This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC][PATCH] AArch64: use movz/movk instead of literal pools in start.S
- From: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
- To: Florian Weimer <fw at deneb dot enyo dot de>, wangboshi <wangboshi at huawei dot com>
- Cc: nd at arm dot com, libc-alpha at sourceware dot org
- Date: Mon, 11 Sep 2017 09:57:52 +0100
- Subject: Re: [RFC][PATCH] AArch64: use movz/movk instead of literal pools in start.S
- Authentication-results: sourceware.org; auth=none
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Szabolcs dot Nagy at arm dot com;
- Nodisclaimer: True
- References: <e65025af-5168-c999-bfc1-7ac614314836@huawei.com> <877exalool.fsf@mid.deneb.enyo.de>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
On 07/09/17 12:43, Florian Weimer wrote:
>> eXecute-Only Memory (XOM) is a protection mechanism against some ROP
>> attacks. XOM sets the code as executable and unreadable, so the
>> access to any data, like literal pools, in the code section causes
>> the fault with XOM. The compiler can disable literal pools for C
>> source files, but not for assembly files, so I use movz/movk instead
>> of literal pools in start.S for XOM.
>
> Isn't the main goal of XOM to make it more difficult for the
> legitimate device owner to view running machine code?
>
> | Execute-only memory allows you to protect your intellectual property
> | by preventing executable code being read by users. For example, you
> | can place firmware in execute-only memory and load user code and
> | drivers separately. Placing the firmware in execute-only memory
> | prevents users from trivially reading the code.
>
> <http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0471m/chr1368698326509.html>
>
> I don't think it's in the interests of the GNU projet to support such
> a thing.
>
even if that's the main use of xom, there might be other uses
and removing data from text might have other uses than xom
(reduce rop gadget possibility?) so i don't think this should
be a problem (the gnu project already supports gazillion
features that can do harm).