Enabling the HIGH_ENTROPY_VA flag allows the operating system to use

addresses outside of the 32-bit range before memory exhaustion. This
results in a higher entropy implementation of ASLR when used with the
DYNAMIC_BASE flag.

	* include/coff/pe.h: Add HIGH_ENTROPY_VA flag
	* ld/emultempl/pep.em: Add --high-entropy-va switch
	* ld/ld.texinfo: Document the --high-entropy-va switch
This commit is contained in:
Nick Clifton 2014-08-20 16:10:29 +01:00
parent d36430db79
commit 2d5c3743a3
5 changed files with 48 additions and 25 deletions

View file

@ -1,3 +1,7 @@
2014-08-20 Daniel Micay <danielmicay@gmail.com>
* pe.h: Add HIGH_ENTROPY_VA flag
2014-04-22 Christian Svensson <blue@cmd.nu>
* or32.h: Delete.

View file

@ -40,6 +40,7 @@
/* DllCharacteristics flag bits. The inconsistent naming may seem
odd, but that is how they are defined in the PE specification. */
#define IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA 0x0020
#define IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE 0x0040
#define IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY 0x0080
#define IMAGE_DLL_CHARACTERISTICS_NX_COMPAT 0x0100
@ -59,16 +60,16 @@
/* Section characteristics added for ppc-nt. */
#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* Reserved. */
#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* Reserved. */
#define IMAGE_SCN_CNT_CODE 0x00000020 /* Section contains code. */
#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* Section contains initialized data. */
#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* Section contains uninitialized data. */
#define IMAGE_SCN_CNT_CODE 0x00000020 /* Section contains code. */
#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* Section contains initialized data. */
#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* Section contains uninitialized data. */
#define IMAGE_SCN_LNK_OTHER 0x00000100 /* Reserved. */
#define IMAGE_SCN_LNK_INFO 0x00000200 /* Section contains comments or some other type of information. */
#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* Section contents will not become part of image. */
#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* Section contents comdat. */
#define IMAGE_SCN_LNK_OTHER 0x00000100 /* Reserved. */
#define IMAGE_SCN_LNK_INFO 0x00000200 /* Section contains comments or some other type of information. */
#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* Section contents will not become part of image. */
#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* Section contents comdat. */
#define IMAGE_SCN_MEM_FARDATA 0x00008000
@ -77,7 +78,7 @@
#define IMAGE_SCN_MEM_LOCKED 0x00040000
#define IMAGE_SCN_MEM_PRELOAD 0x00080000
/* Bit position in the s_flags field where the alignment values start. */
/* Bit position in the s_flags field where the alignment values start. */
#define IMAGE_SCN_ALIGN_POWER_BIT_POS 20
#define IMAGE_SCN_ALIGN_POWER_BIT_MASK 0x00f00000
#define IMAGE_SCN_ALIGN_POWER_NUM(val) \
@ -89,7 +90,7 @@
#define IMAGE_SCN_ALIGN_2BYTES IMAGE_SCN_ALIGN_POWER_CONST (1)
#define IMAGE_SCN_ALIGN_4BYTES IMAGE_SCN_ALIGN_POWER_CONST (2)
#define IMAGE_SCN_ALIGN_8BYTES IMAGE_SCN_ALIGN_POWER_CONST (3)
/* Default alignment if no others are specified. */
/* Default alignment if no others are specified. */
#define IMAGE_SCN_ALIGN_16BYTES IMAGE_SCN_ALIGN_POWER_CONST (4)
#define IMAGE_SCN_ALIGN_32BYTES IMAGE_SCN_ALIGN_POWER_CONST (5)
#define IMAGE_SCN_ALIGN_64BYTES IMAGE_SCN_ALIGN_POWER_CONST (6)
@ -101,7 +102,7 @@
#define IMAGE_SCN_ALIGN_4096BYTES IMAGE_SCN_ALIGN_POWER_CONST (12)
#define IMAGE_SCN_ALIGN_8192BYTES IMAGE_SCN_ALIGN_POWER_CONST (13)
/* Encode alignment power into IMAGE_SCN_ALIGN bits of s_flags */
/* Encode alignment power into IMAGE_SCN_ALIGN bits of s_flags. */
#define COFF_ENCODE_ALIGNMENT(SECTION, ALIGNMENT_POWER) \
((SECTION).s_flags |= IMAGE_SCN_ALIGN_POWER_CONST ((ALIGNMENT_POWER)))
@ -200,7 +201,7 @@ struct external_PEI_DOS_hdr
struct external_PEI_IMAGE_hdr
{
char nt_signature[4]; /* required NT signature, 0x4550. */
char nt_signature[4]; /* Required NT signature, 0x4550. */
/* From standard header. */
char f_magic[2]; /* Magic number. */
@ -239,7 +240,7 @@ struct external_PEI_filehdr
/* Note: additional bytes may be inserted before the signature. Use
the e_lfanew field to find the actual location of the NT signature. */
char nt_signature[4]; /* required NT signature, 0x4550. */
char nt_signature[4]; /* Required NT signature, 0x4550. */
/* From standard header. */
char f_magic[2]; /* Magic number. */
@ -262,7 +263,7 @@ struct external_PEI_filehdr
#endif /* COFF_IMAGE_WITH_PE */
/* 32-bit PE a.out header: */
/* 32-bit PE a.out header: */
typedef struct
{
@ -422,14 +423,14 @@ union external_AUX_SYMBOL_EX
struct
{
char Length[4]; /* section length */
char NumberOfRelocations[2]; /* # relocation entries */
char NumberOfLinenumbers[2]; /* # line numbers */
char Checksum[4]; /* section COMDAT checksum */
char Number[2]; /* COMDAT associated section index */
char Selection[1]; /* COMDAT selection number */
char Length[4]; /* Section length. */
char NumberOfRelocations[2];/* # relocation entries. */
char NumberOfLinenumbers[2];/* # line numbers. */
char Checksum[4]; /* Section COMDAT checksum. */
char Number[2]; /* COMDAT associated section index. */
char Selection[1]; /* COMDAT selection number. */
char bReserved[1];
char HighNumber[2]; /* High bits of COMDAT associated sec. */
char HighNumber[2]; /* High bits of COMDAT associated sec. */
char rgbReserved[2];
} Section;
} ATTRIBUTE_PACKED;
@ -584,8 +585,9 @@ struct external_pex64_scope_entry
(PEX64_OFFSET_TO_SCOPE_COUNT(COUNTOFUNWINDCODES) + \
PEX64_SCOPE_ENTRY_SIZE * (IDX))
/* Extra structure used in debug directory */
struct external_IMAGE_DEBUG_DIRECTORY {
/* Extra structure used in debug directory. */
struct external_IMAGE_DEBUG_DIRECTORY
{
char Characteristics[4];
char TimeDateStamp[4];
char MajorVersion[2];
@ -596,8 +598,8 @@ struct external_IMAGE_DEBUG_DIRECTORY {
char PointerToRawData[4];
};
/* Extra structures used in codeview debug record */
/* This is not part of the PE specification */
/* Extra structures used in codeview debug record. */
/* This is not part of the PE specification. */
#define CVINFO_PDB70_CVSIGNATURE 0x53445352 // "RSDS"
#define CVINFO_PDB20_CVSIGNATURE 0x3031424e // "NB10"

View file

@ -1,3 +1,8 @@
2014-08-20 Daniel Micay <danielmicay@gmail.com>
* emultempl/pep.em: Add --high-entropy-va switch.
* ld.texinfo: Document the --high-entropy-va switch.
2014-08-20 Nick Clifton <nickc@redhat.com>
* scripttempl/DWARF.sc: Add copyright notice.

View file

@ -237,6 +237,7 @@ enum options
OPTION_LEADING_UNDERSCORE,
OPTION_ENABLE_LONG_SECTION_NAMES,
OPTION_DISABLE_LONG_SECTION_NAMES,
OPTION_HIGH_ENTROPY_VA,
OPTION_DYNAMIC_BASE,
OPTION_FORCE_INTEGRITY,
OPTION_NX_COMPAT,
@ -314,6 +315,7 @@ gld${EMULATION_NAME}_add_options
#endif
{"enable-long-section-names", no_argument, NULL, OPTION_ENABLE_LONG_SECTION_NAMES},
{"disable-long-section-names", no_argument, NULL, OPTION_DISABLE_LONG_SECTION_NAMES},
{"high-entropy-va", no_argument, NULL, OPTION_HIGH_ENTROPY_VA},
{"dynamicbase",no_argument, NULL, OPTION_DYNAMIC_BASE},
{"forceinteg", no_argument, NULL, OPTION_FORCE_INTEGRITY},
{"nxcompat", no_argument, NULL, OPTION_NX_COMPAT},
@ -450,6 +452,8 @@ gld_${EMULATION_NAME}_list_options (FILE *file)
executable image files\n"));
fprintf (file, _(" --disable-long-section-names Never use long COFF section names, even\n\
in object files\n"));
fprintf (file, _(" --high-entropy-va Image is compatible with 64-bit address space\n\
layout randomization (ASLR)\n"));
fprintf (file, _(" --dynamicbase Image base address may be relocated using\n\
address space layout randomization (ASLR)\n"));
fprintf (file, _(" --forceinteg Code integrity checks are enforced\n"));
@ -804,6 +808,9 @@ gld${EMULATION_NAME}_handle_option (int optc)
pep_use_coff_long_section_names = 0;
break;
/* Get DLLCharacteristics bits */
case OPTION_HIGH_ENTROPY_VA:
pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA;
break;
case OPTION_DYNAMIC_BASE:
pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE;
break;

View file

@ -2655,6 +2655,11 @@ The following options set flags in the @code{DllCharacteristics} field
of the PE file header:
[These options are specific to PE targeted ports of the linker]
@kindex --high-entropy-va
@item --high-entropy-va
Image is compatible with 64-bit address space layout randomization
(ASLR).
@kindex --dynamicbase
@item --dynamicbase
The image base address may be relocated using address space layout