binary Hardening on linux using Relocation Read-Only (relro)
Florian Weimer
fweimer at redhat.com
Tue Nov 26 08:51:25 UTC 2019
* Claes Redestad:
> On 2019-11-25 18:30, Florian Weimer wrote:
>> That being said, relocation processing for libjvm.so adds a couple of
>> milliseconds to startup, and it looks like their number is growing with
>> each release.
>
> This piqued my interest, so I took a quick look:
>
> readelf --relocs libjvm.so | wc -l
>
> 8: 85635
> 9: 112645
> 11: 105607
> 13: 107912
> jdk/jdk: 106175
>
> 9 saw a big jump, yes, but things look pretty stable since, even
> improving a bit (various cleanups and feature removals..?).
I see slightly higher numbers with the default build flags. The recent
drop by ~1000 relocations is due to the CMS removal.
> Of course improvements in this area would be most welcome (not an area
> I've been paying attention to - maybe I should?)
Unfortunately, I'm not aware of a good tool to gather relocation
statistics with a goal towards avoiding them. Some cases may be easy
changes (e.g., rewriting arrays of character strings).
I suspect that quite a bit is related to C++ vtables.
Thanks,
Florian
More information about the build-dev
mailing list