Accepting request 1118582 from devel:tools:compiler
- Update to version 2.3.0
* [x86-64] mold 2.3.0 has introduced an experimental flag, -z rewrite-endbr, which
rewrites superfluous endbr64 instructions as nop.
* endbr64 is a relatively recent x86 instruction used to mark locations where an
indirect jump instruction can transfer control. With control-flow integrity
enabled (meaning endbr64 is effective), an indirect jump can only target an
endbr64 or it will trigger a runtime exception. This mechanism significantly
hinders certain control hijacking attacks, such as ROP or JOP, since attackers
cannot jump to just any location.
* When given the -fcf-protection flag, GCC conservatively places an endbr64 at the
beginning of every global function. This is because the function's address might
be taken as a pointer by other translation units. However, in most cases,
function addresses are not actually taken. This conservative approach results in
an overabundance of unnecessary endbr64 instructions, leading to not only code
bloating but also a potential decrease in security as there are more locations
for an attacker to exploit.
* The new linker option, -z rewrite-endbr, aims to alleviate this issue. The
linker can carry out a whole-program analysis on the input files to identify
functions whose addresses are never taken. If -z rewrite-endbr is specified,
mold will conduct this analysis and replace the initial endbr64 with a nop for
functions whose addresses aren't taken. (17f0d85)
* mold now produces a more compact .gdb_index section when using the --gdb-index
flag. Additionally, mold now generates a correct .gdb_index section for object
files created by Clang. (a396fa4)
* mold is now capable of handling input sections larger than 4 GiB. (0ce32d3)
* [PPC] mold can now generate executables for POWER10 processors. Previously,
executables produced by mold would crash immediately on startup on POWER10.
(0f71471)
* [ARM64] When a function with a non-standard calling convention is exported, it's
mandatory for the linker to turn on the STO_AARCH64_VARIANT_PCS flag to notify
OBS-URL: https://build.opensuse.org/request/show/1118582
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mold?expand=0&rev=34
This commit is contained in:
Ana Guerrero
Git OBS Bridge
commit
167b9596a5
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:78ddddaaa004e50f8d92a13d8e792a46a1b37745fab48d39ad16aeb5a776e7c6
|
|
||||||
size 9956678
|
|
||||||
3
mold-2.3.0.tar.gz
Normal file
3
mold-2.3.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:6cfc1af0214f993be1b0ae4a2f0278d32b7fc48155c15b2d03758f6d81e7250b
|
||||||
|
size 9958893
|
||||||
36
mold.changes
36
mold.changes
@ -1,3 +1,39 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 18 12:34:13 UTC 2023 - Martin Liska <martin.liska@melowntech.com>
|
||||||
|
|
||||||
|
- Update to version 2.3.0
|
||||||
|
* [x86-64] mold 2.3.0 has introduced an experimental flag, -z rewrite-endbr, which
|
||||||
|
rewrites superfluous endbr64 instructions as nop.
|
||||||
|
* endbr64 is a relatively recent x86 instruction used to mark locations where an
|
||||||
|
indirect jump instruction can transfer control. With control-flow integrity
|
||||||
|
enabled (meaning endbr64 is effective), an indirect jump can only target an
|
||||||
|
endbr64 or it will trigger a runtime exception. This mechanism significantly
|
||||||
|
hinders certain control hijacking attacks, such as ROP or JOP, since attackers
|
||||||
|
cannot jump to just any location.
|
||||||
|
* When given the -fcf-protection flag, GCC conservatively places an endbr64 at the
|
||||||
|
beginning of every global function. This is because the function's address might
|
||||||
|
be taken as a pointer by other translation units. However, in most cases,
|
||||||
|
function addresses are not actually taken. This conservative approach results in
|
||||||
|
an overabundance of unnecessary endbr64 instructions, leading to not only code
|
||||||
|
bloating but also a potential decrease in security as there are more locations
|
||||||
|
for an attacker to exploit.
|
||||||
|
* The new linker option, -z rewrite-endbr, aims to alleviate this issue. The
|
||||||
|
linker can carry out a whole-program analysis on the input files to identify
|
||||||
|
functions whose addresses are never taken. If -z rewrite-endbr is specified,
|
||||||
|
mold will conduct this analysis and replace the initial endbr64 with a nop for
|
||||||
|
functions whose addresses aren't taken. (17f0d85)
|
||||||
|
* mold now produces a more compact .gdb_index section when using the --gdb-index
|
||||||
|
flag. Additionally, mold now generates a correct .gdb_index section for object
|
||||||
|
files created by Clang. (a396fa4)
|
||||||
|
* mold is now capable of handling input sections larger than 4 GiB. (0ce32d3)
|
||||||
|
* [PPC] mold can now generate executables for POWER10 processors. Previously,
|
||||||
|
executables produced by mold would crash immediately on startup on POWER10.
|
||||||
|
(0f71471)
|
||||||
|
* [ARM64] When a function with a non-standard calling convention is exported, it's
|
||||||
|
mandatory for the linker to turn on the STO_AARCH64_VARIANT_PCS flag to notify
|
||||||
|
the dynamic linker. mold now appropriately sets this flag. (2e3b56e)
|
||||||
|
* [RISC-V] mold now supports new GP-relative relocations. (ac3ee91)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Sep 26 20:11:13 UTC 2023 - Martin Liška <martin.liska@hey.com>
|
Tue Sep 26 20:11:13 UTC 2023 - Martin Liška <martin.liska@hey.com>
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user