From 2c3dcc4370f21c9cd09e7c0db9fc82d1b72a7e39 Mon Sep 17 00:00:00 2001 From: Rui Ueyama Date: Mon, 29 Jul 2024 10:52:31 +0900 Subject: [PATCH] Document `--remove-landing-pads` --- docs/mold.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/mold.md b/docs/mold.md index dc8fded67c..7c0eb810c3 100644 --- a/docs/mold.md +++ b/docs/mold.md @@ -180,6 +180,32 @@ but as `-o magic`. This option changes the behavior so that `mold` merges input sections by name by the default section merging rules. +* `--remove-landing-pads`, `--no-remove-landing-pads`: + As a security measure, a few CPU instruction sets have recently gained + support of landing pad instructions. If the feature is enabled, an + _indirect_ branch must "land" on a landing pad instruction, or a CPU-level + fault is raised. In other words, it restricts the locations to which + indirect branch instructions can jump to. The feature makes ROP or JOP + attacks harder to conduct. + + To use the feature, a function whose pointer is taken needs to begin with a + landing pad because a function call via a function pointer is compiled to an + indirect branch. On the other hand, if a function is called only directly + (i.e. referred to only by _direct_ branch instructions), it doesn't have to + begin with it. + + By default, the compiler always emits a landing pad at the beginning of each + global function because it doesn't know whether or not the function's + pointer is taken in another translation unit. As a result, the resulting + binary has more attack surface than necessary. + + If `--remove-landing-pads` is given, mold conducts a whole program analysis + to identify functions whose addresses are actually taken and rewrites + landing pads with no-ops for non-address-taken functions, reducing the + attack surface. + + This feature is currently available only on x86-64. + * `--repro`: Archive input files, as well as a text file containing command line options, in a tar file so that you can run `mold` with the exact same inputs again.