Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64

["H.J. Lu" <hjl dot tools at gmail dot com>]

On Tue, Aug 11, 2015 at 5:55 PM, Sriraman Tallam <tmsriram@google.com> wrote:
> On Tue, Aug 11, 2015 at 5:02 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
>> On Tue, Aug 11, 2015 at 3:57 PM, Sriraman Tallam <tmsriram@google.com> wrote:
>>> On Tue, Aug 11, 2015 at 3:54 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
>>>> On Tue, Aug 11, 2015 at 3:37 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
>>>>> On Tue, Aug 11, 2015 at 3:31 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
>>>>>
>>>>>> No.  I am proposing that linker issues an error if there is TEXTREL
>>>>>> with IFUNC unless "-z now'" is used, assuming that this doesn't
>>>>>> require changes to ld.so nor SELinux.
>>>>>
>>>>> Ah, ok. But that *doesn't* help current crash at all: "-z now" will
>>>>> force IFUNC resolver (if any) to be called, and that call will fail
>>>>> since we are currently removing execute protections.
>>>>> (This is in fact the situation we've discovered the crash in originally.)
>>>>
>>>> Can you try adding  -Wl,-z,execstack?
>>>
>>> Yes, making the stack executable will solve the problem.  My test case
>>> needed ".note.GNU-stack" specifically for this.
>>
>> Given SELinux issue, I don't think we should change ld.so.  Instead,
>> we can change ld to issue an error for TEXTREL with IFUNC and
>> suggest -fPIE and  -Wl,-z,execstack as workaround.
>
> I am not sure I understand the problem.  What is wrong with the patch?
>  Why should IFUNC+TEXTREL be disallowed?

Since this will cause any TEXTREL binary to fail under SELinux config that
prohibits "W+E" permissions, which is OK without IFUNC.


-- 
H.J.