> Date: Fri, 21 Apr 2023 18:28:38 +0200
> From: Alexander Bluhm
>
> On Fri, Apr 21, 2023 at 07:35:22AM -0600, Theo de Raadt wrote:
> > It may still be better to add it to match the style. On i386, also.
>
> Here is the diff for arm64. No -fcf-protection for i386 yet.
>
> Before:
>
> root@o
Christian Weisgerber wrote:
> Alexander Bluhm:
>
> > After enabling -fcf-protection=branch for the kernel, we have a new
> > .plt section in the kernel. It was not there before.
>
> Same issue in userland: At least /usr/lib/crt0.o and /usr/lib/crtbegin.o
> have grown .plt and .note.gnu.propert
Alexander Bluhm:
> After enabling -fcf-protection=branch for the kernel, we have a new
> .plt section in the kernel. It was not there before.
Same issue in userland: At least /usr/lib/crt0.o and /usr/lib/crtbegin.o
have grown .plt and .note.gnu.property sections and some tools
(ld.bfd?) don't li
On Fri, Apr 21, 2023 at 07:35:22AM -0600, Theo de Raadt wrote:
> It may still be better to add it to match the style. On i386, also.
Here is the diff for arm64. No -fcf-protection for i386 yet.
Before:
root@ot11:.../GENERIC.MP# objdump -s obj/gapdummy.o | grep 'Contents of section'
Contents
It may still be better to add it to match the style. On i386, also.
It is quite surprising compiler behaviour to create a PLT for such .rodata..
Alexander Bluhm wrote:
> On Thu, Apr 20, 2023 at 05:21:37PM -0600, Theo de Raadt wrote:
> > I wonder if the same happens on arm64.
>
> On amd64 with
On Thu, Apr 20, 2023 at 05:21:37PM -0600, Theo de Raadt wrote:
> I wonder if the same happens on arm64.
On amd64 with the strange behavior linking gapdummy.o to gap.o adds
a .plt.
root@ot32:.../obj# objdump -s gapdummy.o | grep 'Contents of section'
Contents of section .note.gnu.property:
root@o
I wonder if the same happens on arm64.
Someone might want to try to do endbr32 on i386. It lacks a solid tail-CFI
(only stack-protector on some functions), mostly because retguard isn't possible
on the limited registers. So i386 would benefit from having a head CFI.
Thank you. That is correct.
Alexander Bluhm wrote:
> Hi,
>
> After enabling -fcf-protection=branch for the kernel, we have a new
> .plt section in the kernel. It was not there before.
>
> $ objdump -s .../snapshots/amd64/bsd
> ...
> 82048540 c7c13140 0682c9e9 c43646ff ..1@
Hi,
After enabling -fcf-protection=branch for the kernel, we have a new
.plt section in the kernel. It was not there before.
$ objdump -s .../snapshots/amd64/bsd
...
82048540 c7c13140 0682c9e9 c43646ff ..1@.6F.
Contents of section .plt:
82048550
