From 0c999a943d15a5c32f872a11c8bf910dbc2020fe4917c3747f6fce7b2bde2d94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Li=C5=A1ka?= Date: Wed, 18 Oct 2023 12:37:33 +0000 Subject: [PATCH] - Update to version 2.3.0 * [x86-64] mold 2.3.0 has introduced an experimental flag, -z rewrite-endbr, which rewrites superfluous endbr64 instructions as nop. * endbr64 is a relatively recent x86 instruction used to mark locations where an indirect jump instruction can transfer control. With control-flow integrity enabled (meaning endbr64 is effective), an indirect jump can only target an endbr64 or it will trigger a runtime exception. This mechanism significantly hinders certain control hijacking attacks, such as ROP or JOP, since attackers cannot jump to just any location. * When given the -fcf-protection flag, GCC conservatively places an endbr64 at the beginning of every global function. This is because the function's address might be taken as a pointer by other translation units. However, in most cases, function addresses are not actually taken. This conservative approach results in an overabundance of unnecessary endbr64 instructions, leading to not only code bloating but also a potential decrease in security as there are more locations for an attacker to exploit. * The new linker option, -z rewrite-endbr, aims to alleviate this issue. The linker can carry out a whole-program analysis on the input files to identify functions whose addresses are never taken. If -z rewrite-endbr is specified, mold will conduct this analysis and replace the initial endbr64 with a nop for functions whose addresses aren't taken. (17f0d85) * mold now produces a more compact .gdb_index section when using the --gdb-index flag. Additionally, mold now generates a correct .gdb_index section for object files created by Clang. (a396fa4) * mold is now capable of handling input sections larger than 4 GiB. (0ce32d3) * [PPC] mold can now generate executables for POWER10 processors. Previously, executables produced by mold would crash immediately on startup on POWER10. (0f71471) * [ARM64] When a function with a non-standard calling convention is exported, it's mandatory for the linker to turn on the STO_AARCH64_VARIANT_PCS flag to notify OBS-URL: https://build.opensuse.org/package/show/devel:tools:compiler/mold?expand=0&rev=98 --- mold-2.2.0.tar.gz | 3 --- mold-2.3.0.tar.gz | 3 +++ mold.changes | 36 ++++++++++++++++++++++++++++++++++++ mold.spec | 2 +- 4 files changed, 40 insertions(+), 4 deletions(-) delete mode 100644 mold-2.2.0.tar.gz create mode 100644 mold-2.3.0.tar.gz diff --git a/mold-2.2.0.tar.gz b/mold-2.2.0.tar.gz deleted file mode 100644 index ea06768..0000000 --- a/mold-2.2.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:78ddddaaa004e50f8d92a13d8e792a46a1b37745fab48d39ad16aeb5a776e7c6 -size 9956678 diff --git a/mold-2.3.0.tar.gz b/mold-2.3.0.tar.gz new file mode 100644 index 0000000..22f7708 --- /dev/null +++ b/mold-2.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6cfc1af0214f993be1b0ae4a2f0278d32b7fc48155c15b2d03758f6d81e7250b +size 9958893 diff --git a/mold.changes b/mold.changes index f0305cf..2e7a93e 100644 --- a/mold.changes +++ b/mold.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Wed Oct 18 12:34:13 UTC 2023 - Martin Liska + +- Update to version 2.3.0 + * [x86-64] mold 2.3.0 has introduced an experimental flag, -z rewrite-endbr, which + rewrites superfluous endbr64 instructions as nop. + * endbr64 is a relatively recent x86 instruction used to mark locations where an + indirect jump instruction can transfer control. With control-flow integrity + enabled (meaning endbr64 is effective), an indirect jump can only target an + endbr64 or it will trigger a runtime exception. This mechanism significantly + hinders certain control hijacking attacks, such as ROP or JOP, since attackers + cannot jump to just any location. + * When given the -fcf-protection flag, GCC conservatively places an endbr64 at the + beginning of every global function. This is because the function's address might + be taken as a pointer by other translation units. However, in most cases, + function addresses are not actually taken. This conservative approach results in + an overabundance of unnecessary endbr64 instructions, leading to not only code + bloating but also a potential decrease in security as there are more locations + for an attacker to exploit. + * The new linker option, -z rewrite-endbr, aims to alleviate this issue. The + linker can carry out a whole-program analysis on the input files to identify + functions whose addresses are never taken. If -z rewrite-endbr is specified, + mold will conduct this analysis and replace the initial endbr64 with a nop for + functions whose addresses aren't taken. (17f0d85) + * mold now produces a more compact .gdb_index section when using the --gdb-index + flag. Additionally, mold now generates a correct .gdb_index section for object + files created by Clang. (a396fa4) + * mold is now capable of handling input sections larger than 4 GiB. (0ce32d3) + * [PPC] mold can now generate executables for POWER10 processors. Previously, + executables produced by mold would crash immediately on startup on POWER10. + (0f71471) + * [ARM64] When a function with a non-standard calling convention is exported, it's + mandatory for the linker to turn on the STO_AARCH64_VARIANT_PCS flag to notify + the dynamic linker. mold now appropriately sets this flag. (2e3b56e) + * [RISC-V] mold now supports new GP-relative relocations. (ac3ee91) + ------------------------------------------------------------------- Tue Sep 26 20:11:13 UTC 2023 - Martin Liška diff --git a/mold.spec b/mold.spec index a1aa178..55c322c 100644 --- a/mold.spec +++ b/mold.spec @@ -17,7 +17,7 @@ Name: mold -Version: 2.2.0 +Version: 2.3.0 Release: 0 Summary: A Modern Linker (mold) License: MIT