<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Feb 1, 2016 at 11:57 AM, Rafael EspĂndola <span dir="ltr"><<a href="mailto:rafael.espindola@gmail.com" target="_blank">rafael.espindola@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 1 February 2016 at 14:46, Sean Silva <<a href="mailto:chisophugis@gmail.com">chisophugis@gmail.com</a>> wrote:<br>
> I think one of the main use cases that has been requested is to be able to<br>
> programmatically call the linker with "known good" object files (i.e.<br>
> produced by the compiler). That simplifies things a lot. Rui's recent<br>
> patches that are thread_local'izing existing globals seems like a<br>
> satisfactory approach. Or am I missing something?<br>
<br>
</span>Yes, known good files are a lot easier to handle. We just have to be<br>
clear what "known good" is.<br>
<span class=""><br>
> The R_X86_64_REX_GOTPCRELX situation can probably be likened to someone<br>
> giving clang a piece of source code with an inline asm that has:<br>
><br>
> .text<br>
> .byte <some garbage><br>
><br>
> in it. We don't guarantee that the output "makes sense" because there's<br>
> really no way for us to know what "makes sense" in a precise way (i.e., a<br>
> way that we can program).<br>
<br>
</span>Would we still be required to check the offsets so we don't crash? An<br>
assembly file can contain<br>
<br>
.reloc 0, R_X86_64_REX_GOTPCRELX, foo<br>
.long 4<br>
<br>
which would put that relocation in an invalid location. In general, is<br>
an arbitrary assembly file to be considered "known good"? Is that true<br>
even for things like<br>
<br>
.section .eh_frame, ....<br>
garbage<br>
<br>
that the linker has to parse?<br></blockquote><div><br></div><div>I think the answer is case-by-case, but I don't think we have to guarantee to recover from errors caused by carefully-crafted malicious object files. (Is there anyone who disagrees with that?)</div></div></div></div>