srec.exp
@@ -226,12 +226,15 @@ proc run_srec_test { test objs } {
     global objcopy
     global sizeof_headers
     global host_triplet
+    global extra_flags
 
     # Tell the ELF linker to not do anything clever with .eh_frame,
     # not to put anything in small data, and define various symbols.
     set flags "--traditional-format -G 0 -e 0 "
     append flags [ld_link_defsyms]
 
+    append flags " $extra_flags"
+
     # If the linker script uses SIZEOF_HEADERS, use a -Ttext argument
     # to force both the normal link and the S-record link to be put in
     # the same place.  We don't always use -Ttext because it interacts
@@ -345,6 +348,7 @@ set test2 "S-records with constructors"
 # See whether the default linker script uses SIZEOF_HEADERS.
 set exec_output [run_host_cmd "$ld" "--verbose"]
 set sizeof_headers [string match "*SIZEOF_HEADERS*" $exec_output]
+set extra_flags " $NO_MEMORY_SEAL_LDFLAGS"
 
 # First test linking a C program.  We don't require any libraries.  We
 # link it normally, and objcopy to the S-record format, and then link
diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp
index 4c434257725..7a1ce68cb6d 100644
--- a/ld/testsuite/lib/ld-lib.exp
+++ b/ld/testsuite/lib/ld-lib.exp
@@ -460,6 +460,9 @@ proc run_ld_link_tests { ldtests args } {
     if [check_relro_support] {
 	append ld_extra_opt " -z norelro"
     }
+    if [check_memory_seal_support] {
+	append ld_extra_opt " -z nomemory-seal"
+    }
 
     foreach testitem $ldtests {
 	set testname [lindex $testitem 0]
@@ -977,6 +980,9 @@ proc run_cc_link_tests { ldtests } {
 		set failed 1
 	    }
 	} else {
+	    if [check_memory_seal_support] {
+		append ldflags " -z nomemory-seal"
+	    }
 	    if { [string match "" $STATIC_LDFLAGS] \
 		 && [regexp -- ".* \[-\]+static .*" " $board_cflags $board_ldflags $ldflags $objfiles "] } {
 		untested $testname