This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH i386] Allow sibcalls in no-PLT PIC
- From: Rich Felker <dalias at libc dot org>
- To: Michael Matz <matz at suse dot de>
- Cc: "H.J. Lu" <hjl dot tools at gmail dot com>, Jan Hubicka <hubicka at ucw dot cz>, Alexander Monakov <amonakov at ispras dot ru>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Uros Bizjak <ubizjak at gmail dot com>
- Date: Tue, 19 May 2015 14:06:59 -0400
- Subject: Re: [PATCH i386] Allow sibcalls in no-PLT PIC
- Authentication-results: sourceware.org; auth=none
- References: <20150515194824 dot GB14415 at kam dot mff dot cuni dot cz> <CAMe9rOr3yQv-+cJxwp_YfNY=9G+FnV6=JdYh_T6kPDJtSA0fzg at mail dot gmail dot com> <20150515202319 dot GE17573 at brightrain dot aerifal dot cx> <CAMe9rOqRBz7L6Fr1nxDVrTEh3EQ-AVV0dMCC0-xdpq87k=e4EQ at mail dot gmail dot com> <20150515204237 dot GF17573 at brightrain dot aerifal dot cx> <CAMe9rOp1ibVzf0KOt+1boOxb5ag85fe2Rv2Rst=CgAtOTGFBxA at mail dot gmail dot com> <20150515230810 dot GA73210 at kam dot mff dot cuni dot cz> <CAMe9rOr1_r0tvi_JdsCL8w-MMAqhSeVpA6sbksnn1yP224zn_A at mail dot gmail dot com> <20150515234403 dot GG17573 at brightrain dot aerifal dot cx> <alpine dot LSU dot 2 dot 20 dot 1505191637140 dot 27315 at wotan dot suse dot de>
On Tue, May 19, 2015 at 04:43:53PM +0200, Michael Matz wrote:
> Hi,
>
> On Fri, 15 May 2015, Rich Felker wrote:
>
> > Forget lazy binding. It's dead anyway because serious distros want
> > PIE+relro+bindnow+...
>
> You keep saying this, but I can't help the feeling it's mostly because
> musl doesn't support it ;-)
Well the reasons musl doesn't support it are partly the above, and
partly that it's been a continuous source of subtle bugs in glibc --
things like clobbering new vector registers, missing synchronization,
failures to be async-signal-safe, etc. So it's not that I think lazy
binding is bad because musl doesn't support it, but rather that musl
doesn't support lazy binding because I think it's bad. :-)
> No, you don't have to use bindnow to get the effects of relro. Sure
> there's more parts of the GOT protected with it, but if that's really that
> much more hardened is up for debate.
Normally it's function addresses that you care about protecting --
they're the easy vector for arbitrary code execution -- and they're
unprotected without bindnow. Addresses of global data could also be an
attack vector, but a more difficult one to exploit.
> > If people really want lazy binding, they can use options which support
> > it, but I don't want to keep suffering the codegen cost of lazy binding
> > despite never using it.
>
> > There should be an option to generate optimal code equivalent to what
> > you get with Alexander Monakov's patches for those of us who aren't
> > trying to support this legacy feature that precludes good performance
> > and precludes hardening.
>
> H.J.'s branch is for _improving_ code on top of the no-plt code, it's not
> replacing it or an alternative for it.
Thanks for the clarification -- this was the part I was failing to
understand. I'm still mildly worried that concerns for supporting
relaxation might lead to decisions not to optimize code in ways that
would be difficult to relax (e.g. certain types of address load
reordering or hoisting) but I don't understand GCC internals
sufficiently to know if this concern is warranted or not. As long as
his work isn't interfering with the ability of -fno-plt to generate
optimal code, I agree it's both inappropriate and counter-productive
for me to be objecting to part or all of it.
I would still like to see the @GOTPCREL stuff added and used instead
of @GOT, as I mentioned earlier in the thread, but I agree that's
independent of relaxation support and shouldn't block it.
Rich