Enabling the HIGH_ENTROPY_VA flag allows the operating system to use

addresses outside of the 32-bit range before memory exhaustion. This
results in a higher entropy implementation of ASLR when used with the
DYNAMIC_BASE flag.

	* include/coff/pe.h: Add HIGH_ENTROPY_VA flag
	* ld/emultempl/pep.em: Add --high-entropy-va switch
	* ld/ld.texinfo: Document the --high-entropy-va switch

diff --git a/include/coff/ChangeLog b/include/coff/ChangeLog
index d45ef3d..3f960a3 100644 (file)
--- a/include/coff/ChangeLog
+++ b/include/coff/ChangeLog
@@ -1,3 +1,7 @@
+2014-08-20  Daniel Micay  <danielmicay@gmail.com>
+
+       * pe.h: Add HIGH_ENTROPY_VA flag
+
 2014-04-22  Christian Svensson  <blue@cmd.nu>
 
        * or32.h: Delete.

diff --git a/include/coff/pe.h b/include/coff/pe.h
index 0ed9dde..b0fc707 100644 (file)
--- a/include/coff/pe.h
+++ b/include/coff/pe.h
@@ -40,6 +40,7 @@
 
 /* DllCharacteristics flag bits.  The inconsistent naming may seem
    odd, but that is how they are defined in the PE specification.  */
+#define IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA       0x0020
 #define IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE          0x0040
 #define IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY       0x0080
 #define IMAGE_DLL_CHARACTERISTICS_NX_COMPAT             0x0100
@@ -59,16 +60,16 @@
 
 /* Section characteristics added for ppc-nt.  */
 
-#define IMAGE_SCN_TYPE_NO_PAD                0x00000008  /* Reserved. */
+#define IMAGE_SCN_TYPE_NO_PAD                0x00000008  /* Reserved.  */
 
-#define IMAGE_SCN_CNT_CODE                   0x00000020  /* Section contains code. */
-#define IMAGE_SCN_CNT_INITIALIZED_DATA       0x00000040  /* Section contains initialized data. */
-#define IMAGE_SCN_CNT_UNINITIALIZED_DATA     0x00000080  /* Section contains uninitialized data. */
+#define IMAGE_SCN_CNT_CODE                   0x00000020  /* Section contains code.  */
+#define IMAGE_SCN_CNT_INITIALIZED_DATA       0x00000040  /* Section contains initialized data.  */
+#define IMAGE_SCN_CNT_UNINITIALIZED_DATA     0x00000080  /* Section contains uninitialized data.  */
 
-#define IMAGE_SCN_LNK_OTHER                  0x00000100  /* Reserved. */
-#define IMAGE_SCN_LNK_INFO                   0x00000200  /* Section contains comments or some other type of information. */
-#define IMAGE_SCN_LNK_REMOVE                 0x00000800  /* Section contents will not become part of image. */
-#define IMAGE_SCN_LNK_COMDAT                 0x00001000  /* Section contents comdat. */
+#define IMAGE_SCN_LNK_OTHER                  0x00000100  /* Reserved.  */
+#define IMAGE_SCN_LNK_INFO                   0x00000200  /* Section contains comments or some other type of information.  */
+#define IMAGE_SCN_LNK_REMOVE                 0x00000800  /* Section contents will not become part of image.  */
+#define IMAGE_SCN_LNK_COMDAT                 0x00001000  /* Section contents comdat.  */
 
 #define IMAGE_SCN_MEM_FARDATA                0x00008000
 
@@ -77,7 +78,7 @@
 #define IMAGE_SCN_MEM_LOCKED                 0x00040000
 #define IMAGE_SCN_MEM_PRELOAD                0x00080000
 
-/* Bit position in the s_flags field where the alignment values start. */
+/* Bit position in the s_flags field where the alignment values start.  */
 #define IMAGE_SCN_ALIGN_POWER_BIT_POS       20
 #define IMAGE_SCN_ALIGN_POWER_BIT_MASK      0x00f00000
 #define IMAGE_SCN_ALIGN_POWER_NUM(val)      \
@@ -89,7 +90,7 @@
 #define IMAGE_SCN_ALIGN_2BYTES              IMAGE_SCN_ALIGN_POWER_CONST (1)
 #define IMAGE_SCN_ALIGN_4BYTES              IMAGE_SCN_ALIGN_POWER_CONST (2)
 #define IMAGE_SCN_ALIGN_8BYTES              IMAGE_SCN_ALIGN_POWER_CONST (3)
-/* Default alignment if no others are specified. */
+/* Default alignment if no others are specified.  */
 #define IMAGE_SCN_ALIGN_16BYTES                     IMAGE_SCN_ALIGN_POWER_CONST (4)
 #define IMAGE_SCN_ALIGN_32BYTES                     IMAGE_SCN_ALIGN_POWER_CONST (5)
 #define IMAGE_SCN_ALIGN_64BYTES                     IMAGE_SCN_ALIGN_POWER_CONST (6)
@@ -101,7 +102,7 @@
 #define IMAGE_SCN_ALIGN_4096BYTES           IMAGE_SCN_ALIGN_POWER_CONST (12)
 #define IMAGE_SCN_ALIGN_8192BYTES           IMAGE_SCN_ALIGN_POWER_CONST (13)
 
-/* Encode alignment power into IMAGE_SCN_ALIGN bits of s_flags */
+/* Encode alignment power into IMAGE_SCN_ALIGN bits of s_flags.  */
 #define COFF_ENCODE_ALIGNMENT(SECTION, ALIGNMENT_POWER) \
   ((SECTION).s_flags |= IMAGE_SCN_ALIGN_POWER_CONST ((ALIGNMENT_POWER)))
 
@@ -200,7 +201,7 @@ struct external_PEI_DOS_hdr
 
 struct external_PEI_IMAGE_hdr
 {
-  char nt_signature[4];                /* required NT signature, 0x4550.  */
+  char nt_signature[4];                /* Required NT signature, 0x4550.  */
 
   /* From standard header.  */
   char f_magic[2];             /* Magic number.                */
@@ -239,7 +240,7 @@ struct external_PEI_filehdr
   /* Note: additional bytes may be inserted before the signature.  Use
    the e_lfanew field to find the actual location of the NT signature.  */
 
-  char nt_signature[4];                /* required NT signature, 0x4550.  */
+  char nt_signature[4];                /* Required NT signature, 0x4550.  */
 
   /* From standard header.  */
   char f_magic[2];             /* Magic number.                */
@@ -262,7 +263,7 @@ struct external_PEI_filehdr
 
 #endif /* COFF_IMAGE_WITH_PE */
 
-/* 32-bit PE a.out header: */
+/* 32-bit PE a.out header:  */
 
 typedef struct
 {
@@ -422,14 +423,14 @@ union external_AUX_SYMBOL_EX
 
   struct
   {
-    char Length[4];    /* section length */
-    char NumberOfRelocations[2];       /* # relocation entries */
-    char NumberOfLinenumbers[2];       /* # line numbers */
-    char Checksum[4];             /* section COMDAT checksum         */
-    char Number[2];       /* COMDAT associated section index */
-    char Selection[1];            /* COMDAT selection number         */
+    char Length[4];            /* Section length.  */
+    char NumberOfRelocations[2];/* # relocation entries.  */
+    char NumberOfLinenumbers[2];/* # line numbers.  */
+    char Checksum[4];          /* Section COMDAT checksum.  */
+    char Number[2];            /* COMDAT associated section index.  */
+    char Selection[1];         /* COMDAT selection number.  */
     char bReserved[1];
-    char HighNumber[2];           /* High bits of COMDAT associated sec.  */
+    char HighNumber[2];         /* High bits of COMDAT associated sec.  */
     char rgbReserved[2];
   } Section;
 } ATTRIBUTE_PACKED;
@@ -584,8 +585,9 @@ struct external_pex64_scope_entry
   (PEX64_OFFSET_TO_SCOPE_COUNT(COUNTOFUNWINDCODES) + \
    PEX64_SCOPE_ENTRY_SIZE * (IDX))
 
-/* Extra structure used in debug directory */
-struct external_IMAGE_DEBUG_DIRECTORY {
+/* Extra structure used in debug directory.  */
+struct external_IMAGE_DEBUG_DIRECTORY
+{
   char Characteristics[4];
   char TimeDateStamp[4];
   char MajorVersion[2];
@@ -596,8 +598,8 @@ struct external_IMAGE_DEBUG_DIRECTORY {
   char PointerToRawData[4];
 };
 
-/* Extra structures used in codeview debug record */
-/* This is not part of the PE specification */
+/* Extra structures used in codeview debug record.  */
+/* This is not part of the PE specification.  */
 
 #define CVINFO_PDB70_CVSIGNATURE 0x53445352 // "RSDS"
 #define CVINFO_PDB20_CVSIGNATURE 0x3031424e // "NB10"

diff --git a/ld/ChangeLog b/ld/ChangeLog
index 5f7fed8..24f61ab 100644 (file)
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,8 @@
+2014-08-20  Daniel Micay  <danielmicay@gmail.com>
+
+       * emultempl/pep.em: Add --high-entropy-va switch.
+       * ld.texinfo: Document the --high-entropy-va switch.
+
 2014-08-20  Nick Clifton  <nickc@redhat.com>
 
        * scripttempl/DWARF.sc: Add copyright notice.

diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em
index 916a786..6d56bc3 100644 (file)
--- a/ld/emultempl/pep.em
+++ b/ld/emultempl/pep.em
@@ -237,6 +237,7 @@ enum options
   OPTION_LEADING_UNDERSCORE,
   OPTION_ENABLE_LONG_SECTION_NAMES,
   OPTION_DISABLE_LONG_SECTION_NAMES,
+  OPTION_HIGH_ENTROPY_VA,
   OPTION_DYNAMIC_BASE,
   OPTION_FORCE_INTEGRITY,
   OPTION_NX_COMPAT,
@@ -314,6 +315,7 @@ gld${EMULATION_NAME}_add_options
 #endif
     {"enable-long-section-names", no_argument, NULL, OPTION_ENABLE_LONG_SECTION_NAMES},
     {"disable-long-section-names", no_argument, NULL, OPTION_DISABLE_LONG_SECTION_NAMES},
+    {"high-entropy-va", no_argument, NULL, OPTION_HIGH_ENTROPY_VA},
     {"dynamicbase",no_argument, NULL, OPTION_DYNAMIC_BASE},
     {"forceinteg", no_argument, NULL, OPTION_FORCE_INTEGRITY},
     {"nxcompat", no_argument, NULL, OPTION_NX_COMPAT},
@@ -450,6 +452,8 @@ gld_${EMULATION_NAME}_list_options (FILE *file)
                                        executable image files\n"));
   fprintf (file, _("  --disable-long-section-names       Never use long COFF section names, even\n\
                                        in object files\n"));
+  fprintf (file, _("  --high-entropy-va                  Image is compatible with 64-bit address space\n\
+                                       layout randomization (ASLR)\n"));
   fprintf (file, _("  --dynamicbase                     Image base address may be relocated using\n\
                                       address space layout randomization (ASLR)\n"));
   fprintf (file, _("  --forceinteg              Code integrity checks are enforced\n"));
@@ -804,6 +808,9 @@ gld${EMULATION_NAME}_handle_option (int optc)
       pep_use_coff_long_section_names = 0;
       break;
     /*  Get DLLCharacteristics bits  */
+    case OPTION_HIGH_ENTROPY_VA:
+      pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA;
+      break;
     case OPTION_DYNAMIC_BASE:
       pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE;
       break;

diff --git a/ld/ld.texinfo b/ld/ld.texinfo
index 718a7d0..e71be5e 100644 (file)
--- a/ld/ld.texinfo
+++ b/ld/ld.texinfo
@@ -2655,6 +2655,11 @@ The following options set flags in the @code{DllCharacteristics} field
 of the PE file header:
 [These options are specific to PE targeted ports of the linker]
 
+@kindex --high-entropy-va
+@item --high-entropy-va
+Image is compatible with 64-bit address space layout randomization
+(ASLR).
+
 @kindex --dynamicbase
 @item --dynamicbase
 The image base address may be relocated using address space layout