| Message ID | 20210923020207.1414230-1-hjl.tools@gmail.com |
|---|---|
| Headers | show |
| Series | Implement indirect external access | expand |
On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > Changes in the v4 patch. > > 1. Add nodirect_extern_access attribute. > > Changes in the v3 patch. > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to > GNU binutils 2.38. But the -z indirect-extern-access linker option is > only available for Linux/x86. However, the --max-cache-size=SIZE linker > option was also addded within a day. --max-cache-size=SIZE is used to > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > Changes in the v2 patch. > > 1. Rename the option to -fdirect-extern-access. > > --- > On systems with copy relocation: > * A copy in executable is created for the definition in a shared library > at run-time by ld.so. > * The copy is referenced by executable and shared libraries. > * Executable can access the copy directly. > > Issues are: > * Overhead of a copy, time and space, may be visible at run-time. > * Read-only data in the shared library becomes read-write copy in > executable at run-time. > * Local access to data with the STV_PROTECTED visibility in the shared > library must use GOT. > > On systems without function descriptor, function pointers vary depending > on where and how the functions are defined. > * If the function is defined in executable, it can be the address of > function body. > * If the function, including the function with STV_PROTECTED visibility, > is defined in the shared library, it can be the address of the PLT entry > in executable or shared library. > > Issues are: > * The address of function body may not be used as its function pointer. > * ld.so needs to search loaded shared libraries for the function pointer > of the function with STV_PROTECTED visibility. > > Here is a proposal to remove copy relocation and use canonical function > pointer: > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > use GOT. > a. Linker may optimize out GOT access if the data is defined in PIE or > non-PIE. > 2. Read-only data in the shared library remain read-only at run-time > 3. Address of global data with the STV_PROTECTED visibility in the shared > library is the address of data body. > a. Can use IP-relative access. > b. May need GOT without IP-relative access. > 4. For systems without function descriptor, > a. All global function pointers of undefined functions in PIE and > non-PIE must use GOT. Linker may optimize out GOT access if the > function is defined in PIE or non-PIE. > b. Function pointer of functions with the STV_PROTECTED visibility in > executable and shared library is the address of function body. > i. Can use IP-relative access. > ii. May need GOT without IP-relative access. > iii. Branches to undefined functions may use PLT. > 5. Single global definition marker: > > Add GNU_PROPERTY_1_NEEDED: > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > to indicate the needed properties by the object file. > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > to indicate that the object file requires canonical function pointers and > cannot be used with copy relocation. This bit should be cleared in > executable when there are non-GOT or non-PLT relocations in relocatable > input files without this bit set. > > a. Protected symbol access within the shared library can be treated as > local. > b. Copy relocation should be disallowed at link-time and run-time. > c. GOT function pointer reference is required at link-time and run-time. > > The indirect external access marker can be used in the following ways: > > 1. Linker can decide the best way to resolve a relocation against a > protected symbol before seeing all relocations against the symbol. > 2. Dynamic linker can decide if it is an error to have a copy relocation > in executable against the protected symbol in a shared library by checking > if the shared library is built with -fno-direct-extern-access. > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is > the default. With -fno-direct-extern-access: > > 1. Always to use GOT to access undefined symbols, including in PIE and > non-PIE. This is safe to do and does not break the ABI. > 2. In executable and shared library, for symbols with the STV_PROTECTED > visibility: > a. The address of data symbol is the address of data body. > b. For systems without function descriptor, the function pointer is > the address of function body. > These break the ABI and resulting shared libraries may not be compatible > with executables which are not compiled with -fno-direct-extern-access. > 3. Generate an indirect external access marker in relocatable objects if > supported by linker. > > H.J. Lu (2): > Add -f[no-]direct-extern-access > Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE > Hi, This has been implemented in binutils 2.38 and glibc 2.35. What do I need to do to get it into GCC 12? Thanks.
On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > Changes in the v4 patch. > > > > 1. Add nodirect_extern_access attribute. > > > > Changes in the v3 patch. > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to > > GNU binutils 2.38. But the -z indirect-extern-access linker option is > > only available for Linux/x86. However, the --max-cache-size=SIZE linker > > option was also addded within a day. --max-cache-size=SIZE is used to > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > Changes in the v2 patch. > > > > 1. Rename the option to -fdirect-extern-access. > > > > --- > > On systems with copy relocation: > > * A copy in executable is created for the definition in a shared library > > at run-time by ld.so. > > * The copy is referenced by executable and shared libraries. > > * Executable can access the copy directly. > > > > Issues are: > > * Overhead of a copy, time and space, may be visible at run-time. > > * Read-only data in the shared library becomes read-write copy in > > executable at run-time. > > * Local access to data with the STV_PROTECTED visibility in the shared > > library must use GOT. > > > > On systems without function descriptor, function pointers vary depending > > on where and how the functions are defined. > > * If the function is defined in executable, it can be the address of > > function body. > > * If the function, including the function with STV_PROTECTED visibility, > > is defined in the shared library, it can be the address of the PLT entry > > in executable or shared library. > > > > Issues are: > > * The address of function body may not be used as its function pointer. > > * ld.so needs to search loaded shared libraries for the function pointer > > of the function with STV_PROTECTED visibility. > > > > Here is a proposal to remove copy relocation and use canonical function > > pointer: > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > use GOT. > > a. Linker may optimize out GOT access if the data is defined in PIE or > > non-PIE. > > 2. Read-only data in the shared library remain read-only at run-time > > 3. Address of global data with the STV_PROTECTED visibility in the shared > > library is the address of data body. > > a. Can use IP-relative access. > > b. May need GOT without IP-relative access. > > 4. For systems without function descriptor, > > a. All global function pointers of undefined functions in PIE and > > non-PIE must use GOT. Linker may optimize out GOT access if the > > function is defined in PIE or non-PIE. > > b. Function pointer of functions with the STV_PROTECTED visibility in > > executable and shared library is the address of function body. > > i. Can use IP-relative access. > > ii. May need GOT without IP-relative access. > > iii. Branches to undefined functions may use PLT. > > 5. Single global definition marker: > > > > Add GNU_PROPERTY_1_NEEDED: > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > to indicate the needed properties by the object file. > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > to indicate that the object file requires canonical function pointers and > > cannot be used with copy relocation. This bit should be cleared in > > executable when there are non-GOT or non-PLT relocations in relocatable > > input files without this bit set. > > > > a. Protected symbol access within the shared library can be treated as > > local. > > b. Copy relocation should be disallowed at link-time and run-time. > > c. GOT function pointer reference is required at link-time and run-time. > > > > The indirect external access marker can be used in the following ways: > > > > 1. Linker can decide the best way to resolve a relocation against a > > protected symbol before seeing all relocations against the symbol. > > 2. Dynamic linker can decide if it is an error to have a copy relocation > > in executable against the protected symbol in a shared library by checking > > if the shared library is built with -fno-direct-extern-access. > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is > > the default. With -fno-direct-extern-access: > > > > 1. Always to use GOT to access undefined symbols, including in PIE and > > non-PIE. This is safe to do and does not break the ABI. > > 2. In executable and shared library, for symbols with the STV_PROTECTED > > visibility: > > a. The address of data symbol is the address of data body. > > b. For systems without function descriptor, the function pointer is > > the address of function body. > > These break the ABI and resulting shared libraries may not be compatible > > with executables which are not compiled with -fno-direct-extern-access. > > 3. Generate an indirect external access marker in relocatable objects if > > supported by linker. > > > > H.J. Lu (2): > > Add -f[no-]direct-extern-access > > Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE > > > > Hi, > > This has been implemented in binutils 2.38 and glibc 2.35. > What do I need to do to get it into GCC 12? > Hi Richard, Jeff, Can you help review this patch for GCC 12: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html Thanks.
On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > Changes in the v4 patch. > > > > > > 1. Add nodirect_extern_access attribute. > > > > > > Changes in the v3 patch. > > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to > > > GNU binutils 2.38. But the -z indirect-extern-access linker option is > > > only available for Linux/x86. However, the --max-cache-size=SIZE linker > > > option was also addded within a day. --max-cache-size=SIZE is used to > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > > > Changes in the v2 patch. > > > > > > 1. Rename the option to -fdirect-extern-access. > > > > > > --- > > > On systems with copy relocation: > > > * A copy in executable is created for the definition in a shared library > > > at run-time by ld.so. > > > * The copy is referenced by executable and shared libraries. > > > * Executable can access the copy directly. > > > > > > Issues are: > > > * Overhead of a copy, time and space, may be visible at run-time. > > > * Read-only data in the shared library becomes read-write copy in > > > executable at run-time. > > > * Local access to data with the STV_PROTECTED visibility in the shared > > > library must use GOT. > > > > > > On systems without function descriptor, function pointers vary depending > > > on where and how the functions are defined. > > > * If the function is defined in executable, it can be the address of > > > function body. > > > * If the function, including the function with STV_PROTECTED visibility, > > > is defined in the shared library, it can be the address of the PLT entry > > > in executable or shared library. > > > > > > Issues are: > > > * The address of function body may not be used as its function pointer. > > > * ld.so needs to search loaded shared libraries for the function pointer > > > of the function with STV_PROTECTED visibility. > > > > > > Here is a proposal to remove copy relocation and use canonical function > > > pointer: > > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > > use GOT. > > > a. Linker may optimize out GOT access if the data is defined in PIE or > > > non-PIE. > > > 2. Read-only data in the shared library remain read-only at run-time > > > 3. Address of global data with the STV_PROTECTED visibility in the shared > > > library is the address of data body. > > > a. Can use IP-relative access. > > > b. May need GOT without IP-relative access. > > > 4. For systems without function descriptor, > > > a. All global function pointers of undefined functions in PIE and > > > non-PIE must use GOT. Linker may optimize out GOT access if the > > > function is defined in PIE or non-PIE. > > > b. Function pointer of functions with the STV_PROTECTED visibility in > > > executable and shared library is the address of function body. > > > i. Can use IP-relative access. > > > ii. May need GOT without IP-relative access. > > > iii. Branches to undefined functions may use PLT. > > > 5. Single global definition marker: > > > > > > Add GNU_PROPERTY_1_NEEDED: > > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > > > to indicate the needed properties by the object file. > > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > > > to indicate that the object file requires canonical function pointers and > > > cannot be used with copy relocation. This bit should be cleared in > > > executable when there are non-GOT or non-PLT relocations in relocatable > > > input files without this bit set. > > > > > > a. Protected symbol access within the shared library can be treated as > > > local. > > > b. Copy relocation should be disallowed at link-time and run-time. > > > c. GOT function pointer reference is required at link-time and run-time. > > > > > > The indirect external access marker can be used in the following ways: > > > > > > 1. Linker can decide the best way to resolve a relocation against a > > > protected symbol before seeing all relocations against the symbol. > > > 2. Dynamic linker can decide if it is an error to have a copy relocation > > > in executable against the protected symbol in a shared library by checking > > > if the shared library is built with -fno-direct-extern-access. > > > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is > > > the default. With -fno-direct-extern-access: > > > > > > 1. Always to use GOT to access undefined symbols, including in PIE and > > > non-PIE. This is safe to do and does not break the ABI. > > > 2. In executable and shared library, for symbols with the STV_PROTECTED > > > visibility: > > > a. The address of data symbol is the address of data body. > > > b. For systems without function descriptor, the function pointer is > > > the address of function body. > > > These break the ABI and resulting shared libraries may not be compatible > > > with executables which are not compiled with -fno-direct-extern-access. > > > 3. Generate an indirect external access marker in relocatable objects if > > > supported by linker. > > > > > > H.J. Lu (2): > > > Add -f[no-]direct-extern-access > > > Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE > > > > > > > Hi, > > > > This has been implemented in binutils 2.38 and glibc 2.35. > > What do I need to do to get it into GCC 12? > > > > Hi Richard, Jeff, > > Can you help review this patch for GCC 12: > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html > PING.
On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > Changes in the v4 patch. > > > > > > > > 1. Add nodirect_extern_access attribute. > > > > > > > > Changes in the v3 patch. > > > > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to > > > > GNU binutils 2.38. But the -z indirect-extern-access linker option is > > > > only available for Linux/x86. However, the --max-cache-size=SIZE linker > > > > option was also addded within a day. --max-cache-size=SIZE is used to > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > > > > > Changes in the v2 patch. > > > > > > > > 1. Rename the option to -fdirect-extern-access. > > > > > > > > --- > > > > On systems with copy relocation: > > > > * A copy in executable is created for the definition in a shared library > > > > at run-time by ld.so. > > > > * The copy is referenced by executable and shared libraries. > > > > * Executable can access the copy directly. > > > > > > > > Issues are: > > > > * Overhead of a copy, time and space, may be visible at run-time. > > > > * Read-only data in the shared library becomes read-write copy in > > > > executable at run-time. > > > > * Local access to data with the STV_PROTECTED visibility in the shared > > > > library must use GOT. > > > > > > > > On systems without function descriptor, function pointers vary depending > > > > on where and how the functions are defined. > > > > * If the function is defined in executable, it can be the address of > > > > function body. > > > > * If the function, including the function with STV_PROTECTED visibility, > > > > is defined in the shared library, it can be the address of the PLT entry > > > > in executable or shared library. > > > > > > > > Issues are: > > > > * The address of function body may not be used as its function pointer. > > > > * ld.so needs to search loaded shared libraries for the function pointer > > > > of the function with STV_PROTECTED visibility. > > > > > > > > Here is a proposal to remove copy relocation and use canonical function > > > > pointer: > > > > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > > > use GOT. > > > > a. Linker may optimize out GOT access if the data is defined in PIE or > > > > non-PIE. > > > > 2. Read-only data in the shared library remain read-only at run-time > > > > 3. Address of global data with the STV_PROTECTED visibility in the shared > > > > library is the address of data body. > > > > a. Can use IP-relative access. > > > > b. May need GOT without IP-relative access. > > > > 4. For systems without function descriptor, > > > > a. All global function pointers of undefined functions in PIE and > > > > non-PIE must use GOT. Linker may optimize out GOT access if the > > > > function is defined in PIE or non-PIE. > > > > b. Function pointer of functions with the STV_PROTECTED visibility in > > > > executable and shared library is the address of function body. > > > > i. Can use IP-relative access. > > > > ii. May need GOT without IP-relative access. > > > > iii. Branches to undefined functions may use PLT. > > > > 5. Single global definition marker: > > > > > > > > Add GNU_PROPERTY_1_NEEDED: > > > > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > > > > > to indicate the needed properties by the object file. > > > > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > > > > > to indicate that the object file requires canonical function pointers and > > > > cannot be used with copy relocation. This bit should be cleared in > > > > executable when there are non-GOT or non-PLT relocations in relocatable > > > > input files without this bit set. > > > > > > > > a. Protected symbol access within the shared library can be treated as > > > > local. > > > > b. Copy relocation should be disallowed at link-time and run-time. > > > > c. GOT function pointer reference is required at link-time and run-time. > > > > > > > > The indirect external access marker can be used in the following ways: > > > > > > > > 1. Linker can decide the best way to resolve a relocation against a > > > > protected symbol before seeing all relocations against the symbol. > > > > 2. Dynamic linker can decide if it is an error to have a copy relocation > > > > in executable against the protected symbol in a shared library by checking > > > > if the shared library is built with -fno-direct-extern-access. > > > > > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is > > > > the default. With -fno-direct-extern-access: > > > > > > > > 1. Always to use GOT to access undefined symbols, including in PIE and > > > > non-PIE. This is safe to do and does not break the ABI. > > > > 2. In executable and shared library, for symbols with the STV_PROTECTED > > > > visibility: > > > > a. The address of data symbol is the address of data body. > > > > b. For systems without function descriptor, the function pointer is > > > > the address of function body. > > > > These break the ABI and resulting shared libraries may not be compatible > > > > with executables which are not compiled with -fno-direct-extern-access. > > > > 3. Generate an indirect external access marker in relocatable objects if > > > > supported by linker. > > > > > > > > H.J. Lu (2): > > > > Add -f[no-]direct-extern-access > > > > Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE > > > > > > > > > > Hi, > > > > > > This has been implemented in binutils 2.38 and glibc 2.35. > > > What do I need to do to get it into GCC 12? > > > > > > > Hi Richard, Jeff, > > > > Can you help review this patch for GCC 12: > > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html > > > > PING. PING.
On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > > > Changes in the v4 patch. > > > > > > > > > > 1. Add nodirect_extern_access attribute. > > > > > > > > > > Changes in the v3 patch. > > > > > > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to > > > > > GNU binutils 2.38. But the -z indirect-extern-access linker option is > > > > > only available for Linux/x86. However, the --max-cache-size=SIZE linker > > > > > option was also addded within a day. --max-cache-size=SIZE is used to > > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > > > > > > > Changes in the v2 patch. > > > > > > > > > > 1. Rename the option to -fdirect-extern-access. > > > > > > > > > > --- > > > > > On systems with copy relocation: > > > > > * A copy in executable is created for the definition in a shared library > > > > > at run-time by ld.so. > > > > > * The copy is referenced by executable and shared libraries. > > > > > * Executable can access the copy directly. > > > > > > > > > > Issues are: > > > > > * Overhead of a copy, time and space, may be visible at run-time. > > > > > * Read-only data in the shared library becomes read-write copy in > > > > > executable at run-time. > > > > > * Local access to data with the STV_PROTECTED visibility in the shared > > > > > library must use GOT. > > > > > > > > > > On systems without function descriptor, function pointers vary depending > > > > > on where and how the functions are defined. > > > > > * If the function is defined in executable, it can be the address of > > > > > function body. > > > > > * If the function, including the function with STV_PROTECTED visibility, > > > > > is defined in the shared library, it can be the address of the PLT entry > > > > > in executable or shared library. > > > > > > > > > > Issues are: > > > > > * The address of function body may not be used as its function pointer. > > > > > * ld.so needs to search loaded shared libraries for the function pointer > > > > > of the function with STV_PROTECTED visibility. > > > > > > > > > > Here is a proposal to remove copy relocation and use canonical function > > > > > pointer: > > > > > > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > > > > use GOT. > > > > > a. Linker may optimize out GOT access if the data is defined in PIE or > > > > > non-PIE. > > > > > 2. Read-only data in the shared library remain read-only at run-time > > > > > 3. Address of global data with the STV_PROTECTED visibility in the shared > > > > > library is the address of data body. > > > > > a. Can use IP-relative access. > > > > > b. May need GOT without IP-relative access. > > > > > 4. For systems without function descriptor, > > > > > a. All global function pointers of undefined functions in PIE and > > > > > non-PIE must use GOT. Linker may optimize out GOT access if the > > > > > function is defined in PIE or non-PIE. > > > > > b. Function pointer of functions with the STV_PROTECTED visibility in > > > > > executable and shared library is the address of function body. > > > > > i. Can use IP-relative access. > > > > > ii. May need GOT without IP-relative access. > > > > > iii. Branches to undefined functions may use PLT. > > > > > 5. Single global definition marker: > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED: > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > > > > > > > to indicate the needed properties by the object file. > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > > > > > > > to indicate that the object file requires canonical function pointers and > > > > > cannot be used with copy relocation. This bit should be cleared in > > > > > executable when there are non-GOT or non-PLT relocations in relocatable > > > > > input files without this bit set. > > > > > > > > > > a. Protected symbol access within the shared library can be treated as > > > > > local. > > > > > b. Copy relocation should be disallowed at link-time and run-time. > > > > > c. GOT function pointer reference is required at link-time and run-time. > > > > > > > > > > The indirect external access marker can be used in the following ways: > > > > > > > > > > 1. Linker can decide the best way to resolve a relocation against a > > > > > protected symbol before seeing all relocations against the symbol. > > > > > 2. Dynamic linker can decide if it is an error to have a copy relocation > > > > > in executable against the protected symbol in a shared library by checking > > > > > if the shared library is built with -fno-direct-extern-access. > > > > > > > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is > > > > > the default. With -fno-direct-extern-access: > > > > > > > > > > 1. Always to use GOT to access undefined symbols, including in PIE and > > > > > non-PIE. This is safe to do and does not break the ABI. > > > > > 2. In executable and shared library, for symbols with the STV_PROTECTED > > > > > visibility: > > > > > a. The address of data symbol is the address of data body. > > > > > b. For systems without function descriptor, the function pointer is > > > > > the address of function body. > > > > > These break the ABI and resulting shared libraries may not be compatible > > > > > with executables which are not compiled with -fno-direct-extern-access. > > > > > 3. Generate an indirect external access marker in relocatable objects if > > > > > supported by linker. > > > > > > > > > > H.J. Lu (2): > > > > > Add -f[no-]direct-extern-access > > > > > Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE > > > > > > > > > > > > > Hi, > > > > > > > > This has been implemented in binutils 2.38 and glibc 2.35. > > > > What do I need to do to get it into GCC 12? > > > > > > > > > > Hi Richard, Jeff, > > > > > > Can you help review this patch for GCC 12: > > > > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html > > > > > > > PING. > > PING. > PING.
Ping, could a global maintainer take a look at this? On Mon, Jan 03, 2022 at 07:32:25PM -0800, H.J. Lu via Gcc-patches wrote: > On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > > > > > Changes in the v4 patch. > > > > > > > > > > > > 1. Add nodirect_extern_access attribute. > > > > > > > > > > > > Changes in the v3 patch. > > > > > > > > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to > > > > > > GNU binutils 2.38. But the -z indirect-extern-access linker option is > > > > > > only available for Linux/x86. However, the --max-cache-size=SIZE linker > > > > > > option was also addded within a day. --max-cache-size=SIZE is used to > > > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > > > > > > > > > Changes in the v2 patch. > > > > > > > > > > > > 1. Rename the option to -fdirect-extern-access. > > > > > > > > > > > > --- > > > > > > On systems with copy relocation: > > > > > > * A copy in executable is created for the definition in a shared library > > > > > > at run-time by ld.so. > > > > > > * The copy is referenced by executable and shared libraries. > > > > > > * Executable can access the copy directly. > > > > > > > > > > > > Issues are: > > > > > > * Overhead of a copy, time and space, may be visible at run-time. > > > > > > * Read-only data in the shared library becomes read-write copy in > > > > > > executable at run-time. > > > > > > * Local access to data with the STV_PROTECTED visibility in the shared > > > > > > library must use GOT. > > > > > > > > > > > > On systems without function descriptor, function pointers vary depending > > > > > > on where and how the functions are defined. > > > > > > * If the function is defined in executable, it can be the address of > > > > > > function body. > > > > > > * If the function, including the function with STV_PROTECTED visibility, > > > > > > is defined in the shared library, it can be the address of the PLT entry > > > > > > in executable or shared library. > > > > > > > > > > > > Issues are: > > > > > > * The address of function body may not be used as its function pointer. > > > > > > * ld.so needs to search loaded shared libraries for the function pointer > > > > > > of the function with STV_PROTECTED visibility. > > > > > > > > > > > > Here is a proposal to remove copy relocation and use canonical function > > > > > > pointer: > > > > > > > > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > > > > > use GOT. > > > > > > a. Linker may optimize out GOT access if the data is defined in PIE or > > > > > > non-PIE. > > > > > > 2. Read-only data in the shared library remain read-only at run-time > > > > > > 3. Address of global data with the STV_PROTECTED visibility in the shared > > > > > > library is the address of data body. > > > > > > a. Can use IP-relative access. > > > > > > b. May need GOT without IP-relative access. > > > > > > 4. For systems without function descriptor, > > > > > > a. All global function pointers of undefined functions in PIE and > > > > > > non-PIE must use GOT. Linker may optimize out GOT access if the > > > > > > function is defined in PIE or non-PIE. > > > > > > b. Function pointer of functions with the STV_PROTECTED visibility in > > > > > > executable and shared library is the address of function body. > > > > > > i. Can use IP-relative access. > > > > > > ii. May need GOT without IP-relative access. > > > > > > iii. Branches to undefined functions may use PLT. > > > > > > 5. Single global definition marker: > > > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED: > > > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > > > > > > > > > to indicate the needed properties by the object file. > > > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > > > > > > > > > to indicate that the object file requires canonical function pointers and > > > > > > cannot be used with copy relocation. This bit should be cleared in > > > > > > executable when there are non-GOT or non-PLT relocations in relocatable > > > > > > input files without this bit set. > > > > > > > > > > > > a. Protected symbol access within the shared library can be treated as > > > > > > local. > > > > > > b. Copy relocation should be disallowed at link-time and run-time. > > > > > > c. GOT function pointer reference is required at link-time and run-time. > > > > > > > > > > > > The indirect external access marker can be used in the following ways: > > > > > > > > > > > > 1. Linker can decide the best way to resolve a relocation against a > > > > > > protected symbol before seeing all relocations against the symbol. > > > > > > 2. Dynamic linker can decide if it is an error to have a copy relocation > > > > > > in executable against the protected symbol in a shared library by checking > > > > > > if the shared library is built with -fno-direct-extern-access. > > > > > > > > > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is > > > > > > the default. With -fno-direct-extern-access: > > > > > > > > > > > > 1. Always to use GOT to access undefined symbols, including in PIE and > > > > > > non-PIE. This is safe to do and does not break the ABI. > > > > > > 2. In executable and shared library, for symbols with the STV_PROTECTED > > > > > > visibility: > > > > > > a. The address of data symbol is the address of data body. > > > > > > b. For systems without function descriptor, the function pointer is > > > > > > the address of function body. > > > > > > These break the ABI and resulting shared libraries may not be compatible > > > > > > with executables which are not compiled with -fno-direct-extern-access. > > > > > > 3. Generate an indirect external access marker in relocatable objects if > > > > > > supported by linker. > > > > > > > > > > > > H.J. Lu (2): > > > > > > Add -f[no-]direct-extern-access > > > > > > Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > This has been implemented in binutils 2.38 and glibc 2.35. > > > > > What do I need to do to get it into GCC 12? > > > > > > > > > > > > > Hi Richard, Jeff, > > > > > > > > Can you help review this patch for GCC 12: > > > > > > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html > > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html > > > > > > > > > > PING. > > > > PING. > > > > PING. > > > -- > H.J. > Marek
On Mon, Jan 3, 2022 at 7:33 PM H.J. Lu via Gcc-patches <gcc-patches@gcc.gnu.org> wrote: > > On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > > > > > > > Changes in the v4 patch. > > > > > > > > > > > > 1. Add nodirect_extern_access attribute. > > > > > > > > > > > > Changes in the v3 patch. > > > > > > > > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to > > > > > > GNU binutils 2.38. But the -z indirect-extern-access linker option is > > > > > > only available for Linux/x86. However, the --max-cache-size=SIZE linker > > > > > > option was also addded within a day. --max-cache-size=SIZE is used to > > > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > > > > > > > > > Changes in the v2 patch. > > > > > > > > > > > > 1. Rename the option to -fdirect-extern-access. > > > > > > > > > > > > --- > > > > > > On systems with copy relocation: > > > > > > * A copy in executable is created for the definition in a shared library > > > > > > at run-time by ld.so. > > > > > > * The copy is referenced by executable and shared libraries. > > > > > > * Executable can access the copy directly. > > > > > > > > > > > > Issues are: > > > > > > * Overhead of a copy, time and space, may be visible at run-time. > > > > > > * Read-only data in the shared library becomes read-write copy in > > > > > > executable at run-time. > > > > > > * Local access to data with the STV_PROTECTED visibility in the shared > > > > > > library must use GOT. > > > > > > > > > > > > On systems without function descriptor, function pointers vary depending > > > > > > on where and how the functions are defined. > > > > > > * If the function is defined in executable, it can be the address of > > > > > > function body. > > > > > > * If the function, including the function with STV_PROTECTED visibility, > > > > > > is defined in the shared library, it can be the address of the PLT entry > > > > > > in executable or shared library. > > > > > > > > > > > > Issues are: > > > > > > * The address of function body may not be used as its function pointer. > > > > > > * ld.so needs to search loaded shared libraries for the function pointer > > > > > > of the function with STV_PROTECTED visibility. > > > > > > > > > > > > Here is a proposal to remove copy relocation and use canonical function > > > > > > pointer: > > > > > > > > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > > > > > use GOT. > > > > > > a. Linker may optimize out GOT access if the data is defined in PIE or > > > > > > non-PIE. > > > > > > 2. Read-only data in the shared library remain read-only at run-time > > > > > > 3. Address of global data with the STV_PROTECTED visibility in the shared > > > > > > library is the address of data body. > > > > > > a. Can use IP-relative access. > > > > > > b. May need GOT without IP-relative access. > > > > > > 4. For systems without function descriptor, > > > > > > a. All global function pointers of undefined functions in PIE and > > > > > > non-PIE must use GOT. Linker may optimize out GOT access if the > > > > > > function is defined in PIE or non-PIE. > > > > > > b. Function pointer of functions with the STV_PROTECTED visibility in > > > > > > executable and shared library is the address of function body. > > > > > > i. Can use IP-relative access. > > > > > > ii. May need GOT without IP-relative access. > > > > > > iii. Branches to undefined functions may use PLT. > > > > > > 5. Single global definition marker: > > > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED: > > > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > > > > > > > > > to indicate the needed properties by the object file. > > > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > > > > > > > > > to indicate that the object file requires canonical function pointers and > > > > > > cannot be used with copy relocation. This bit should be cleared in > > > > > > executable when there are non-GOT or non-PLT relocations in relocatable > > > > > > input files without this bit set. > > > > > > > > > > > > a. Protected symbol access within the shared library can be treated as > > > > > > local. > > > > > > b. Copy relocation should be disallowed at link-time and run-time. > > > > > > c. GOT function pointer reference is required at link-time and run-time. > > > > > > > > > > > > The indirect external access marker can be used in the following ways: > > > > > > > > > > > > 1. Linker can decide the best way to resolve a relocation against a > > > > > > protected symbol before seeing all relocations against the symbol. > > > > > > 2. Dynamic linker can decide if it is an error to have a copy relocation > > > > > > in executable against the protected symbol in a shared library by checking > > > > > > if the shared library is built with -fno-direct-extern-access. > > > > > > > > > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is > > > > > > the default. With -fno-direct-extern-access: > > > > > > > > > > > > 1. Always to use GOT to access undefined symbols, including in PIE and > > > > > > non-PIE. This is safe to do and does not break the ABI. > > > > > > 2. In executable and shared library, for symbols with the STV_PROTECTED > > > > > > visibility: > > > > > > a. The address of data symbol is the address of data body. > > > > > > b. For systems without function descriptor, the function pointer is > > > > > > the address of function body. > > > > > > These break the ABI and resulting shared libraries may not be compatible > > > > > > with executables which are not compiled with -fno-direct-extern-access. > > > > > > 3. Generate an indirect external access marker in relocatable objects if > > > > > > supported by linker. > > > > > > > > > > > > H.J. Lu (2): > > > > > > Add -f[no-]direct-extern-access > > > > > > Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > This has been implemented in binutils 2.38 and glibc 2.35. > > > > > What do I need to do to get it into GCC 12? > > > > > > > > > > > > > Hi Richard, Jeff, > > > > > > > > Can you help review this patch for GCC 12: > > > > > > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html > > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html > > > > > > > > > > PING. > > > > PING. > > > > PING. > > > -- > H.J. I'll ping https://gcc.gnu.org/pipermail/gcc-patches/2021-May/570139.html ("[PATCH] x86-64: Remove HAVE_LD_PIE_COPYRELOC"), too. It's somewhat related, but simple and useful on its own.... The -fPIE default for x86-64 should be to avoid PC-relative relocations for extern int x; int foo() { return x; } like -fPIC. There should not be any need to specify a compiler driver option to achieve this goal.