mbox series

[v4,0/2] Implement indirect external access

Message ID 20210923020207.1414230-1-hjl.tools@gmail.com
Headers show
Series Implement indirect external access | expand

Message

H.J. Lu Sept. 23, 2021, 2:02 a.m. UTC
Changes in the v4 patch.

1. Add nodirect_extern_access attribute.

Changes in the v3 patch.

1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
GNU binutils 2.38.  But the -z indirect-extern-access linker option is
only available for Linux/x86.  However, the --max-cache-size=SIZE linker
option was also addded within a day.  --max-cache-size=SIZE is used to
check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.

Changes in the v2 patch.

1. Rename the option to -fdirect-extern-access.

---
On systems with copy relocation:
* A copy in executable is created for the definition in a shared library
at run-time by ld.so.
* The copy is referenced by executable and shared libraries.
* Executable can access the copy directly.

Issues are:
* Overhead of a copy, time and space, may be visible at run-time.
* Read-only data in the shared library becomes read-write copy in
executable at run-time.
* Local access to data with the STV_PROTECTED visibility in the shared
library must use GOT.

On systems without function descriptor, function pointers vary depending
on where and how the functions are defined.
* If the function is defined in executable, it can be the address of
function body.
* If the function, including the function with STV_PROTECTED visibility,
is defined in the shared library, it can be the address of the PLT entry
in executable or shared library.

Issues are:
* The address of function body may not be used as its function pointer.
* ld.so needs to search loaded shared libraries for the function pointer
of the function with STV_PROTECTED visibility.

Here is a proposal to remove copy relocation and use canonical function
pointer:

1. Accesses, including in PIE and non-PIE, to undefined symbols must
use GOT.
  a. Linker may optimize out GOT access if the data is defined in PIE or
  non-PIE.
2. Read-only data in the shared library remain read-only at run-time
3. Address of global data with the STV_PROTECTED visibility in the shared
library is the address of data body.
  a. Can use IP-relative access.
  b. May need GOT without IP-relative access.
4. For systems without function descriptor,
  a. All global function pointers of undefined functions in PIE and
  non-PIE must use GOT.  Linker may optimize out GOT access if the
  function is defined in PIE or non-PIE.
  b. Function pointer of functions with the STV_PROTECTED visibility in
  executable and shared library is the address of function body.
   i. Can use IP-relative access.
   ii. May need GOT without IP-relative access.
   iii. Branches to undefined functions may use PLT.
5. Single global definition marker:

Add GNU_PROPERTY_1_NEEDED:

#define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO

to indicate the needed properties by the object file.

Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:

#define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)

to indicate that the object file requires canonical function pointers and
cannot be used with copy relocation.  This bit should be cleared in
executable when there are non-GOT or non-PLT relocations in relocatable
input files without this bit set.

  a. Protected symbol access within the shared library can be treated as
  local.
  b. Copy relocation should be disallowed at link-time and run-time.
  c. GOT function pointer reference is required at link-time and run-time.

The indirect external access marker can be used in the following ways:

1. Linker can decide the best way to resolve a relocation against a
protected symbol before seeing all relocations against the symbol.
2. Dynamic linker can decide if it is an error to have a copy relocation
in executable against the protected symbol in a shared library by checking
if the shared library is built with -fno-direct-extern-access.

Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
the default.  With -fno-direct-extern-access:

1. Always to use GOT to access undefined symbols, including in PIE and
non-PIE.  This is safe to do and does not break the ABI.
2. In executable and shared library, for symbols with the STV_PROTECTED
visibility:
  a. The address of data symbol is the address of data body.
  b. For systems without function descriptor, the function pointer is
  the address of function body.
These break the ABI and resulting shared libraries may not be compatible
with executables which are not compiled with -fno-direct-extern-access.
3. Generate an indirect external access marker in relocatable objects if
supported by linker.

H.J. Lu (2):
  Add -f[no-]direct-extern-access
  Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE

 gcc/c-family/c-attribs.c                    | 34 +++++++++++
 gcc/common.opt                              |  4 ++
 gcc/config.in                               |  7 +++
 gcc/config/i386/gnu-property.c              | 31 ----------
 gcc/config/i386/i386-protos.h               |  2 +-
 gcc/config/i386/i386.c                      | 64 ++++++++++++++++-----
 gcc/configure                               | 27 +++++++++
 gcc/configure.ac                            | 23 ++++++++
 gcc/doc/extend.texi                         |  6 ++
 gcc/doc/invoke.texi                         | 13 +++++
 gcc/doc/tm.texi                             |  5 ++
 gcc/doc/tm.texi.in                          |  2 +
 gcc/output.h                                |  2 +
 gcc/target.def                              |  8 +++
 gcc/testsuite/g++.dg/pr35513-1.C            | 25 ++++++++
 gcc/testsuite/g++.dg/pr35513-2.C            | 53 +++++++++++++++++
 gcc/testsuite/gcc.target/i386/pr35513-10a.c | 17 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-10b.c | 17 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-11a.c | 17 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-11b.c | 17 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-12a.c | 17 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-12b.c | 17 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-1a.c  | 16 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-1b.c  | 16 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-2a.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-2b.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-3a.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-3b.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-4a.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-4b.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-5a.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-5b.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-6a.c  | 14 +++++
 gcc/testsuite/gcc.target/i386/pr35513-6b.c  | 14 +++++
 gcc/testsuite/gcc.target/i386/pr35513-7a.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-7b.c  | 15 +++++
 gcc/testsuite/gcc.target/i386/pr35513-8.c   | 41 +++++++++++++
 gcc/testsuite/gcc.target/i386/pr35513-9a.c  | 17 ++++++
 gcc/testsuite/gcc.target/i386/pr35513-9b.c  | 17 ++++++
 gcc/toplev.c                                |  3 +
 gcc/varasm.c                                | 47 +++++++++++++++
 41 files changed, 697 insertions(+), 46 deletions(-)
 create mode 100644 gcc/testsuite/g++.dg/pr35513-1.C
 create mode 100644 gcc/testsuite/g++.dg/pr35513-2.C
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-10a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-10b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-11a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-11b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-12a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-12b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-1a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-1b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-2a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-2b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-3a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-3b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-4a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-4b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-5a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-5b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-6a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-6b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-7a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-7b.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-8.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-9a.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr35513-9b.c

Comments

H.J. Lu Oct. 21, 2021, 7:56 p.m. UTC | #1
On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> Changes in the v4 patch.
>
> 1. Add nodirect_extern_access attribute.
>
> Changes in the v3 patch.
>
> 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> GNU binutils 2.38.  But the -z indirect-extern-access linker option is
> only available for Linux/x86.  However, the --max-cache-size=SIZE linker
> option was also addded within a day.  --max-cache-size=SIZE is used to
> check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
>
> Changes in the v2 patch.
>
> 1. Rename the option to -fdirect-extern-access.
>
> ---
> On systems with copy relocation:
> * A copy in executable is created for the definition in a shared library
> at run-time by ld.so.
> * The copy is referenced by executable and shared libraries.
> * Executable can access the copy directly.
>
> Issues are:
> * Overhead of a copy, time and space, may be visible at run-time.
> * Read-only data in the shared library becomes read-write copy in
> executable at run-time.
> * Local access to data with the STV_PROTECTED visibility in the shared
> library must use GOT.
>
> On systems without function descriptor, function pointers vary depending
> on where and how the functions are defined.
> * If the function is defined in executable, it can be the address of
> function body.
> * If the function, including the function with STV_PROTECTED visibility,
> is defined in the shared library, it can be the address of the PLT entry
> in executable or shared library.
>
> Issues are:
> * The address of function body may not be used as its function pointer.
> * ld.so needs to search loaded shared libraries for the function pointer
> of the function with STV_PROTECTED visibility.
>
> Here is a proposal to remove copy relocation and use canonical function
> pointer:
>
> 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> use GOT.
>   a. Linker may optimize out GOT access if the data is defined in PIE or
>   non-PIE.
> 2. Read-only data in the shared library remain read-only at run-time
> 3. Address of global data with the STV_PROTECTED visibility in the shared
> library is the address of data body.
>   a. Can use IP-relative access.
>   b. May need GOT without IP-relative access.
> 4. For systems without function descriptor,
>   a. All global function pointers of undefined functions in PIE and
>   non-PIE must use GOT.  Linker may optimize out GOT access if the
>   function is defined in PIE or non-PIE.
>   b. Function pointer of functions with the STV_PROTECTED visibility in
>   executable and shared library is the address of function body.
>    i. Can use IP-relative access.
>    ii. May need GOT without IP-relative access.
>    iii. Branches to undefined functions may use PLT.
> 5. Single global definition marker:
>
> Add GNU_PROPERTY_1_NEEDED:
>
> #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
>
> to indicate the needed properties by the object file.
>
> Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
>
> #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
>
> to indicate that the object file requires canonical function pointers and
> cannot be used with copy relocation.  This bit should be cleared in
> executable when there are non-GOT or non-PLT relocations in relocatable
> input files without this bit set.
>
>   a. Protected symbol access within the shared library can be treated as
>   local.
>   b. Copy relocation should be disallowed at link-time and run-time.
>   c. GOT function pointer reference is required at link-time and run-time.
>
> The indirect external access marker can be used in the following ways:
>
> 1. Linker can decide the best way to resolve a relocation against a
> protected symbol before seeing all relocations against the symbol.
> 2. Dynamic linker can decide if it is an error to have a copy relocation
> in executable against the protected symbol in a shared library by checking
> if the shared library is built with -fno-direct-extern-access.
>
> Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> the default.  With -fno-direct-extern-access:
>
> 1. Always to use GOT to access undefined symbols, including in PIE and
> non-PIE.  This is safe to do and does not break the ABI.
> 2. In executable and shared library, for symbols with the STV_PROTECTED
> visibility:
>   a. The address of data symbol is the address of data body.
>   b. For systems without function descriptor, the function pointer is
>   the address of function body.
> These break the ABI and resulting shared libraries may not be compatible
> with executables which are not compiled with -fno-direct-extern-access.
> 3. Generate an indirect external access marker in relocatable objects if
> supported by linker.
>
> H.J. Lu (2):
>   Add -f[no-]direct-extern-access
>   Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
>

Hi,

This has been implemented in binutils 2.38 and glibc 2.35.
What do I need to do to get it into GCC 12?

Thanks.
H.J. Lu Nov. 1, 2021, 2:02 p.m. UTC | #2
On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > Changes in the v4 patch.
> >
> > 1. Add nodirect_extern_access attribute.
> >
> > Changes in the v3 patch.
> >
> > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> > GNU binutils 2.38.  But the -z indirect-extern-access linker option is
> > only available for Linux/x86.  However, the --max-cache-size=SIZE linker
> > option was also addded within a day.  --max-cache-size=SIZE is used to
> > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
> >
> > Changes in the v2 patch.
> >
> > 1. Rename the option to -fdirect-extern-access.
> >
> > ---
> > On systems with copy relocation:
> > * A copy in executable is created for the definition in a shared library
> > at run-time by ld.so.
> > * The copy is referenced by executable and shared libraries.
> > * Executable can access the copy directly.
> >
> > Issues are:
> > * Overhead of a copy, time and space, may be visible at run-time.
> > * Read-only data in the shared library becomes read-write copy in
> > executable at run-time.
> > * Local access to data with the STV_PROTECTED visibility in the shared
> > library must use GOT.
> >
> > On systems without function descriptor, function pointers vary depending
> > on where and how the functions are defined.
> > * If the function is defined in executable, it can be the address of
> > function body.
> > * If the function, including the function with STV_PROTECTED visibility,
> > is defined in the shared library, it can be the address of the PLT entry
> > in executable or shared library.
> >
> > Issues are:
> > * The address of function body may not be used as its function pointer.
> > * ld.so needs to search loaded shared libraries for the function pointer
> > of the function with STV_PROTECTED visibility.
> >
> > Here is a proposal to remove copy relocation and use canonical function
> > pointer:
> >
> > 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> > use GOT.
> >   a. Linker may optimize out GOT access if the data is defined in PIE or
> >   non-PIE.
> > 2. Read-only data in the shared library remain read-only at run-time
> > 3. Address of global data with the STV_PROTECTED visibility in the shared
> > library is the address of data body.
> >   a. Can use IP-relative access.
> >   b. May need GOT without IP-relative access.
> > 4. For systems without function descriptor,
> >   a. All global function pointers of undefined functions in PIE and
> >   non-PIE must use GOT.  Linker may optimize out GOT access if the
> >   function is defined in PIE or non-PIE.
> >   b. Function pointer of functions with the STV_PROTECTED visibility in
> >   executable and shared library is the address of function body.
> >    i. Can use IP-relative access.
> >    ii. May need GOT without IP-relative access.
> >    iii. Branches to undefined functions may use PLT.
> > 5. Single global definition marker:
> >
> > Add GNU_PROPERTY_1_NEEDED:
> >
> > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
> >
> > to indicate the needed properties by the object file.
> >
> > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
> >
> > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
> >
> > to indicate that the object file requires canonical function pointers and
> > cannot be used with copy relocation.  This bit should be cleared in
> > executable when there are non-GOT or non-PLT relocations in relocatable
> > input files without this bit set.
> >
> >   a. Protected symbol access within the shared library can be treated as
> >   local.
> >   b. Copy relocation should be disallowed at link-time and run-time.
> >   c. GOT function pointer reference is required at link-time and run-time.
> >
> > The indirect external access marker can be used in the following ways:
> >
> > 1. Linker can decide the best way to resolve a relocation against a
> > protected symbol before seeing all relocations against the symbol.
> > 2. Dynamic linker can decide if it is an error to have a copy relocation
> > in executable against the protected symbol in a shared library by checking
> > if the shared library is built with -fno-direct-extern-access.
> >
> > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> > the default.  With -fno-direct-extern-access:
> >
> > 1. Always to use GOT to access undefined symbols, including in PIE and
> > non-PIE.  This is safe to do and does not break the ABI.
> > 2. In executable and shared library, for symbols with the STV_PROTECTED
> > visibility:
> >   a. The address of data symbol is the address of data body.
> >   b. For systems without function descriptor, the function pointer is
> >   the address of function body.
> > These break the ABI and resulting shared libraries may not be compatible
> > with executables which are not compiled with -fno-direct-extern-access.
> > 3. Generate an indirect external access marker in relocatable objects if
> > supported by linker.
> >
> > H.J. Lu (2):
> >   Add -f[no-]direct-extern-access
> >   Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
> >
>
> Hi,
>
> This has been implemented in binutils 2.38 and glibc 2.35.
> What do I need to do to get it into GCC 12?
>

Hi Richard, Jeff,

Can you help review this patch for GCC 12:

https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html
https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html

Thanks.
H.J. Lu Nov. 25, 2021, 5:54 p.m. UTC | #3
On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > >
> > > Changes in the v4 patch.
> > >
> > > 1. Add nodirect_extern_access attribute.
> > >
> > > Changes in the v3 patch.
> > >
> > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> > > GNU binutils 2.38.  But the -z indirect-extern-access linker option is
> > > only available for Linux/x86.  However, the --max-cache-size=SIZE linker
> > > option was also addded within a day.  --max-cache-size=SIZE is used to
> > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
> > >
> > > Changes in the v2 patch.
> > >
> > > 1. Rename the option to -fdirect-extern-access.
> > >
> > > ---
> > > On systems with copy relocation:
> > > * A copy in executable is created for the definition in a shared library
> > > at run-time by ld.so.
> > > * The copy is referenced by executable and shared libraries.
> > > * Executable can access the copy directly.
> > >
> > > Issues are:
> > > * Overhead of a copy, time and space, may be visible at run-time.
> > > * Read-only data in the shared library becomes read-write copy in
> > > executable at run-time.
> > > * Local access to data with the STV_PROTECTED visibility in the shared
> > > library must use GOT.
> > >
> > > On systems without function descriptor, function pointers vary depending
> > > on where and how the functions are defined.
> > > * If the function is defined in executable, it can be the address of
> > > function body.
> > > * If the function, including the function with STV_PROTECTED visibility,
> > > is defined in the shared library, it can be the address of the PLT entry
> > > in executable or shared library.
> > >
> > > Issues are:
> > > * The address of function body may not be used as its function pointer.
> > > * ld.so needs to search loaded shared libraries for the function pointer
> > > of the function with STV_PROTECTED visibility.
> > >
> > > Here is a proposal to remove copy relocation and use canonical function
> > > pointer:
> > >
> > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> > > use GOT.
> > >   a. Linker may optimize out GOT access if the data is defined in PIE or
> > >   non-PIE.
> > > 2. Read-only data in the shared library remain read-only at run-time
> > > 3. Address of global data with the STV_PROTECTED visibility in the shared
> > > library is the address of data body.
> > >   a. Can use IP-relative access.
> > >   b. May need GOT without IP-relative access.
> > > 4. For systems without function descriptor,
> > >   a. All global function pointers of undefined functions in PIE and
> > >   non-PIE must use GOT.  Linker may optimize out GOT access if the
> > >   function is defined in PIE or non-PIE.
> > >   b. Function pointer of functions with the STV_PROTECTED visibility in
> > >   executable and shared library is the address of function body.
> > >    i. Can use IP-relative access.
> > >    ii. May need GOT without IP-relative access.
> > >    iii. Branches to undefined functions may use PLT.
> > > 5. Single global definition marker:
> > >
> > > Add GNU_PROPERTY_1_NEEDED:
> > >
> > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
> > >
> > > to indicate the needed properties by the object file.
> > >
> > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
> > >
> > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
> > >
> > > to indicate that the object file requires canonical function pointers and
> > > cannot be used with copy relocation.  This bit should be cleared in
> > > executable when there are non-GOT or non-PLT relocations in relocatable
> > > input files without this bit set.
> > >
> > >   a. Protected symbol access within the shared library can be treated as
> > >   local.
> > >   b. Copy relocation should be disallowed at link-time and run-time.
> > >   c. GOT function pointer reference is required at link-time and run-time.
> > >
> > > The indirect external access marker can be used in the following ways:
> > >
> > > 1. Linker can decide the best way to resolve a relocation against a
> > > protected symbol before seeing all relocations against the symbol.
> > > 2. Dynamic linker can decide if it is an error to have a copy relocation
> > > in executable against the protected symbol in a shared library by checking
> > > if the shared library is built with -fno-direct-extern-access.
> > >
> > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> > > the default.  With -fno-direct-extern-access:
> > >
> > > 1. Always to use GOT to access undefined symbols, including in PIE and
> > > non-PIE.  This is safe to do and does not break the ABI.
> > > 2. In executable and shared library, for symbols with the STV_PROTECTED
> > > visibility:
> > >   a. The address of data symbol is the address of data body.
> > >   b. For systems without function descriptor, the function pointer is
> > >   the address of function body.
> > > These break the ABI and resulting shared libraries may not be compatible
> > > with executables which are not compiled with -fno-direct-extern-access.
> > > 3. Generate an indirect external access marker in relocatable objects if
> > > supported by linker.
> > >
> > > H.J. Lu (2):
> > >   Add -f[no-]direct-extern-access
> > >   Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
> > >
> >
> > Hi,
> >
> > This has been implemented in binutils 2.38 and glibc 2.35.
> > What do I need to do to get it into GCC 12?
> >
>
> Hi Richard, Jeff,
>
> Can you help review this patch for GCC 12:
>
> https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html
> https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html
>

PING.
H.J. Lu Dec. 11, 2021, 6:44 p.m. UTC | #4
On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > >
> > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > >
> > > > Changes in the v4 patch.
> > > >
> > > > 1. Add nodirect_extern_access attribute.
> > > >
> > > > Changes in the v3 patch.
> > > >
> > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> > > > GNU binutils 2.38.  But the -z indirect-extern-access linker option is
> > > > only available for Linux/x86.  However, the --max-cache-size=SIZE linker
> > > > option was also addded within a day.  --max-cache-size=SIZE is used to
> > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
> > > >
> > > > Changes in the v2 patch.
> > > >
> > > > 1. Rename the option to -fdirect-extern-access.
> > > >
> > > > ---
> > > > On systems with copy relocation:
> > > > * A copy in executable is created for the definition in a shared library
> > > > at run-time by ld.so.
> > > > * The copy is referenced by executable and shared libraries.
> > > > * Executable can access the copy directly.
> > > >
> > > > Issues are:
> > > > * Overhead of a copy, time and space, may be visible at run-time.
> > > > * Read-only data in the shared library becomes read-write copy in
> > > > executable at run-time.
> > > > * Local access to data with the STV_PROTECTED visibility in the shared
> > > > library must use GOT.
> > > >
> > > > On systems without function descriptor, function pointers vary depending
> > > > on where and how the functions are defined.
> > > > * If the function is defined in executable, it can be the address of
> > > > function body.
> > > > * If the function, including the function with STV_PROTECTED visibility,
> > > > is defined in the shared library, it can be the address of the PLT entry
> > > > in executable or shared library.
> > > >
> > > > Issues are:
> > > > * The address of function body may not be used as its function pointer.
> > > > * ld.so needs to search loaded shared libraries for the function pointer
> > > > of the function with STV_PROTECTED visibility.
> > > >
> > > > Here is a proposal to remove copy relocation and use canonical function
> > > > pointer:
> > > >
> > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> > > > use GOT.
> > > >   a. Linker may optimize out GOT access if the data is defined in PIE or
> > > >   non-PIE.
> > > > 2. Read-only data in the shared library remain read-only at run-time
> > > > 3. Address of global data with the STV_PROTECTED visibility in the shared
> > > > library is the address of data body.
> > > >   a. Can use IP-relative access.
> > > >   b. May need GOT without IP-relative access.
> > > > 4. For systems without function descriptor,
> > > >   a. All global function pointers of undefined functions in PIE and
> > > >   non-PIE must use GOT.  Linker may optimize out GOT access if the
> > > >   function is defined in PIE or non-PIE.
> > > >   b. Function pointer of functions with the STV_PROTECTED visibility in
> > > >   executable and shared library is the address of function body.
> > > >    i. Can use IP-relative access.
> > > >    ii. May need GOT without IP-relative access.
> > > >    iii. Branches to undefined functions may use PLT.
> > > > 5. Single global definition marker:
> > > >
> > > > Add GNU_PROPERTY_1_NEEDED:
> > > >
> > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
> > > >
> > > > to indicate the needed properties by the object file.
> > > >
> > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
> > > >
> > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
> > > >
> > > > to indicate that the object file requires canonical function pointers and
> > > > cannot be used with copy relocation.  This bit should be cleared in
> > > > executable when there are non-GOT or non-PLT relocations in relocatable
> > > > input files without this bit set.
> > > >
> > > >   a. Protected symbol access within the shared library can be treated as
> > > >   local.
> > > >   b. Copy relocation should be disallowed at link-time and run-time.
> > > >   c. GOT function pointer reference is required at link-time and run-time.
> > > >
> > > > The indirect external access marker can be used in the following ways:
> > > >
> > > > 1. Linker can decide the best way to resolve a relocation against a
> > > > protected symbol before seeing all relocations against the symbol.
> > > > 2. Dynamic linker can decide if it is an error to have a copy relocation
> > > > in executable against the protected symbol in a shared library by checking
> > > > if the shared library is built with -fno-direct-extern-access.
> > > >
> > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> > > > the default.  With -fno-direct-extern-access:
> > > >
> > > > 1. Always to use GOT to access undefined symbols, including in PIE and
> > > > non-PIE.  This is safe to do and does not break the ABI.
> > > > 2. In executable and shared library, for symbols with the STV_PROTECTED
> > > > visibility:
> > > >   a. The address of data symbol is the address of data body.
> > > >   b. For systems without function descriptor, the function pointer is
> > > >   the address of function body.
> > > > These break the ABI and resulting shared libraries may not be compatible
> > > > with executables which are not compiled with -fno-direct-extern-access.
> > > > 3. Generate an indirect external access marker in relocatable objects if
> > > > supported by linker.
> > > >
> > > > H.J. Lu (2):
> > > >   Add -f[no-]direct-extern-access
> > > >   Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
> > > >
> > >
> > > Hi,
> > >
> > > This has been implemented in binutils 2.38 and glibc 2.35.
> > > What do I need to do to get it into GCC 12?
> > >
> >
> > Hi Richard, Jeff,
> >
> > Can you help review this patch for GCC 12:
> >
> > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html
> > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html
> >
>
> PING.

PING.
H.J. Lu Jan. 4, 2022, 3:32 a.m. UTC | #5
On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> > >
> > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > >
> > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > > >
> > > > > Changes in the v4 patch.
> > > > >
> > > > > 1. Add nodirect_extern_access attribute.
> > > > >
> > > > > Changes in the v3 patch.
> > > > >
> > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> > > > > GNU binutils 2.38.  But the -z indirect-extern-access linker option is
> > > > > only available for Linux/x86.  However, the --max-cache-size=SIZE linker
> > > > > option was also addded within a day.  --max-cache-size=SIZE is used to
> > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
> > > > >
> > > > > Changes in the v2 patch.
> > > > >
> > > > > 1. Rename the option to -fdirect-extern-access.
> > > > >
> > > > > ---
> > > > > On systems with copy relocation:
> > > > > * A copy in executable is created for the definition in a shared library
> > > > > at run-time by ld.so.
> > > > > * The copy is referenced by executable and shared libraries.
> > > > > * Executable can access the copy directly.
> > > > >
> > > > > Issues are:
> > > > > * Overhead of a copy, time and space, may be visible at run-time.
> > > > > * Read-only data in the shared library becomes read-write copy in
> > > > > executable at run-time.
> > > > > * Local access to data with the STV_PROTECTED visibility in the shared
> > > > > library must use GOT.
> > > > >
> > > > > On systems without function descriptor, function pointers vary depending
> > > > > on where and how the functions are defined.
> > > > > * If the function is defined in executable, it can be the address of
> > > > > function body.
> > > > > * If the function, including the function with STV_PROTECTED visibility,
> > > > > is defined in the shared library, it can be the address of the PLT entry
> > > > > in executable or shared library.
> > > > >
> > > > > Issues are:
> > > > > * The address of function body may not be used as its function pointer.
> > > > > * ld.so needs to search loaded shared libraries for the function pointer
> > > > > of the function with STV_PROTECTED visibility.
> > > > >
> > > > > Here is a proposal to remove copy relocation and use canonical function
> > > > > pointer:
> > > > >
> > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> > > > > use GOT.
> > > > >   a. Linker may optimize out GOT access if the data is defined in PIE or
> > > > >   non-PIE.
> > > > > 2. Read-only data in the shared library remain read-only at run-time
> > > > > 3. Address of global data with the STV_PROTECTED visibility in the shared
> > > > > library is the address of data body.
> > > > >   a. Can use IP-relative access.
> > > > >   b. May need GOT without IP-relative access.
> > > > > 4. For systems without function descriptor,
> > > > >   a. All global function pointers of undefined functions in PIE and
> > > > >   non-PIE must use GOT.  Linker may optimize out GOT access if the
> > > > >   function is defined in PIE or non-PIE.
> > > > >   b. Function pointer of functions with the STV_PROTECTED visibility in
> > > > >   executable and shared library is the address of function body.
> > > > >    i. Can use IP-relative access.
> > > > >    ii. May need GOT without IP-relative access.
> > > > >    iii. Branches to undefined functions may use PLT.
> > > > > 5. Single global definition marker:
> > > > >
> > > > > Add GNU_PROPERTY_1_NEEDED:
> > > > >
> > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
> > > > >
> > > > > to indicate the needed properties by the object file.
> > > > >
> > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
> > > > >
> > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
> > > > >
> > > > > to indicate that the object file requires canonical function pointers and
> > > > > cannot be used with copy relocation.  This bit should be cleared in
> > > > > executable when there are non-GOT or non-PLT relocations in relocatable
> > > > > input files without this bit set.
> > > > >
> > > > >   a. Protected symbol access within the shared library can be treated as
> > > > >   local.
> > > > >   b. Copy relocation should be disallowed at link-time and run-time.
> > > > >   c. GOT function pointer reference is required at link-time and run-time.
> > > > >
> > > > > The indirect external access marker can be used in the following ways:
> > > > >
> > > > > 1. Linker can decide the best way to resolve a relocation against a
> > > > > protected symbol before seeing all relocations against the symbol.
> > > > > 2. Dynamic linker can decide if it is an error to have a copy relocation
> > > > > in executable against the protected symbol in a shared library by checking
> > > > > if the shared library is built with -fno-direct-extern-access.
> > > > >
> > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> > > > > the default.  With -fno-direct-extern-access:
> > > > >
> > > > > 1. Always to use GOT to access undefined symbols, including in PIE and
> > > > > non-PIE.  This is safe to do and does not break the ABI.
> > > > > 2. In executable and shared library, for symbols with the STV_PROTECTED
> > > > > visibility:
> > > > >   a. The address of data symbol is the address of data body.
> > > > >   b. For systems without function descriptor, the function pointer is
> > > > >   the address of function body.
> > > > > These break the ABI and resulting shared libraries may not be compatible
> > > > > with executables which are not compiled with -fno-direct-extern-access.
> > > > > 3. Generate an indirect external access marker in relocatable objects if
> > > > > supported by linker.
> > > > >
> > > > > H.J. Lu (2):
> > > > >   Add -f[no-]direct-extern-access
> > > > >   Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
> > > > >
> > > >
> > > > Hi,
> > > >
> > > > This has been implemented in binutils 2.38 and glibc 2.35.
> > > > What do I need to do to get it into GCC 12?
> > > >
> > >
> > > Hi Richard, Jeff,
> > >
> > > Can you help review this patch for GCC 12:
> > >
> > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html
> > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html
> > >
> >
> > PING.
>
> PING.
>

PING.
Marek Polacek Jan. 17, 2022, 7:23 p.m. UTC | #6
Ping, could a global maintainer take a look at this?

On Mon, Jan 03, 2022 at 07:32:25PM -0800, H.J. Lu via Gcc-patches wrote:
> On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> > >
> > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > >
> > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > > >
> > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > > > >
> > > > > > Changes in the v4 patch.
> > > > > >
> > > > > > 1. Add nodirect_extern_access attribute.
> > > > > >
> > > > > > Changes in the v3 patch.
> > > > > >
> > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> > > > > > GNU binutils 2.38.  But the -z indirect-extern-access linker option is
> > > > > > only available for Linux/x86.  However, the --max-cache-size=SIZE linker
> > > > > > option was also addded within a day.  --max-cache-size=SIZE is used to
> > > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
> > > > > >
> > > > > > Changes in the v2 patch.
> > > > > >
> > > > > > 1. Rename the option to -fdirect-extern-access.
> > > > > >
> > > > > > ---
> > > > > > On systems with copy relocation:
> > > > > > * A copy in executable is created for the definition in a shared library
> > > > > > at run-time by ld.so.
> > > > > > * The copy is referenced by executable and shared libraries.
> > > > > > * Executable can access the copy directly.
> > > > > >
> > > > > > Issues are:
> > > > > > * Overhead of a copy, time and space, may be visible at run-time.
> > > > > > * Read-only data in the shared library becomes read-write copy in
> > > > > > executable at run-time.
> > > > > > * Local access to data with the STV_PROTECTED visibility in the shared
> > > > > > library must use GOT.
> > > > > >
> > > > > > On systems without function descriptor, function pointers vary depending
> > > > > > on where and how the functions are defined.
> > > > > > * If the function is defined in executable, it can be the address of
> > > > > > function body.
> > > > > > * If the function, including the function with STV_PROTECTED visibility,
> > > > > > is defined in the shared library, it can be the address of the PLT entry
> > > > > > in executable or shared library.
> > > > > >
> > > > > > Issues are:
> > > > > > * The address of function body may not be used as its function pointer.
> > > > > > * ld.so needs to search loaded shared libraries for the function pointer
> > > > > > of the function with STV_PROTECTED visibility.
> > > > > >
> > > > > > Here is a proposal to remove copy relocation and use canonical function
> > > > > > pointer:
> > > > > >
> > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> > > > > > use GOT.
> > > > > >   a. Linker may optimize out GOT access if the data is defined in PIE or
> > > > > >   non-PIE.
> > > > > > 2. Read-only data in the shared library remain read-only at run-time
> > > > > > 3. Address of global data with the STV_PROTECTED visibility in the shared
> > > > > > library is the address of data body.
> > > > > >   a. Can use IP-relative access.
> > > > > >   b. May need GOT without IP-relative access.
> > > > > > 4. For systems without function descriptor,
> > > > > >   a. All global function pointers of undefined functions in PIE and
> > > > > >   non-PIE must use GOT.  Linker may optimize out GOT access if the
> > > > > >   function is defined in PIE or non-PIE.
> > > > > >   b. Function pointer of functions with the STV_PROTECTED visibility in
> > > > > >   executable and shared library is the address of function body.
> > > > > >    i. Can use IP-relative access.
> > > > > >    ii. May need GOT without IP-relative access.
> > > > > >    iii. Branches to undefined functions may use PLT.
> > > > > > 5. Single global definition marker:
> > > > > >
> > > > > > Add GNU_PROPERTY_1_NEEDED:
> > > > > >
> > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
> > > > > >
> > > > > > to indicate the needed properties by the object file.
> > > > > >
> > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
> > > > > >
> > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
> > > > > >
> > > > > > to indicate that the object file requires canonical function pointers and
> > > > > > cannot be used with copy relocation.  This bit should be cleared in
> > > > > > executable when there are non-GOT or non-PLT relocations in relocatable
> > > > > > input files without this bit set.
> > > > > >
> > > > > >   a. Protected symbol access within the shared library can be treated as
> > > > > >   local.
> > > > > >   b. Copy relocation should be disallowed at link-time and run-time.
> > > > > >   c. GOT function pointer reference is required at link-time and run-time.
> > > > > >
> > > > > > The indirect external access marker can be used in the following ways:
> > > > > >
> > > > > > 1. Linker can decide the best way to resolve a relocation against a
> > > > > > protected symbol before seeing all relocations against the symbol.
> > > > > > 2. Dynamic linker can decide if it is an error to have a copy relocation
> > > > > > in executable against the protected symbol in a shared library by checking
> > > > > > if the shared library is built with -fno-direct-extern-access.
> > > > > >
> > > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> > > > > > the default.  With -fno-direct-extern-access:
> > > > > >
> > > > > > 1. Always to use GOT to access undefined symbols, including in PIE and
> > > > > > non-PIE.  This is safe to do and does not break the ABI.
> > > > > > 2. In executable and shared library, for symbols with the STV_PROTECTED
> > > > > > visibility:
> > > > > >   a. The address of data symbol is the address of data body.
> > > > > >   b. For systems without function descriptor, the function pointer is
> > > > > >   the address of function body.
> > > > > > These break the ABI and resulting shared libraries may not be compatible
> > > > > > with executables which are not compiled with -fno-direct-extern-access.
> > > > > > 3. Generate an indirect external access marker in relocatable objects if
> > > > > > supported by linker.
> > > > > >
> > > > > > H.J. Lu (2):
> > > > > >   Add -f[no-]direct-extern-access
> > > > > >   Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
> > > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > This has been implemented in binutils 2.38 and glibc 2.35.
> > > > > What do I need to do to get it into GCC 12?
> > > > >
> > > >
> > > > Hi Richard, Jeff,
> > > >
> > > > Can you help review this patch for GCC 12:
> > > >
> > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html
> > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html
> > > >
> > >
> > > PING.
> >
> > PING.
> >
> 
> PING.
> 
> 
> -- 
> H.J.
> 

Marek
Fangrui Song Feb. 9, 2022, 6:44 a.m. UTC | #7
On Mon, Jan 3, 2022 at 7:33 PM H.J. Lu via Gcc-patches
<gcc-patches@gcc.gnu.org> wrote:
>
> On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> > >
> > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > >
> > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > > >
> > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > > > >
> > > > > > Changes in the v4 patch.
> > > > > >
> > > > > > 1. Add nodirect_extern_access attribute.
> > > > > >
> > > > > > Changes in the v3 patch.
> > > > > >
> > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> > > > > > GNU binutils 2.38.  But the -z indirect-extern-access linker option is
> > > > > > only available for Linux/x86.  However, the --max-cache-size=SIZE linker
> > > > > > option was also addded within a day.  --max-cache-size=SIZE is used to
> > > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
> > > > > >
> > > > > > Changes in the v2 patch.
> > > > > >
> > > > > > 1. Rename the option to -fdirect-extern-access.
> > > > > >
> > > > > > ---
> > > > > > On systems with copy relocation:
> > > > > > * A copy in executable is created for the definition in a shared library
> > > > > > at run-time by ld.so.
> > > > > > * The copy is referenced by executable and shared libraries.
> > > > > > * Executable can access the copy directly.
> > > > > >
> > > > > > Issues are:
> > > > > > * Overhead of a copy, time and space, may be visible at run-time.
> > > > > > * Read-only data in the shared library becomes read-write copy in
> > > > > > executable at run-time.
> > > > > > * Local access to data with the STV_PROTECTED visibility in the shared
> > > > > > library must use GOT.
> > > > > >
> > > > > > On systems without function descriptor, function pointers vary depending
> > > > > > on where and how the functions are defined.
> > > > > > * If the function is defined in executable, it can be the address of
> > > > > > function body.
> > > > > > * If the function, including the function with STV_PROTECTED visibility,
> > > > > > is defined in the shared library, it can be the address of the PLT entry
> > > > > > in executable or shared library.
> > > > > >
> > > > > > Issues are:
> > > > > > * The address of function body may not be used as its function pointer.
> > > > > > * ld.so needs to search loaded shared libraries for the function pointer
> > > > > > of the function with STV_PROTECTED visibility.
> > > > > >
> > > > > > Here is a proposal to remove copy relocation and use canonical function
> > > > > > pointer:
> > > > > >
> > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> > > > > > use GOT.
> > > > > >   a. Linker may optimize out GOT access if the data is defined in PIE or
> > > > > >   non-PIE.
> > > > > > 2. Read-only data in the shared library remain read-only at run-time
> > > > > > 3. Address of global data with the STV_PROTECTED visibility in the shared
> > > > > > library is the address of data body.
> > > > > >   a. Can use IP-relative access.
> > > > > >   b. May need GOT without IP-relative access.
> > > > > > 4. For systems without function descriptor,
> > > > > >   a. All global function pointers of undefined functions in PIE and
> > > > > >   non-PIE must use GOT.  Linker may optimize out GOT access if the
> > > > > >   function is defined in PIE or non-PIE.
> > > > > >   b. Function pointer of functions with the STV_PROTECTED visibility in
> > > > > >   executable and shared library is the address of function body.
> > > > > >    i. Can use IP-relative access.
> > > > > >    ii. May need GOT without IP-relative access.
> > > > > >    iii. Branches to undefined functions may use PLT.
> > > > > > 5. Single global definition marker:
> > > > > >
> > > > > > Add GNU_PROPERTY_1_NEEDED:
> > > > > >
> > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
> > > > > >
> > > > > > to indicate the needed properties by the object file.
> > > > > >
> > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
> > > > > >
> > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
> > > > > >
> > > > > > to indicate that the object file requires canonical function pointers and
> > > > > > cannot be used with copy relocation.  This bit should be cleared in
> > > > > > executable when there are non-GOT or non-PLT relocations in relocatable
> > > > > > input files without this bit set.
> > > > > >
> > > > > >   a. Protected symbol access within the shared library can be treated as
> > > > > >   local.
> > > > > >   b. Copy relocation should be disallowed at link-time and run-time.
> > > > > >   c. GOT function pointer reference is required at link-time and run-time.
> > > > > >
> > > > > > The indirect external access marker can be used in the following ways:
> > > > > >
> > > > > > 1. Linker can decide the best way to resolve a relocation against a
> > > > > > protected symbol before seeing all relocations against the symbol.
> > > > > > 2. Dynamic linker can decide if it is an error to have a copy relocation
> > > > > > in executable against the protected symbol in a shared library by checking
> > > > > > if the shared library is built with -fno-direct-extern-access.
> > > > > >
> > > > > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> > > > > > the default.  With -fno-direct-extern-access:
> > > > > >
> > > > > > 1. Always to use GOT to access undefined symbols, including in PIE and
> > > > > > non-PIE.  This is safe to do and does not break the ABI.
> > > > > > 2. In executable and shared library, for symbols with the STV_PROTECTED
> > > > > > visibility:
> > > > > >   a. The address of data symbol is the address of data body.
> > > > > >   b. For systems without function descriptor, the function pointer is
> > > > > >   the address of function body.
> > > > > > These break the ABI and resulting shared libraries may not be compatible
> > > > > > with executables which are not compiled with -fno-direct-extern-access.
> > > > > > 3. Generate an indirect external access marker in relocatable objects if
> > > > > > supported by linker.
> > > > > >
> > > > > > H.J. Lu (2):
> > > > > >   Add -f[no-]direct-extern-access
> > > > > >   Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
> > > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > This has been implemented in binutils 2.38 and glibc 2.35.
> > > > > What do I need to do to get it into GCC 12?
> > > > >
> > > >
> > > > Hi Richard, Jeff,
> > > >
> > > > Can you help review this patch for GCC 12:
> > > >
> > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html
> > > > https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html
> > > >
> > >
> > > PING.
> >
> > PING.
> >
>
> PING.
>
>
> --
> H.J.

I'll ping https://gcc.gnu.org/pipermail/gcc-patches/2021-May/570139.html
("[PATCH] x86-64: Remove HAVE_LD_PIE_COPYRELOC"), too.
It's somewhat related, but simple and useful on its own....

The -fPIE default for x86-64 should be to avoid PC-relative relocations for

extern int x;
int foo() { return x; }

like -fPIC. There should not be any need to specify a compiler driver
option to achieve this goal.