git: d49b75d0d67f - main - Enforce that vdso does not contain runtime relocations

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=d49b75d0d67f86265cfe9b8c83d3749c4a8d3e14

commit d49b75d0d67f86265cfe9b8c83d3749c4a8d3e14
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-12-01 00:35:26 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-12-06 18:47:30 +0000

    Enforce that vdso does not contain runtime relocations
    
    Reviewed by:    emaste
    Discussed with: jrtc27
    Tested by:      pho
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 month
    Differential revision:  https://reviews.freebsd.org/D32960
---
 sys/conf/files.amd64         | 4 ++--
 sys/tools/amd64_ia32_vdso.sh | 7 +++++++
 sys/tools/amd64_vdso.sh      | 7 +++++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64
index cfccbe196f72..263032415f53 100644
--- a/sys/conf/files.amd64
+++ b/sys/conf/files.amd64
@@ -14,13 +14,13 @@ include 	"conf/files.x86"
 #
 elf-vdso.so.o			standard				\
 	dependency	"$S/amd64/amd64/sigtramp.S assym.inc $S/tools/amd64_vdso.sh" \
-	compile-with	"env AWK='${AWK}' NM='${NM}' LD='${LD}' CC='${CC}' OBJCOPY='${OBJCOPY}' S='${S}' sh $S/tools/amd64_vdso.sh" \
+	compile-with	"env AWK='${AWK}' NM='${NM}' LD='${LD}' CC='${CC}' OBJCOPY='${OBJCOPY}' ELFDUMP='${ELFDUMP}' S='${S}' sh $S/tools/amd64_vdso.sh" \
 	no-implicit-rule before-depend	\
 	clean		"elf-vdso.so.o elf-vdso.so.1 vdso_offsets.h sigtramp.pico"
 #
 elf-vdso32.so.o			optional	compat_freebsd32		\
 	dependency	"$S/amd64/ia32/ia32_sigtramp.S ia32_assym.h $S/tools/amd64_ia32_vdso.sh" \
-	compile-with	"env AWK='${AWK}' NM='${NM}' LD='${LD}' CC='${CC}' OBJCOPY='${OBJCOPY}' S='${S}' sh $S/tools/amd64_ia32_vdso.sh" \
+	compile-with	"env AWK='${AWK}' NM='${NM}' LD='${LD}' CC='${CC}' OBJCOPY='${OBJCOPY}' ELFDUMP='${ELFDUMP}' S='${S}' sh $S/tools/amd64_ia32_vdso.sh" \
 	no-implicit-rule before-depend	\
 	clean		"elf-vdso32.so.o elf-vdso32.so.1 vdso_ia32_offsets.h ia32_sigtramp.pico"
 #
diff --git a/sys/tools/amd64_ia32_vdso.sh b/sys/tools/amd64_ia32_vdso.sh
index 7ef630dbaac5..d03249dd4940 100644
--- a/sys/tools/amd64_ia32_vdso.sh
+++ b/sys/tools/amd64_ia32_vdso.sh
@@ -46,6 +46,13 @@ then
     exit 1
 fi
 
+if [ -n "$(${ELFDUMP} -d elf-vdso32.so.1 | \
+  ${AWK} '/DT_REL.*SZ/{print "RELOCS"}')" ]
+then
+    echo "elf-vdso32.so.1 contains runtime relocations" 1>&2
+    exit 1
+fi
+
 ${CC} -x assembler-with-cpp -DLOCORE -fPIC -nostdinc -c \
    -o elf-vdso32.so.o -I. -I"${S}" -include opt_global.h \
    -DVDSO_NAME=elf_vdso32_so_1 -DVDSO_FILE=elf-vdso32.so.1 \
diff --git a/sys/tools/amd64_vdso.sh b/sys/tools/amd64_vdso.sh
index 0bb351192407..8b9871e86802 100644
--- a/sys/tools/amd64_vdso.sh
+++ b/sys/tools/amd64_vdso.sh
@@ -55,6 +55,13 @@ then
     exit 1
 fi
 
+if [ -n "$(${ELFDUMP} -d elf-vdso.so.1 | \
+  ${AWK} '/DT_REL.*SZ/{print "RELOCS"}')" ]
+then
+    echo "elf-vdso.so.1 contains runtime relocations" 1>&2
+    exit 1
+fi
+
 ${CC} -x assembler-with-cpp -DLOCORE -fPIC -nostdinc -c \
    -o elf-vdso.so.o -I. -I"${S}" -include opt_global.h \
    -DVDSO_NAME=elf_vdso_so_1 -DVDSO_FILE=elf-vdso.so.1 \