Regarding no-execute

Question

Regarding no-execute

fwsGonzo opened this issue 5 months ago · 3 comments

This is just a FYI: I've been using mold to link 64-bit RISC-V with no-execute for a while now. I guess this is just a data-point that perhaps you can say that it's not just ARM that works with this feature.

set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=mold -Wl,--quick-exit -Wl,--execute-only")

Is what I have been using. It's working well.
std.txt
There seems to be extra sections, but I don't think there's anything seriously wrong?

From the man-page:

This option marks text segments execute-only. This option currently works only on some ARM64 processors.

Add RISCV64?
EDIT: Can also confirm casual testing of 32-bit RISC-V also works. 👍

Answer 1 · 2024-08-02T19:14:59.000Z

Ah nice. What is your professor by the way? I don't think all RISC-V processors support it.

Answer 2 · 2024-08-02T21:21:22.000Z

This is just my own RISC-V emulator. The CLI has a -X option that enforces execute-only.
I have a unit test for verifying that enforcing execute-only works: https://github.com/libriscv/libriscv/blob/master/tests/unit/verify_elf.cpp#L190-L226

However, the real test has been using it on a wide number of programs, and that has been the case now for 64-bit RISC-V at least. I've been using a few 64-bit RISC-V programs with enforced execute-only for a while now in a larger codebase, so I thought I would mention that it works quite well!

As for 32-bit RISC-V I only linked a nostdlib program just to test it, and it passed. Looking at the sections they looked fine.

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .eh_frame_hdr     PROGBITS        00200154 000154 00000c 00   A  0   0  4
  [ 2] .text             PROGBITS        00201160 000160 000058 00  AX  0   0  4
  [ 3] .got              PROGBITS        002021b8 0001b8 000004 00  WA  0   0  4
  [ 4] .relro_padding    NOBITS          002021bc 0001bc 000e44 00  WA  0   0  1
  [ 5] .data             PROGBITS        002031bc 0001bc 000000 00  WA  0   0  1
  [ 6] .got.plt          PROGBITS        002031bc 0001bc 00000c 00  WA  0   0  4
  [ 7] .bss              NOBITS          002031c8 0001c8 000000 00  WA  0   0  1
  [ 8] .comment          PROGBITS        00000000 0001c8 000083 01  MS  0   0  1
  [ 9] .riscv.attributes RISCV_ATTRIBUTE 00000000 00024b 00006a 00      0   0  1
  [10] .shstrtab         STRTAB          00000000 0002b5 000072 00      0   0  1
  [11] .strtab           STRTAB          00000000 000327 0001f9 00      0   0  1
  [12] .symtab           SYMTAB          00000000 000520 0002c0 10     11  44  4

But no more than that :)

Answer 3 · 2024-08-03T03:09:03.000Z

For the purpose of the manual page, maybe we should write about processors that are commercially-available. That said, maybe we should note that you can use --execute-only on any processors as long as the processor support it. I'll update the manual. Thanks for the info anyway!