To support IBT in Intel Control-flow Enforcement Technology (CET)
instructions:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
#define GNU_PROPERTY_X86_FEATURE_1_AND 0xc0000002
#define GNU_PROPERTY_X86_FEATURE_1_IBT (1U << 0)
are added to GNU program properties to indicate that all executable
sections are compatible with IBT when ENDBR instruction starts each
valid target where an indirect branch instruction can land.
GNU_PROPERTY_X86_FEATURE_1_IBT is set on output only if it is set on
all relocatable inputs.
The followings changes are made to the Procedure Linkage Table (PLT):
1. For 64-bit x86-64, PLT is changed to
PLT0: push GOT[1]
bnd jmp *GOT[2]
nop
...
PLTn: endbr64
push namen_reloc_index
bnd jmp PLT0
together with the second PLT section:
PLTn: endbr64
bnd jmp *GOT[namen_index]
nop
BND prefix is also added so that IBT-enabled PLT is compatible with MPX.
2. For 32-bit x86-64 (x32) and i386, PLT is changed to
PLT0: push GOT[1]
jmp *GOT[2]
nop
...
PLTn: endbr64 # endbr32 for i386.
push namen_reloc_index
jmp PLT0
together with the second PLT section:
PLTn: endbr64 # endbr32 for i386.
jmp *GOT[namen_index]
nop
BND prefix isn't used since MPX isn't supported on x32 and BND registers
aren't used in parameter passing on i386.
GOT is an array of addresses. Initially, GOT[namen_index] is filled
with the address of the ENDBR instruction of the corresponding entry
in the first PLT section. The function, namen, is called via the
ENDBR instruction in the second PLT entry. GOT[namen_index] is updated
to the actual address of the function, namen, at run-time.
2 linker command line options are added:
1. -z ibtplt: Generate IBT-enabled PLT.
2. -z ibt: Generate GNU_PROPERTY_X86_FEATURE_1_IBT in GNU program
properties as well as IBT-enabled PLT.
bfd/
* elf32-i386.c (elf_i386_lazy_ibt_plt0_entry): New.
(elf_i386_lazy_ibt_plt_entry): Likewise.
(elf_i386_pic_lazy_ibt_plt0_entry): Likewise.
(elf_i386_non_lazy_ibt_plt_entry): Likewise.
(elf_i386_pic_non_lazy_ibt_plt_entry): Likewise.
(elf_i386_eh_frame_lazy_ibt_plt): Likewise.
(elf_i386_lazy_plt_layout): Likewise.
(elf_i386_non_lazy_plt_layout): Likewise.
(elf_i386_link_hash_entry): Add plt_second.
(elf_i386_link_hash_table): Add plt_second and
plt_second_eh_frame.
(elf_i386_allocate_dynrelocs): Use the second PLT if needed.
(elf_i386_size_dynamic_sections): Use .plt.got unwind info for
the second PLT. Check the second PLT.
(elf_i386_relocate_section): Use the second PLT to resolve
PLT reference if needed.
(elf_i386_finish_dynamic_symbol): Fill and use the second PLT if
needed.
(elf_i386_finish_dynamic_sections): Set sh_entsize on the
second PLT. Generate unwind info for the second PLT.
(elf_i386_plt_type): Add plt_second.
(elf_i386_get_synthetic_symtab): Support the second PLT.
(elf_i386_parse_gnu_properties): Support
GNU_PROPERTY_X86_FEATURE_1_AND.
(elf_i386_merge_gnu_properties): Support
GNU_PROPERTY_X86_FEATURE_1_AND. If info->ibt is set, turn
on GNU_PROPERTY_X86_FEATURE_1_IBT
(elf_i386_link_setup_gnu_properties): If info->ibt is set,
turn on GNU_PROPERTY_X86_FEATURE_1_IBT. Use IBT-enabled PLT
for info->ibtplt, info->ibt or GNU_PROPERTY_X86_FEATURE_1_IBT
is set on all relocatable inputs.
* elf64-x86-64.c (elf_x86_64_lazy_ibt_plt_entry): New.
(elf_x32_lazy_ibt_plt_entry): Likewise.
(elf_x86_64_non_lazy_ibt_plt_entry): Likewise.
(elf_x32_non_lazy_ibt_plt_entry): Likewise.
(elf_x86_64_eh_frame_lazy_ibt_plt): Likewise.
(elf_x32_eh_frame_lazy_ibt_plt): Likewise.
(elf_x86_64_lazy_ibt_plt): Likewise.
(elf_x32_lazy_ibt_plt): Likewise.
(elf_x86_64_non_lazy_ibt_plt): Likewise.
(elf_x32_non_lazy_ibt_plt): Likewise.
(elf_x86_64_get_synthetic_symtab): Support the second PLT.
(elf_x86_64_parse_gnu_properties): Support
GNU_PROPERTY_X86_FEATURE_1_AND.
(elf_x86_64_merge_gnu_properties): Support
GNU_PROPERTY_X86_FEATURE_1_AND. If info->ibt is set, turn
on GNU_PROPERTY_X86_FEATURE_1_IBT
(elf_x86_64_link_setup_gnu_properties): If info->ibt is set,
turn on GNU_PROPERTY_X86_FEATURE_1_IBT. Use IBT-enabled PLT
for info->ibtplt, info->ibt or GNU_PROPERTY_X86_FEATURE_1_IBT
is set on all relocatable inputs.
binutils/
* readelf.c (decode_x86_feature): New.
(print_gnu_property_note): Call decode_x86_feature on
GNU_PROPERTY_X86_FEATURE_1_AND.
* testsuite/binutils-all/i386/empty.d: New file.
* testsuite/binutils-all/i386/empty.s: Likewise.
* testsuite/binutils-all/i386/ibt.d: Likewise.
* testsuite/binutils-all/i386/ibt.s: Likewise.
* testsuite/binutils-all/x86-64/empty-x32.d: Likewise.
* testsuite/binutils-all/x86-64/empty.d: Likewise.
* testsuite/binutils-all/x86-64/empty.s: Likewise.
* testsuite/binutils-all/x86-64/ibt-x32.d: Likewise.
* testsuite/binutils-all/x86-64/ibt.d: Likewise.
* testsuite/binutils-all/x86-64/ibt.s: Likewise.
include/
* bfdlink.h (bfd_link_info): Add ibtplt and ibt.
* elf/common.h (GNU_PROPERTY_X86_FEATURE_1_AND): New.
(GNU_PROPERTY_X86_FEATURE_1_IBT): Likewise.
ld/
* Makefile.am (ELF_X86_DEPS): Add $(srcdir)/emulparams/cet.sh.
* Makefile.in: Regenerated.
* NEWS: Mention GNU_PROPERTY_X86_FEATURE_1_IBT, -z ibtplt
and -z ibt.
* emulparams/cet.sh: New file.
* testsuite/ld-i386/ibt-plt-1.d: Likewise.
* testsuite/ld-i386/ibt-plt-1.s: Likewise.
* testsuite/ld-i386/ibt-plt-2.s: Likewise.
* testsuite/ld-i386/ibt-plt-2a.d: Likewise.
* testsuite/ld-i386/ibt-plt-2b.d: Likewise.
* testsuite/ld-i386/ibt-plt-2c.d: Likewise.
* testsuite/ld-i386/ibt-plt-2d.d: Likewise.
* testsuite/ld-i386/ibt-plt-3.s: Likewise.
* testsuite/ld-i386/ibt-plt-3a.d: Likewise.
* testsuite/ld-i386/ibt-plt-3b.d: Likewise.
* testsuite/ld-i386/ibt-plt-3c.d: Likewise.
* testsuite/ld-i386/ibt-plt-3d.d: Likewise.
* testsuite/ld-i386/plt-main-ibt.dd: Likewise.
* testsuite/ld-i386/plt-pie-ibt.dd: Likewise.
* testsuite/ld-i386/property-x86-empty.s: Likewise.
* testsuite/ld-i386/property-x86-ibt.s: Likewise.
* testsuite/ld-i386/property-x86-ibt1a.d: Likewise.
* testsuite/ld-i386/property-x86-ibt1b.d: Likewise.
* testsuite/ld-i386/property-x86-ibt2.d: Likewise.
* testsuite/ld-i386/property-x86-ibt3a.d: Likewise.
* testsuite/ld-i386/property-x86-ibt3b.d: Likewise.
* testsuite/ld-i386/property-x86-ibt4.d: Likewise.
* testsuite/ld-i386/property-x86-ibt5.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-1-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-1.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-1.s: Likewise.
* testsuite/ld-x86-64/ibt-plt-2.s: Likewise.
* testsuite/ld-x86-64/ibt-plt-2a-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-2a.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-2b-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-2b.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-2c-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-2c.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-2d-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-2d.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-3.s: Likewise.
* testsuite/ld-x86-64/ibt-plt-3a-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-3a.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-3b-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-3b.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-3c-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-3c.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-3d-x32.d: Likewise.
* testsuite/ld-x86-64/ibt-plt-3d.d: Likewise.
* testsuite/ld-x86-64/plt-main-ibt-now.rd: Likewise.
* testsuite/ld-x86-64/plt-main-ibt-x32.dd: Likewise.
* testsuite/ld-x86-64/plt-main-ibt.dd: Likewise.
* testsuite/ld-x86-64/property-x86-empty.s: Likewise.
* testsuite/ld-x86-64/property-x86-ibt.s: Likewise.
* testsuite/ld-x86-64/property-x86-ibt1a-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt1a.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt1b-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt1b.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt2-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt2.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt3a-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt3a.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt3b-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt3b.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt4-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt4.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt5-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt5.d: Likewise.
* emulparams/elf32_x86_64.sh: Source emulparams/cet.sh.
(TINY_READONLY_SECTION): Add .plt.sec.
* emulparams/elf_i386.sh: Likewise.
* emulparams/elf_x86_64.sh: Source emulparams/cet.sh.
* ld.texinfo: Document -z ibtplt and -z ibt.
* testsuite/ld-i386/i386.exp: Run IBT and IBT PLT tests.
* testsuite/ld-x86-64/x86-64.exp: Likewise.
* testsuite/ld-x86-64/pr21481b.S (check): Updated for x32.
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
README for LD
This is the GNU linker. It is distributed with other "binary
utilities" which should be in ../binutils. See ../binutils/README for
more general notes, including where to send bug reports.
There are many features of the linker:
* The linker uses a Binary File Descriptor library (../bfd)
that it uses to read and write object files. This helps
insulate the linker itself from the format of object files.
* The linker supports a number of different object file
formats. It can even handle multiple formats at once:
Read two input formats and write a third.
* The linker can be configured for cross-linking.
* The linker supports a control language.
* There is a user manual (ld.texinfo), as well as the
beginnings of an internals manual (ldint.texinfo).
Installation
============
See ../binutils/README.
If you want to make a cross-linker, you may want to specify
a different search path of -lfoo libraries than the default.
You can do this by setting the LIB_PATH variable in ./Makefile
or using the --with-lib-path configure switch.
To build just the linker, make the target all-ld from the top level
directory (one directory above this one).
Porting to a new target
=======================
See the ldint.texinfo manual.
Reporting bugs etc
===========================
See ../binutils/README.
Known problems
==============
The Solaris linker normally exports all dynamic symbols from an
executable. The GNU linker does not do this by default. This is
because the GNU linker tries to present the same interface for all
similar targets (in this case, all native ELF targets). This does not
matter for normal programs, but it can make a difference for programs
which try to dlopen an executable, such as PERL or Tcl. You can make
the GNU linker export all dynamic symbols with the -E or
--export-dynamic command line option.
HP/UX 9.01 has a shell bug that causes the linker scripts to be
generated incorrectly. The symptom of this appears to be "fatal error
- scanner input buffer overflow" error messages. There are various
workarounds to this:
* Build and install bash, and build with "make SHELL=bash".
* Update to a version of HP/UX with a working shell (e.g., 9.05).
* Replace "(. ${srcdir}/scripttempl/${SCRIPT_NAME}.sc)" in
genscripts.sh with "sh ${srcdir}..." (no parens) and make sure the
emulparams script used exports any shell variables it sets.
Copyright (C) 2012-2017 Free Software Foundation, Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
ee2fdd6f36