The code is similar to the one at elf/dl-reloc.c, where it checks for
the l_relro_size from the link_map (obtained from PT_GNU_RELRO header
from program headers) and calls_dl_protected_relro.
For testing I will use the ones proposed by Florian's patch
'elf: Add tests for working RELRO protection' [1].
Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
aarch64-linux-gnu, s390x-linux-gnu, and sparc64-linux-gnu. I also
check with --enable-static pie on x86_64-linux-gnu, i686-linux-gnu,
and aarch64-linux-gnu which seems the only architectures where
static PIE is actually working (as per
9d7a3741c9e, on
arm-linux-gnueabihf, powerpc64{le}-linux-gnu, and s390x-linux-gnu
I am seeing runtime issues not related to my patch).
[1] https://sourceware.org/ml/libc-alpha/2019-10/msg00059.html
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
if (_dl_platform != NULL)
_dl_platformlen = strlen (_dl_platform);
- /* Scan for a program header telling us the stack is nonexecutable. */
if (_dl_phdr != NULL)
- for (uint_fast16_t i = 0; i < _dl_phnum; ++i)
- if (_dl_phdr[i].p_type == PT_GNU_STACK)
+ for (const ElfW(Phdr) *ph = _dl_phdr; ph < &_dl_phdr[_dl_phnum]; ++ph)
+ switch (ph->p_type)
{
- _dl_stack_flags = _dl_phdr[i].p_flags;
+ /* Check if the stack is nonexecutable. */
+ case PT_GNU_STACK:
+ _dl_stack_flags = ph->p_flags;
+ break;
+
+ case PT_GNU_RELRO:
+ _dl_main_map.l_relro_addr = ph->p_vaddr;
+ _dl_main_map.l_relro_size = ph->p_memsz;
break;
}
+
+ /* Setup relro on the binary itself. */
+ if (_dl_main_map.l_relro_size != 0)
+ _dl_protect_relro (&_dl_main_map);
}
#ifdef DL_SYSINFO_IMPLEMENTATION