[PATCH i-g-t] lib: Inline igt_x86_features() into ifunc resolvers
Matt Turner
mattst88 at gmail.com
Thu Mar 21 18:31:50 UTC 2024
On Thu, Mar 21, 2024 at 2:18 PM Kamil Konieczny
<kamil.konieczny at linux.intel.com> wrote:
>
> Hi Matt,
> On 2024-03-04 at 17:16:40 -0500, Matt Turner wrote:
> > Quoting https://sourceware.org/glibc/wiki/GNU_IFUNC
> >
> > > When LD_BIND_NOW=1 or -Wl,z,now is in effect symbols must be
> > > immediately resolved at startup. In cases where an external function
> > > call depends needs to be made that may fail if such a call has not
> > > been initialized yet (PLT-based relocation which is processed later).
> > > For example calling strlen in an IFUNC resolver built with -Wl,z,now
> > > may lead to a segfault because the PLT is not yet resolved.
> >
>
> Add here (or at begin of patch?) that this is needed for Gentoo/Hardened
> security improving.
Thanks. I'll address the comments and send a v2.
To be clear, it's not *just* Gentoo/Hardened that wants this. E.g.
Fedora switched to -z now by default ages ago (F23 according to
https://fedoraproject.org/wiki/Changes/Harden_All_Packages) and
they've been overriding it for igt specifically since then. See
https://src.fedoraproject.org/rpms/igt-gpu-tools/blob/rawhide/f/igt-gpu-tools.spec#_116
Aside: they also appear to have a script to make git snapshots, likely
indicating that they'd like to have more frequent releases of igt
(like Gentoo would as well).
More information about the igt-dev
mailing list