summaryrefslogtreecommitdiff
path: root/patches/binutils/2.19.1/140-pt-pax-flags-20081101.patch
blob: 26eac68235d407a875cd59666e4ac005e2c71302 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
Original patch from: ../crosstool-NG/ct-ng.trunk/patches/binutils/2.19/140-pt-pax-flags-20081101.patch

-= BEGIN original header =-
Original patch from Gentoo:
gentoo/src/patchsets/binutils/2.19/63_all_binutils-2.19-pt-pax-flags-20081101.patch

-= END original header =-

diff -durN binutils-2.19.1.orig/bfd/elf-bfd.h binutils-2.19.1/bfd/elf-bfd.h
--- binutils-2.19.1.orig/bfd/elf-bfd.h	2008-08-21 01:28:58.000000000 +0200
+++ binutils-2.19.1/bfd/elf-bfd.h	2009-03-08 11:57:02.000000000 +0100
@@ -1526,6 +1526,9 @@
   /* Segment flags for the PT_GNU_STACK segment.  */
   unsigned int stack_flags;
 
+  /* Segment flags for the PT_PAX_FLAGS segment.  */
+  unsigned int pax_flags;
+
   /* Symbol version definitions in external objects.  */
   Elf_Internal_Verdef *verdef;
 
diff -durN binutils-2.19.1.orig/bfd/elf.c binutils-2.19.1/bfd/elf.c
--- binutils-2.19.1.orig/bfd/elf.c	2008-12-23 14:54:48.000000000 +0100
+++ binutils-2.19.1/bfd/elf.c	2009-03-08 11:57:02.000000000 +0100
@@ -1136,6 +1136,7 @@
     case PT_GNU_EH_FRAME: pt = "EH_FRAME"; break;
     case PT_GNU_STACK: pt = "STACK"; break;
     case PT_GNU_RELRO: pt = "RELRO"; break;
+    case PT_PAX_FLAGS: pt = "PAX_FLAGS"; break;
     default: pt = NULL; break;
     }
   return pt;
@@ -2442,6 +2443,9 @@
     case PT_GNU_RELRO:
       return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "relro");
 
+    case PT_PAX_FLAGS:
+      return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "pax_flags");
+
     default:
       /* Check for any processor-specific program segment types.  */
       bed = get_elf_backend_data (abfd);
@@ -3404,6 +3408,11 @@
       ++segs;
     }
 
+    {
+      /* We need a PT_PAX_FLAGS segment.  */
+      ++segs;
+    }
+
   for (s = abfd->sections; s != NULL; s = s->next)
     {
       if ((s->flags & SEC_LOAD) != 0
@@ -3983,6 +3992,20 @@
 	    }
 	}
 
+    {
+      amt = sizeof (struct elf_segment_map);
+      m = bfd_zalloc (abfd, amt);
+      if (m == NULL)
+	goto error_return;
+      m->next = NULL;
+      m->p_type = PT_PAX_FLAGS;
+      m->p_flags = elf_tdata (abfd)->pax_flags;
+      m->p_flags_valid = 1;
+
+      *pm = m;
+      pm = &m->next;
+    }
+
       free (sections);
       elf_tdata (abfd)->segment_map = mfirst;
     }
@@ -5160,7 +5183,8 @@
        6. PT_TLS segment includes only SHF_TLS sections.
        7. SHF_TLS sections are only in PT_TLS or PT_LOAD segments.
        8. PT_DYNAMIC should not contain empty sections at the beginning
-	  (with the possible exception of .dynamic).  */
+	  (with the possible exception of .dynamic).
+       9. PT_PAX_FLAGS segments does not include any sections.  */
 #define IS_SECTION_IN_INPUT_SEGMENT(section, segment, bed)		\
   ((((segment->p_paddr							\
       ? IS_CONTAINED_BY_LMA (section, segment, segment->p_paddr)	\
@@ -5168,6 +5192,7 @@
      && (section->flags & SEC_ALLOC) != 0)				\
     || IS_NOTE (segment, section))					\
    && segment->p_type != PT_GNU_STACK					\
+   && segment->p_type != PT_PAX_FLAGS					\
    && (segment->p_type != PT_TLS					\
        || (section->flags & SEC_THREAD_LOCAL))				\
    && (segment->p_type == PT_LOAD					\
diff -durN binutils-2.19.1.orig/bfd/elflink.c binutils-2.19.1/bfd/elflink.c
--- binutils-2.19.1.orig/bfd/elflink.c	2008-08-22 10:32:39.000000000 +0200
+++ binutils-2.19.1/bfd/elflink.c	2009-03-08 11:57:02.000000000 +0100
@@ -5397,16 +5397,30 @@
     return TRUE;
 
   bed = get_elf_backend_data (output_bfd);
+  elf_tdata (output_bfd)->pax_flags = PF_NORANDEXEC;
+
+  if (info->execheap)
+    elf_tdata (output_bfd)->pax_flags |= PF_NOMPROTECT;
+  else if (info->noexecheap)
+    elf_tdata (output_bfd)->pax_flags |= PF_MPROTECT;
+
   if (info->execstack)
-    elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X;
+    {
+      elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X;
+      elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP;
+    }
   else if (info->noexecstack)
-    elf_tdata (output_bfd)->stack_flags = PF_R | PF_W;
+    {
+      elf_tdata (output_bfd)->stack_flags = PF_R | PF_W;
+      elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP;
+    }
   else
     {
       bfd *inputobj;
       asection *notesec = NULL;
       int exec = 0;
 
+      elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP;
       for (inputobj = info->input_bfds;
 	   inputobj;
 	   inputobj = inputobj->link_next)
@@ -5419,7 +5433,11 @@
 	  if (s)
 	    {
 	      if (s->flags & SEC_CODE)
-		exec = PF_X;
+		{
+		  elf_tdata (output_bfd)->pax_flags &= ~PF_NOEMUTRAMP;
+		  elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP;
+		  exec = PF_X;
+		}
 	      notesec = s;
 	    }
 	  else if (bed->default_execstack)
diff -durN binutils-2.19.1.orig/binutils/readelf.c binutils-2.19.1/binutils/readelf.c
--- binutils-2.19.1.orig/binutils/readelf.c	2008-09-17 11:00:44.000000000 +0200
+++ binutils-2.19.1/binutils/readelf.c	2009-03-08 11:57:02.000000000 +0100
@@ -2505,6 +2505,7 @@
 			return "GNU_EH_FRAME";
     case PT_GNU_STACK:	return "GNU_STACK";
     case PT_GNU_RELRO:  return "GNU_RELRO";
+    case PT_PAX_FLAGS:  return "PAX_FLAGS";
 
     default:
       if ((p_type >= PT_LOPROC) && (p_type <= PT_HIPROC))
diff -durN binutils-2.19.1.orig/include/bfdlink.h binutils-2.19.1/include/bfdlink.h
--- binutils-2.19.1.orig/include/bfdlink.h	2008-08-17 05:12:50.000000000 +0200
+++ binutils-2.19.1/include/bfdlink.h	2009-03-08 11:57:02.000000000 +0100
@@ -319,6 +319,14 @@
   /* TRUE if PT_GNU_RELRO segment should be created.  */
   unsigned int relro: 1;
 
+  /* TRUE if PT_PAX_FLAGS segment should be created with PF_NOMPROTECT
+     flags.  */
+  unsigned int execheap: 1;
+
+  /* TRUE if PT_PAX_FLAGS segment should be created with PF_MPROTECT
+     flags.  */
+  unsigned int noexecheap: 1;
+
   /* TRUE if we should warn when adding a DT_TEXTREL to a shared object.  */
   unsigned int warn_shared_textrel: 1;
 
diff -durN binutils-2.19.1.orig/include/elf/common.h binutils-2.19.1/include/elf/common.h
--- binutils-2.19.1.orig/include/elf/common.h	2008-08-04 01:20:42.000000000 +0200
+++ binutils-2.19.1/include/elf/common.h	2009-03-08 11:57:02.000000000 +0100
@@ -360,6 +360,7 @@
 #define PT_SUNW_EH_FRAME PT_GNU_EH_FRAME      /* Solaris uses the same value */
 #define PT_GNU_STACK	(PT_LOOS + 0x474e551) /* Stack flags */
 #define PT_GNU_RELRO	(PT_LOOS + 0x474e552) /* Read-only after relocation */
+#define PT_PAX_FLAGS	(PT_LOOS + 0x5041580) /* PaX flags */
 
 /* Program segment permissions, in program header p_flags field.  */
 
@@ -370,6 +371,21 @@
 #define PF_MASKOS	0x0FF00000	/* New value, Oct 4, 1999 Draft */
 #define PF_MASKPROC	0xF0000000	/* Processor-specific reserved bits */
 
+/* Flags to control PaX behavior.  */
+
+#define PF_PAGEEXEC	(1 << 4)	/* Enable  PAGEEXEC */
+#define PF_NOPAGEEXEC	(1 << 5)	/* Disable PAGEEXEC */
+#define PF_SEGMEXEC	(1 << 6)	/* Enable  SEGMEXEC */
+#define PF_NOSEGMEXEC	(1 << 7)	/* Disable SEGMEXEC */
+#define PF_MPROTECT	(1 << 8)	/* Enable  MPROTECT */
+#define PF_NOMPROTECT	(1 << 9)	/* Disable MPROTECT */
+#define PF_RANDEXEC	(1 << 10)	/* Enable  RANDEXEC */
+#define PF_NORANDEXEC	(1 << 11)	/* Disable RANDEXEC */
+#define PF_EMUTRAMP	(1 << 12)	/* Enable  EMUTRAMP */
+#define PF_NOEMUTRAMP	(1 << 13)	/* Disable EMUTRAMP */
+#define PF_RANDMMAP	(1 << 14)	/* Enable  RANDMMAP */
+#define PF_NORANDMMAP	(1 << 15)	/* Disable RANDMMAP */
+
 /* Values for section header, sh_type field.  */
 
 #define SHT_NULL	0		/* Section header table entry unused */
diff -durN binutils-2.19.1.orig/ld/emultempl/elf32.em binutils-2.19.1/ld/emultempl/elf32.em
--- binutils-2.19.1.orig/ld/emultempl/elf32.em	2009-03-08 11:57:01.000000000 +0100
+++ binutils-2.19.1/ld/emultempl/elf32.em	2009-03-08 11:57:02.000000000 +0100
@@ -2146,6 +2146,16 @@
 	  link_info.noexecstack = TRUE;
 	  link_info.execstack = FALSE;
 	}
+      else if (strcmp (optarg, "execheap") == 0)
+	{
+	  link_info.execheap = TRUE;
+	  link_info.noexecheap = FALSE;
+	}
+      else if (strcmp (optarg, "noexecheap") == 0)
+	{
+	  link_info.noexecheap = TRUE;
+	  link_info.execheap = FALSE;
+	}
 EOF
 
   if test -n "$COMMONPAGESIZE"; then
@@ -2229,6 +2239,8 @@
   fprintf (file, _("\
   -z execstack                Mark executable as requiring executable stack\n"));
   fprintf (file, _("\
+  -z execheap\t\tMark executable as requiring executable heap\n"));
+  fprintf (file, _("\
   -z initfirst                Mark DSO to be initialized first at runtime\n"));
   fprintf (file, _("\
   -z interpose                Mark object to interpose all DSOs but executable\n"));
@@ -2252,6 +2264,8 @@
   -z nodump                   Mark DSO not available to dldump\n"));
   fprintf (file, _("\
   -z noexecstack              Mark executable as not requiring executable stack\n"));
+  fprintf (file, _("\
+  -z noexecheap\tMark executable as not requiring executable heap\n"));
 EOF
 
   if test -n "$COMMONPAGESIZE"; then
diff -durN binutils-2.19.1.orig/ld/ldgram.y binutils-2.19.1/ld/ldgram.y
--- binutils-2.19.1.orig/ld/ldgram.y	2008-07-06 15:38:36.000000000 +0200
+++ binutils-2.19.1/ld/ldgram.y	2009-03-08 11:57:02.000000000 +0100
@@ -1112,6 +1112,8 @@
 			    $$ = exp_intop (0x6474e550);
 			  else if (strcmp (s, "PT_GNU_STACK") == 0)
 			    $$ = exp_intop (0x6474e551);
+			  else if (strcmp (s, "PT_PAX_FLAGS") == 0)
+			    $$ = exp_intop (0x65041580);
 			  else
 			    {
 			      einfo (_("\