Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 233d460f authored by Nick Kralevich's avatar Nick Kralevich
Browse files

ARM: compile everything with relro / bind_now. 

Enable relro / bind_now when compiling Android applications.
This marks certain regions of memory as read-only after linking,
making memory corruption security vulnerabilities are harder
to exploit.

See:
 * http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
 * http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

Stop using the custom linker script, which inhibits
relro / bind_now support.

Change-Id: Ie97ccdd2845886bbc2ba2fdd47eed0ff4b29b60b
parent a56be342

core/armelf.x

deleted100644 → 0
+0 −210
Original line number Diff line number Diff line 
/* Default linker script, for normal executables */

OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm",

	      "elf32-littlearm")

OUTPUT_ARCH(arm)

ENTRY(_start)

SEARCH_DIR("/usr/local/armdev/arm-elf/lib");

/* Do we need any of these for elf?

   __DYNAMIC = 0;    */

SECTIONS

{

  /* Read-only sections, merged into text segment: */

/*  PROVIDE (__executable_start = 0x8000); . = 0x8000; */

. = 0x8000 + SIZEOF_HEADERS; 

  .interp         : { *(.interp) }

  .hash           : { *(.hash) }

  .dynsym         : { *(.dynsym) }

  .dynstr         : { *(.dynstr) }

  .gnu.version    : { *(.gnu.version) }

  .gnu.version_d  : { *(.gnu.version_d) }

  .gnu.version_r  : { *(.gnu.version_r) }

  .rel.init       : { *(.rel.init) }

  .rela.init      : { *(.rela.init) }

  .rel.text       : { *(.rel.text .rel.text.* .rel.gnu.linkonce.t.*) }

  .rela.text      : { *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*) }

  .rel.fini       : { *(.rel.fini) }

  .rela.fini      : { *(.rela.fini) }

  .rel.rodata     : { *(.rel.rodata .rel.rodata.* .rel.gnu.linkonce.r.*) }

  .rela.rodata    : { *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*) }

  .rel.data.rel.ro   : { *(.rel.data.rel.ro*) }

  .rela.data.rel.ro   : { *(.rel.data.rel.ro*) }

  .rel.data       : { *(.rel.data .rel.data.* .rel.gnu.linkonce.d.*) }

  .rela.data      : { *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*) }

  .rel.tdata	  : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) }

  .rela.tdata	  : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) }

  .rel.tbss	  : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) }

  .rela.tbss	  : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) }

  .rel.ctors      : { *(.rel.ctors) }

  .rela.ctors     : { *(.rela.ctors) }

  .rel.dtors      : { *(.rel.dtors) }

  .rela.dtors     : { *(.rela.dtors) }

  .rel.got        : { *(.rel.got) }

  .rela.got       : { *(.rela.got) }

  .rel.bss        : { *(.rel.bss .rel.bss.* .rel.gnu.linkonce.b.*) }

  .rela.bss       : { *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) }

  .rel.plt        : { *(.rel.plt) }

  .rela.plt       : { *(.rela.plt) }

  .init           :

  {

    KEEP (*(.init))

  } =0

  .plt            : { *(.plt) }

  .text           :

  {

    *(.text .stub .text.* .gnu.linkonce.t.*)

    KEEP (*(.text.*personality*))

    /* .gnu.warning sections are handled specially by elf32.em.  */

    *(.gnu.warning)

    *(.glue_7t) *(.glue_7)

  } =0

  .fini           :

  {

    KEEP (*(.fini))

  } =0

  PROVIDE (__etext = .);

  PROVIDE (_etext = .);

  PROVIDE (etext = .);

  .rodata         : { *(.rodata .rodata.* .gnu.linkonce.r.*) }

  .rodata1        : { *(.rodata1) }

  /* We have to wrap extab and exidx sections with KEEP because we use

     --gc-sections. */

  .ARM.extab   : { KEEP (*(.ARM.extab* .gnu.linkonce.armextab.*)) }

   __exidx_start = .;

  .ARM.exidx   : { KEEP (*(.ARM.exidx* .gnu.linkonce.armexidx.*)) }

   __exidx_end = .;

  .eh_frame_hdr : { *(.eh_frame_hdr) }

  .eh_frame       : ONLY_IF_RO { KEEP (*(.eh_frame)) }

  .gcc_except_table   : ONLY_IF_RO { KEEP (*(.gcc_except_table)) *(.gcc_except_table.*) }

  /* Adjust the address for the data segment.  We want to align at exactly

     a page boundary to make life easier for apriori. */

  . = ALIGN(4096);

  /* Exception handling  */

  .eh_frame       : ONLY_IF_RW { KEEP (*(.eh_frame)) }

  .gcc_except_table   : ONLY_IF_RW { KEEP (*(.gcc_except_table)) *(.gcc_except_table.*) }

  /* Thread Local Storage sections  */

  .tdata	  : { *(.tdata .tdata.* .gnu.linkonce.td.*) }

  .tbss		  : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }

  /* Ensure the __preinit_array_start label is properly aligned.  We

     could instead move the label definition inside the section, but

     the linker would then create the section even if it turns out to

     be empty, which isn't pretty.  */

  . = ALIGN(32 / 8);

  PROVIDE (__preinit_array_start = .);

  .preinit_array     : { KEEP (*(.preinit_array)) }

  PROVIDE (__preinit_array_end = .);

  PROVIDE (__init_array_start = .);

  .init_array     : {

    KEEP (*(SORT(.init_array.*)))

    KEEP (*(.init_array))

  }

  PROVIDE (__init_array_end = .);

  PROVIDE (__fini_array_start = .);

  .fini_array     : {

    KEEP (*(.fini_array))

    KEEP (*(SORT(.fini_array.*)))

  }

  PROVIDE (__fini_array_end = .);

  .ctors          :

  {

    /* gcc uses crtbegin.o to find the start of

       the constructors, so we make sure it is

       first.  Because this is a wildcard, it

       doesn't matter if the user does not

       actually link against crtbegin.o; the

       linker won't look for a file to match a

       wildcard.  The wildcard also means that it

       doesn't matter which directory crtbegin.o

       is in.  */

    KEEP (*crtbegin*.o(.ctors))

    /* We don't want to include the .ctor section from

       from the crtend.o file until after the sorted ctors.

       The .ctor section from the crtend file contains the

       end of ctors marker and it must be last */

    KEEP (*(EXCLUDE_FILE (*crtend*.o ) .ctors))

    KEEP (*(SORT(.ctors.*)))

    KEEP (*(.ctors))

  }

  .dtors          :

  {

    KEEP (*crtbegin*.o(.dtors))

    KEEP (*(EXCLUDE_FILE (*crtend*.o ) .dtors))

    KEEP (*(SORT(.dtors.*)))

    KEEP (*(.dtors))

  }

  .jcr            : { KEEP (*(.jcr)) }

  .data.rel.ro : { *(.data.rel.ro.local) *(.data.rel.ro*) }

  .dynamic        : { *(.dynamic) }

  .got            : { *(.got.plt) *(.got) }

  .data           :

  {

    __data_start = . ;

    *(.data .data.* .gnu.linkonce.d.*)

    KEEP (*(.gnu.linkonce.d.*personality*))

    SORT(CONSTRUCTORS)

  }

  .data1          : { *(.data1) }

  _edata = .;

  PROVIDE (edata = .);

  __bss_start = .;

  __bss_start__ = .;

  .bss            :

  {

   *(.dynbss)

   *(.bss .bss.* .gnu.linkonce.b.*)

   *(COMMON)

   /* Align here to ensure that the .bss section occupies space up to

      _end.  Align after .bss to ensure correct alignment even if the

      .bss section disappears because there are no input sections.  */

   . = ALIGN(32 / 8);

  }

  . = ALIGN(32 / 8);

  _end = .;

  _bss_end__ = . ; __bss_end__ = . ; __end__ = . ;

  PROVIDE (end = .);

  /* Stabs debugging sections.  */

  .stab          0 : { *(.stab) }

  .stabstr       0 : { *(.stabstr) }

  .stab.excl     0 : { *(.stab.excl) }

  .stab.exclstr  0 : { *(.stab.exclstr) }

  .stab.index    0 : { *(.stab.index) }

  .stab.indexstr 0 : { *(.stab.indexstr) }

  .comment       0 : { *(.comment) }

  /* DWARF debug sections.

     Symbols in the DWARF debugging sections are relative to the beginning

     of the section so we begin them at 0.  */

  /* DWARF 1 */

  .debug          0 : { *(.debug) }

  .line           0 : { *(.line) }

  /* GNU DWARF 1 extensions */

  .debug_srcinfo  0 : { *(.debug_srcinfo) }

  .debug_sfnames  0 : { *(.debug_sfnames) }

  /* DWARF 1.1 and DWARF 2 */

  .debug_aranges  0 : { *(.debug_aranges) }

  .debug_pubnames 0 : { *(.debug_pubnames) }

  /* DWARF 2 */

  .debug_info     0 : { *(.debug_info .gnu.linkonce.wi.*) }

  .debug_abbrev   0 : { *(.debug_abbrev) }

  .debug_line     0 : { *(.debug_line) }

  .debug_frame    0 : { *(.debug_frame) }

  .debug_str      0 : { *(.debug_str) }

  .debug_loc      0 : { *(.debug_loc) }

  .debug_macinfo  0 : { *(.debug_macinfo) }

  /* SGI/MIPS DWARF 2 extensions */

  .debug_weaknames 0 : { *(.debug_weaknames) }

  .debug_funcnames 0 : { *(.debug_funcnames) }

  .debug_typenames 0 : { *(.debug_typenames) }

  .debug_varnames  0 : { *(.debug_varnames) }

  /* Adding the word ABSOLUTE below, so that the _stack below won't float 

     into a random section. If _stack is not absolutely with .stack section,

     we saw that sometimes _stack got inserted into the .debug_frame section

     because it's processed by the linker at that moment. As a result, _stack

     symbol will get wrongly moved and gelf_update_symshndx() will return

     invalid data. */

    .stack         0x80000 :

  {

    _stack = ABSOLUTE(.);

    *(.stack)

  }

  .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) }

  /DISCARD/ : { *(.note.GNU-stack) }

}

core/armelflib.x

deleted100644 → 0
+0 −170
Original line number Diff line number Diff line 
/* Default linker script, for normal executables */

OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm",

	      "elf32-littlearm")

OUTPUT_ARCH(arm)

ENTRY(_start)

SEARCH_DIR("/usr/local/armdev/arm-elf/lib");

/* Do we need any of these for elf?

   __DYNAMIC = 0;    */

SECTIONS

{

  /* Read-only sections, merged into text segment: */

/*  PROVIDE (__executable_start = 0x8000); . = 0x8000; */

. = 0 + SIZEOF_HEADERS; 

  .interp         : { *(.interp) }

  .init           :

  {

    KEEP (*(.init))

  } =0

  .plt            : { *(.plt) }

  .text           :

  {

    *(.text .stub .text.* .gnu.linkonce.t.*)

    KEEP (*(.text.*personality*))

    /* .gnu.warning sections are handled specially by elf32.em.  */

    *(.gnu.warning)

    *(.glue_7t) *(.glue_7)

  } =0

  .fini           :

  {

    KEEP (*(.fini))

  } =0

  PROVIDE (__etext = .);

  PROVIDE (_etext = .);

  PROVIDE (etext = .);

  .rodata         : { *(.rodata .rodata.* .gnu.linkonce.r.*) }

  .rodata1        : { *(.rodata1) }

  .ARM.extab   : { *(.ARM.extab* .gnu.linkonce.armextab.*) }

   __exidx_start = .;

  .ARM.exidx   : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) }

   __exidx_end = .;

  .eh_frame_hdr : { *(.eh_frame_hdr) }

  .eh_frame       : ONLY_IF_RO { KEEP (*(.eh_frame)) }

  .gcc_except_table   : ONLY_IF_RO { KEEP (*(.gcc_except_table)) *(.gcc_except_table.*) }

  /* Adjust the address for the data segment.  We want to adjust up to

     the same address within the page on the next page up.  */

  . = ALIGN(256) + (. & (256 - 1));

  /* Exception handling  */

  .eh_frame       : ONLY_IF_RW { KEEP (*(.eh_frame)) }

  .gcc_except_table   : ONLY_IF_RW { KEEP (*(.gcc_except_table)) *(.gcc_except_table.*) }

  /* Thread Local Storage sections  */

  .tdata	  : { *(.tdata .tdata.* .gnu.linkonce.td.*) }

  .tbss		  : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }

  /* Ensure the __preinit_array_start label is properly aligned.  We

     could instead move the label definition inside the section, but

     the linker would then create the section even if it turns out to

     be empty, which isn't pretty.  */

  . = ALIGN(32 / 8);

  PROVIDE (__preinit_array_start = .);

  .preinit_array     : { KEEP (*(.preinit_array)) }

  PROVIDE (__preinit_array_end = .);

  PROVIDE (__init_array_start = .);

  .init_array     : {

     KEEP (*(SORT(.init_array.*)))

     KEEP (*(.init_array))

   }

  PROVIDE (__init_array_end = .);

  PROVIDE (__fini_array_start = .);

  .fini_array     : {

    KEEP (*(.fini_array))

    KEEP (*(SORT(.fini_array.*)))

  }

  PROVIDE (__fini_array_end = .);

  .ctors          :

  {

    /* gcc uses crtbegin.o to find the start of

       the constructors, so we make sure it is

       first.  Because this is a wildcard, it

       doesn't matter if the user does not

       actually link against crtbegin.o; the

       linker won't look for a file to match a

       wildcard.  The wildcard also means that it

       doesn't matter which directory crtbegin.o

       is in.  */

    KEEP (*crtbegin*.o(.ctors))

    /* We don't want to include the .ctor section from

       from the crtend.o file until after the sorted ctors.

       The .ctor section from the crtend file contains the

       end of ctors marker and it must be last */

    KEEP (*(EXCLUDE_FILE (*crtend*.o ) .ctors))

    KEEP (*(SORT(.ctors.*)))

    KEEP (*(.ctors))

  }

  .dtors          :

  {

    KEEP (*crtbegin*.o(.dtors))

    KEEP (*(EXCLUDE_FILE (*crtend*.o ) .dtors))

    KEEP (*(SORT(.dtors.*)))

    KEEP (*(.dtors))

  }

  .jcr            : { KEEP (*(.jcr)) }

  .data.rel.ro : { *(.data.rel.ro.local) *(.data.rel.ro*) }

  .got            : { *(.got.plt) *(.got) }

  .data           :

  {

    __data_start = . ;

    *(.data .data.* .gnu.linkonce.d.*)

    KEEP (*(.gnu.linkonce.d.*personality*))

    SORT(CONSTRUCTORS)

  }

  .data1          : { *(.data1) }

  _edata = .;

  PROVIDE (edata = .);

  .dynamic        : { *(.dynamic) }

  .hash           : { *(.hash) }

  .dynsym         : { *(.dynsym) }

  .dynstr         : { *(.dynstr) }

/*  .shstrtab	  : { *(.shstrtab) } */

  .rel.plt        : { *(.rel.plt) }

  .rel.dyn	  : { *(.rel.*) }

  __bss_start = .;

  __bss_start__ = .;

  .bss            :

  {

   *(.dynbss)

   *(.bss .bss.* .gnu.linkonce.b.*)

   *(COMMON)

   /* Align here to ensure that the .bss section occupies space up to

      _end.  Align after .bss to ensure correct alignment even if the

      .bss section disappears because there are no input sections.  */

   . = ALIGN(32 / 8);

  }

  . = ALIGN(32 / 8);

  _end = .;

  _bss_end__ = . ; __bss_end__ = . ; __end__ = . ;

  PROVIDE (end = .);

  /* Stabs debugging sections.  */

  .stab          0 : { *(.stab) }

  .stabstr       0 : { *(.stabstr) }

  .stab.excl     0 : { *(.stab.excl) }

  .stab.exclstr  0 : { *(.stab.exclstr) }

  .stab.index    0 : { *(.stab.index) }

  .stab.indexstr 0 : { *(.stab.indexstr) }

  /* DWARF debug sections.

     Symbols in the DWARF debugging sections are relative to the beginning

     of the section so we begin them at 0.  */

  /* DWARF 1 */

  .debug          0 : { *(.debug) }

  .line           0 : { *(.line) }

  /* GNU DWARF 1 extensions */

  .debug_srcinfo  0 : { *(.debug_srcinfo) }

  .debug_sfnames  0 : { *(.debug_sfnames) }

  /* DWARF 1.1 and DWARF 2 */

  .debug_aranges  0 : { *(.debug_aranges) }

  .debug_pubnames 0 : { *(.debug_pubnames) }

  /* DWARF 2 */

  .debug_info     0 : { *(.debug_info .gnu.linkonce.wi.*) }

  .debug_abbrev   0 : { *(.debug_abbrev) }

  .debug_line     0 : { *(.debug_line) }

  .debug_frame    0 : { *(.debug_frame) }

  .debug_str      0 : { *(.debug_str) }

  .debug_loc      0 : { *(.debug_loc) }

  .debug_macinfo  0 : { *(.debug_macinfo) }

  /* SGI/MIPS DWARF 2 extensions */

  .debug_weaknames 0 : { *(.debug_weaknames) }

  .debug_funcnames 0 : { *(.debug_funcnames) }

  .debug_typenames 0 : { *(.debug_typenames) }

  .debug_varnames  0 : { *(.debug_varnames) }

  .note.gnu.arm.ident 0 : { KEEP (*(.note.gnu.arm.ident)) }

  /DISCARD/ : { *(.note.GNU-stack) *(.comment*) *(.stack*) *(.shstrtab) }

}

core/combo/TARGET_linux-arm.mk

+3 −1
Original line number Diff line number Diff line
@@ -135,6 +135,8 @@ TARGET_GLOBAL_CFLAGS += -Wno-psabi 


TARGET_GLOBAL_LDFLAGS += \

			-Wl,-z,noexecstack \

			-Wl,-z,relro \

			-Wl,-z,now \

			-Wl,--icf=safe \

			$(arch_variant_ldflags)
@@ -246,7 +248,7 @@ endif 


define transform-o-to-shared-lib-inner

$(hide) $(PRIVATE_CXX) \

	-nostdlib -Wl,-soname,$(notdir $@) -Wl,-T,$(BUILD_SYSTEM)/armelf.xsc \

	-nostdlib -Wl,-soname,$(notdir $@) \

	-Wl,--gc-sections \

	-Wl,-shared,-Bsymbolic \

	$(PRIVATE_TARGET_GLOBAL_LD_DIRS) \