Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Sep 2015 21:48:50 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Cc: 0pf@...mu.org
Subject: musl/SH-FDPIC progress

I now have a working prototype of static-linked FDPIC binary support
in musl libc using gcc 5.2 (with the forward-ported SH-FDPIC patch)
and binutils 2.25.1. I've tested simple example programs and some
non-trivial examples with threads and they work both under qemu-sh4eb
with FDPIC support added (needs a small patch) and on real J2
hardware, where they successfully share text/execute-in-place.

The gcc patch is presently against gcc with all the other patches from
my musl-cross-make repo applied, so some refactoring will be needed to
propose it upstream, but I think it's ready for initial review. After
a little bit more cleanup (mainly bad specs logic) I'll go ahead and
put a version of this patch in the toolchain repo.

On the musl side, the changes are not ready for upstream. Adding FDPIC
revealed that the way we're bootstrapping the dynamic linker and PIE
entry point does not make sense, but I already knew that anyway --
having to use -export-dynamic for static-linked PIE was already a
problem. I might however be able to get just the non-PIE, static
linking only version of FDPIC support upstreamable in the next few
days and go ahead and commit that before working on the bigger
upstream changes that will be needed to make full FDPIC support
(including dynamic linking) possible.

On the kernel side, a really ugly issue is blocking FDPIC deployment:
the kernel interprets an ELF header bit the opposite of how it's
specified and how ld sets it. Details are in this thread:

http://www.spinics.net/lists/linux-sh/msg44965.html

Until that's resolved, it's impossible to make future-proof FDPIC
binaries that will reliably share text. (They'll work regardless, but
won't share text.)

I'll follow up soon with details on patches needed to make this all
work.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ