| Message ID | 20250102192006.1318325-3-adhemerval.zanella@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property | expand |
On Fri, Jan 3, 2025 at 3:20 AM Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote: > > Similar to the ld.bfd, with the -z,memory-seal and -z,no-memory-seal > which adds the .gnu.attribute GNU_PROPERTY_MEMORY_SEAL. Does this ignore GNU_PROPERTY_MEMORY_SEAL in input .o files? Please add a test to verify it. > Change-Id: I31e194479912d3f468d5e5132a6eb566ed9aca78 > --- > elfcpp/elfcpp.h | 1 + > gold/NEWS | 3 ++ > gold/layout.cc | 4 +++ > gold/options.h | 3 ++ > gold/testsuite/Makefile.am | 19 ++++++++++++ > gold/testsuite/Makefile.in | 26 +++++++++++++++-- > gold/testsuite/memory_seal_main.c | 5 ++++ > gold/testsuite/memory_seal_shared.c | 7 +++++ > gold/testsuite/memory_seal_test.sh | 45 +++++++++++++++++++++++++++++ > 9 files changed, 110 insertions(+), 3 deletions(-) > create mode 100644 gold/testsuite/memory_seal_main.c > create mode 100644 gold/testsuite/memory_seal_shared.c > create mode 100755 gold/testsuite/memory_seal_test.sh > > diff --git a/elfcpp/elfcpp.h b/elfcpp/elfcpp.h > index 3ceddbda19c..1b7a1f7f8ac 100644 > --- a/elfcpp/elfcpp.h > +++ b/elfcpp/elfcpp.h > @@ -1023,6 +1023,7 @@ enum > { > GNU_PROPERTY_STACK_SIZE = 1, > GNU_PROPERTY_NO_COPY_ON_PROTECTED = 2, > + GNU_PROPERTY_MEMORY_SEAL = 3, > GNU_PROPERTY_LOPROC = 0xc0000000, > GNU_PROPERTY_X86_COMPAT_ISA_1_USED = 0xc0000000, > GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED = 0xc0000001, > diff --git a/gold/NEWS b/gold/NEWS > index c0f4842e617..7fca7603476 100644 > --- a/gold/NEWS > +++ b/gold/NEWS > @@ -5,6 +5,9 @@ > > * Remove support for -z bndplt (MPX prefix instructions). > > +* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the > + object to memory sealed. > + > Changes in 1.16: > > * Improve warning messages for relocations that refer to discarded sections. > diff --git a/gold/layout.cc b/gold/layout.cc > index f690c67618e..8adace07676 100644 > --- a/gold/layout.cc > +++ b/gold/layout.cc > @@ -3277,6 +3277,10 @@ Layout::create_gnu_properties_note() > { > parameters->target().finalize_gnu_properties(this); > > + if (parameters->options().memory_seal()) > + this->add_gnu_property(elfcpp::NT_GNU_PROPERTY_TYPE_0, > + elfcpp::GNU_PROPERTY_MEMORY_SEAL, 0, 0); > + > if (this->gnu_properties_.empty()) > return; > > diff --git a/gold/options.h b/gold/options.h > index 4eb3678e9ec..441ba98acd7 100644 > --- a/gold/options.h > +++ b/gold/options.h > @@ -1546,6 +1546,9 @@ class General_options > N_("Keep .text.hot, .text.startup, .text.exit and .text.unlikely " > "as separate sections in the final binary."), > N_("Merge all .text.* prefix sections.")); > + DEFINE_bool(memory_seal, options::DASH_Z, '\0', false, > + N_("Mark object be memory sealed"), > + N_("Don't mark oject to be memory sealed")); > > > public: > diff --git a/gold/testsuite/Makefile.am b/gold/testsuite/Makefile.am > index 8f158ba20cc..f6eddea65fd 100644 > --- a/gold/testsuite/Makefile.am > +++ b/gold/testsuite/Makefile.am > @@ -4476,3 +4476,22 @@ package_metadata_test.o: package_metadata_main.c > package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld > $(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}' > $(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}' > + > +check_SCRIPTS += memory_seal_test.sh > +check_DATA += memory_seal_test_1.stdout memory_seal_test_2.stdout > +MOSTLYCLEANFILES += memory_seal_test > +memory_seal_test_1.stdout: memory_seal_main > + $(TEST_READELF) -n $< >$@ > +memory_seal_test_2.stdout: memory_seal_shared.so > + $(TEST_READELF) -n $< >$@ > +memory_seal_main: gcctestdir/ld memory_seal_main.o > + gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o > +memory_seal_main.o: memory_seal_main.c > + $(COMPILE) -c -o $@ $< > +memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o > + gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o > +memory_seal_shared.o: memory_seal_shared.c > + $(COMPILE) -c -fPIC -o $@ $< > + > + > + > diff --git a/gold/testsuite/Makefile.in b/gold/testsuite/Makefile.in > index 357dec0d4f9..e95e8ed5d08 100644 > --- a/gold/testsuite/Makefile.in > +++ b/gold/testsuite/Makefile.in > @@ -2888,7 +2888,7 @@ MOSTLYCLEANFILES = *.so *.syms *.stdout *.stderr $(am__append_4) \ > $(am__append_88) $(am__append_91) $(am__append_93) \ > $(am__append_102) $(am__append_105) $(am__append_108) \ > $(am__append_111) $(am__append_114) $(am__append_117) \ > - $(am__append_120) $(am__append_121) > + $(am__append_120) $(am__append_121) memory_seal_test > > # We will add to these later, for each individual test. Note > # that we add each test under check_SCRIPTS or check_PROGRAMS; > @@ -2901,7 +2901,7 @@ check_SCRIPTS = $(am__append_2) $(am__append_21) $(am__append_25) \ > $(am__append_89) $(am__append_96) $(am__append_100) \ > $(am__append_103) $(am__append_106) $(am__append_109) \ > $(am__append_112) $(am__append_115) $(am__append_118) \ > - $(am__append_122) > + $(am__append_122) memory_seal_test.sh > check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \ > $(am__append_32) $(am__append_38) $(am__append_45) \ > $(am__append_50) $(am__append_54) $(am__append_58) \ > @@ -2910,7 +2910,8 @@ check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \ > $(am__append_90) $(am__append_97) $(am__append_101) \ > $(am__append_104) $(am__append_107) $(am__append_110) \ > $(am__append_113) $(am__append_116) $(am__append_119) \ > - $(am__append_123) > + $(am__append_123) memory_seal_test_1.stdout \ > + memory_seal_test_2.stdout > BUILT_SOURCES = $(am__append_42) > TESTS = $(check_SCRIPTS) $(check_PROGRAMS) > > @@ -6524,6 +6525,13 @@ retain.sh.log: retain.sh > --log-file $$b.log --trs-file $$b.trs \ > $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ > "$$tst" $(AM_TESTS_FD_REDIRECT) > +memory_seal_test.sh.log: memory_seal_test.sh > + @p='memory_seal_test.sh'; \ > + b='memory_seal_test.sh'; \ > + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ > + --log-file $$b.log --trs-file $$b.trs \ > + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ > + "$$tst" $(AM_TESTS_FD_REDIRECT) > object_unittest.log: object_unittest$(EXEEXT) > @p='object_unittest$(EXEEXT)'; \ > b='object_unittest'; \ > @@ -10524,6 +10532,18 @@ package_metadata_test.o: package_metadata_main.c > package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld > $(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}' > $(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}' > +memory_seal_test_1.stdout: memory_seal_main > + $(TEST_READELF) -n $< >$@ > +memory_seal_test_2.stdout: memory_seal_shared.so > + $(TEST_READELF) -n $< >$@ > +memory_seal_main: gcctestdir/ld memory_seal_main.o > + gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o > +memory_seal_main.o: memory_seal_main.c > + $(COMPILE) -c -o $@ $< > +memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o > + gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o > +memory_seal_shared.o: memory_seal_shared.c > + $(COMPILE) -c -fPIC -o $@ $< > > # Tell versions [3.59,3.63) of GNU make to not export all variables. > # Otherwise a system limit (for SysV at least) may be exceeded. > diff --git a/gold/testsuite/memory_seal_main.c b/gold/testsuite/memory_seal_main.c > new file mode 100644 > index 00000000000..77bc677e8eb > --- /dev/null > +++ b/gold/testsuite/memory_seal_main.c > @@ -0,0 +1,5 @@ > +int > +main(void) > +{ > + return 0; > +} > diff --git a/gold/testsuite/memory_seal_shared.c b/gold/testsuite/memory_seal_shared.c > new file mode 100644 > index 00000000000..8cf7b6143da > --- /dev/null > +++ b/gold/testsuite/memory_seal_shared.c > @@ -0,0 +1,7 @@ > +int foo (void); > + > +int > +foo(void) > +{ > + return 0; > +} > diff --git a/gold/testsuite/memory_seal_test.sh b/gold/testsuite/memory_seal_test.sh > new file mode 100755 > index 00000000000..c2194213445 > --- /dev/null > +++ b/gold/testsuite/memory_seal_test.sh > @@ -0,0 +1,45 @@ > +#!/bin/sh > + > +# memory_seal_test.sh -- test GNU_PROPERTY_MEMORY_SEAL gnu property > + > +# Copyright (C) 2018-2024 Free Software Foundation, Inc. > + > +# This file is part of gold. > + > +# This program is free software; you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation; either version 3 of the License, or > +# (at your option) any later version. > + > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > + > +# You should have received a copy of the GNU General Public License > +# along with this program; if not, write to the Free Software > +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, > +# MA 02110-1301, USA. > + > +# This script checks that after linking the three object files > +# gnu_property_[abc].S, each of which contains a .note.gnu.property > +# section, the resulting output has only a single such note section, > +# and that the properties have been correctly combined. > + > +check() > +{ > + if ! grep -q "$2" "$1" > + then > + echo "Did not find expected output in $1:" > + echo " $2" > + echo "" > + echo "Actual output below:" > + cat "$1" > + exit 1 > + fi > +} > + > +check memory_seal_test_1.stdout "memory seal" > +check memory_seal_test_2.stdout "memory seal" > + > +exit 0 > -- > 2.43.0 >
diff --git a/elfcpp/elfcpp.h b/elfcpp/elfcpp.h index 3ceddbda19c..1b7a1f7f8ac 100644 --- a/elfcpp/elfcpp.h +++ b/elfcpp/elfcpp.h @@ -1023,6 +1023,7 @@ enum { GNU_PROPERTY_STACK_SIZE = 1, GNU_PROPERTY_NO_COPY_ON_PROTECTED = 2, + GNU_PROPERTY_MEMORY_SEAL = 3, GNU_PROPERTY_LOPROC = 0xc0000000, GNU_PROPERTY_X86_COMPAT_ISA_1_USED = 0xc0000000, GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED = 0xc0000001, diff --git a/gold/NEWS b/gold/NEWS index c0f4842e617..7fca7603476 100644 --- a/gold/NEWS +++ b/gold/NEWS @@ -5,6 +5,9 @@ * Remove support for -z bndplt (MPX prefix instructions). +* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the + object to memory sealed. + Changes in 1.16: * Improve warning messages for relocations that refer to discarded sections. diff --git a/gold/layout.cc b/gold/layout.cc index f690c67618e..8adace07676 100644 --- a/gold/layout.cc +++ b/gold/layout.cc @@ -3277,6 +3277,10 @@ Layout::create_gnu_properties_note() { parameters->target().finalize_gnu_properties(this); + if (parameters->options().memory_seal()) + this->add_gnu_property(elfcpp::NT_GNU_PROPERTY_TYPE_0, + elfcpp::GNU_PROPERTY_MEMORY_SEAL, 0, 0); + if (this->gnu_properties_.empty()) return; diff --git a/gold/options.h b/gold/options.h index 4eb3678e9ec..441ba98acd7 100644 --- a/gold/options.h +++ b/gold/options.h @@ -1546,6 +1546,9 @@ class General_options N_("Keep .text.hot, .text.startup, .text.exit and .text.unlikely " "as separate sections in the final binary."), N_("Merge all .text.* prefix sections.")); + DEFINE_bool(memory_seal, options::DASH_Z, '\0', false, + N_("Mark object be memory sealed"), + N_("Don't mark oject to be memory sealed")); public: diff --git a/gold/testsuite/Makefile.am b/gold/testsuite/Makefile.am index 8f158ba20cc..f6eddea65fd 100644 --- a/gold/testsuite/Makefile.am +++ b/gold/testsuite/Makefile.am @@ -4476,3 +4476,22 @@ package_metadata_test.o: package_metadata_main.c package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld $(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}' $(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}' + +check_SCRIPTS += memory_seal_test.sh +check_DATA += memory_seal_test_1.stdout memory_seal_test_2.stdout +MOSTLYCLEANFILES += memory_seal_test +memory_seal_test_1.stdout: memory_seal_main + $(TEST_READELF) -n $< >$@ +memory_seal_test_2.stdout: memory_seal_shared.so + $(TEST_READELF) -n $< >$@ +memory_seal_main: gcctestdir/ld memory_seal_main.o + gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o +memory_seal_main.o: memory_seal_main.c + $(COMPILE) -c -o $@ $< +memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o + gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o +memory_seal_shared.o: memory_seal_shared.c + $(COMPILE) -c -fPIC -o $@ $< + + + diff --git a/gold/testsuite/Makefile.in b/gold/testsuite/Makefile.in index 357dec0d4f9..e95e8ed5d08 100644 --- a/gold/testsuite/Makefile.in +++ b/gold/testsuite/Makefile.in @@ -2888,7 +2888,7 @@ MOSTLYCLEANFILES = *.so *.syms *.stdout *.stderr $(am__append_4) \ $(am__append_88) $(am__append_91) $(am__append_93) \ $(am__append_102) $(am__append_105) $(am__append_108) \ $(am__append_111) $(am__append_114) $(am__append_117) \ - $(am__append_120) $(am__append_121) + $(am__append_120) $(am__append_121) memory_seal_test # We will add to these later, for each individual test. Note # that we add each test under check_SCRIPTS or check_PROGRAMS; @@ -2901,7 +2901,7 @@ check_SCRIPTS = $(am__append_2) $(am__append_21) $(am__append_25) \ $(am__append_89) $(am__append_96) $(am__append_100) \ $(am__append_103) $(am__append_106) $(am__append_109) \ $(am__append_112) $(am__append_115) $(am__append_118) \ - $(am__append_122) + $(am__append_122) memory_seal_test.sh check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \ $(am__append_32) $(am__append_38) $(am__append_45) \ $(am__append_50) $(am__append_54) $(am__append_58) \ @@ -2910,7 +2910,8 @@ check_DATA = $(am__append_3) $(am__append_22) $(am__append_26) \ $(am__append_90) $(am__append_97) $(am__append_101) \ $(am__append_104) $(am__append_107) $(am__append_110) \ $(am__append_113) $(am__append_116) $(am__append_119) \ - $(am__append_123) + $(am__append_123) memory_seal_test_1.stdout \ + memory_seal_test_2.stdout BUILT_SOURCES = $(am__append_42) TESTS = $(check_SCRIPTS) $(check_PROGRAMS) @@ -6524,6 +6525,13 @@ retain.sh.log: retain.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +memory_seal_test.sh.log: memory_seal_test.sh + @p='memory_seal_test.sh'; \ + b='memory_seal_test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) object_unittest.log: object_unittest$(EXEEXT) @p='object_unittest$(EXEEXT)'; \ b='object_unittest'; \ @@ -10524,6 +10532,18 @@ package_metadata_test.o: package_metadata_main.c package_metadata_test$(EXEEXT): package_metadata_test.o gcctestdir/ld $(CXXLINK) package_metadata_test.o -Wl,--package-metadata='{"foo":"bar"}' $(TEST_READELF) --notes $@ | grep -q '{"foo":"bar"}' +memory_seal_test_1.stdout: memory_seal_main + $(TEST_READELF) -n $< >$@ +memory_seal_test_2.stdout: memory_seal_shared.so + $(TEST_READELF) -n $< >$@ +memory_seal_main: gcctestdir/ld memory_seal_main.o + gcctestdir/ld -z memory-seal -o $@ memory_seal_main.o +memory_seal_main.o: memory_seal_main.c + $(COMPILE) -c -o $@ $< +memory_seal_shared.so: gcctestdir/ld memory_seal_shared.o + gcctestdir/ld -z memory-seal -shared -o $@ memory_seal_shared.o +memory_seal_shared.o: memory_seal_shared.c + $(COMPILE) -c -fPIC -o $@ $< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/gold/testsuite/memory_seal_main.c b/gold/testsuite/memory_seal_main.c new file mode 100644 index 00000000000..77bc677e8eb --- /dev/null +++ b/gold/testsuite/memory_seal_main.c @@ -0,0 +1,5 @@ +int +main(void) +{ + return 0; +} diff --git a/gold/testsuite/memory_seal_shared.c b/gold/testsuite/memory_seal_shared.c new file mode 100644 index 00000000000..8cf7b6143da --- /dev/null +++ b/gold/testsuite/memory_seal_shared.c @@ -0,0 +1,7 @@ +int foo (void); + +int +foo(void) +{ + return 0; +} diff --git a/gold/testsuite/memory_seal_test.sh b/gold/testsuite/memory_seal_test.sh new file mode 100755 index 00000000000..c2194213445 --- /dev/null +++ b/gold/testsuite/memory_seal_test.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +# memory_seal_test.sh -- test GNU_PROPERTY_MEMORY_SEAL gnu property + +# Copyright (C) 2018-2024 Free Software Foundation, Inc. + +# This file is part of gold. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, +# MA 02110-1301, USA. + +# This script checks that after linking the three object files +# gnu_property_[abc].S, each of which contains a .note.gnu.property +# section, the resulting output has only a single such note section, +# and that the properties have been correctly combined. + +check() +{ + if ! grep -q "$2" "$1" + then + echo "Did not find expected output in $1:" + echo " $2" + echo "" + echo "Actual output below:" + cat "$1" + exit 1 + fi +} + +check memory_seal_test_1.stdout "memory seal" +check memory_seal_test_2.stdout "memory seal" + +exit 0