PING^2 [PATCH v4 0/2] Implement indirect external access

H.J. Lu hjl.tools@gmail.com
Mon Nov 1 14:02:04 GMT 2021


On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > Changes in the v4 patch.
> >
> > 1. Add nodirect_extern_access attribute.
> >
> > Changes in the v3 patch.
> >
> > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> > GNU binutils 2.38.  But the -z indirect-extern-access linker option is
> > only available for Linux/x86.  However, the --max-cache-size=SIZE linker
> > option was also addded within a day.  --max-cache-size=SIZE is used to
> > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
> >
> > Changes in the v2 patch.
> >
> > 1. Rename the option to -fdirect-extern-access.
> >
> > ---
> > On systems with copy relocation:
> > * A copy in executable is created for the definition in a shared library
> > at run-time by ld.so.
> > * The copy is referenced by executable and shared libraries.
> > * Executable can access the copy directly.
> >
> > Issues are:
> > * Overhead of a copy, time and space, may be visible at run-time.
> > * Read-only data in the shared library becomes read-write copy in
> > executable at run-time.
> > * Local access to data with the STV_PROTECTED visibility in the shared
> > library must use GOT.
> >
> > On systems without function descriptor, function pointers vary depending
> > on where and how the functions are defined.
> > * If the function is defined in executable, it can be the address of
> > function body.
> > * If the function, including the function with STV_PROTECTED visibility,
> > is defined in the shared library, it can be the address of the PLT entry
> > in executable or shared library.
> >
> > Issues are:
> > * The address of function body may not be used as its function pointer.
> > * ld.so needs to search loaded shared libraries for the function pointer
> > of the function with STV_PROTECTED visibility.
> >
> > Here is a proposal to remove copy relocation and use canonical function
> > pointer:
> >
> > 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> > use GOT.
> >   a. Linker may optimize out GOT access if the data is defined in PIE or
> >   non-PIE.
> > 2. Read-only data in the shared library remain read-only at run-time
> > 3. Address of global data with the STV_PROTECTED visibility in the shared
> > library is the address of data body.
> >   a. Can use IP-relative access.
> >   b. May need GOT without IP-relative access.
> > 4. For systems without function descriptor,
> >   a. All global function pointers of undefined functions in PIE and
> >   non-PIE must use GOT.  Linker may optimize out GOT access if the
> >   function is defined in PIE or non-PIE.
> >   b. Function pointer of functions with the STV_PROTECTED visibility in
> >   executable and shared library is the address of function body.
> >    i. Can use IP-relative access.
> >    ii. May need GOT without IP-relative access.
> >    iii. Branches to undefined functions may use PLT.
> > 5. Single global definition marker:
> >
> > Add GNU_PROPERTY_1_NEEDED:
> >
> > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
> >
> > to indicate the needed properties by the object file.
> >
> > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
> >
> > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
> >
> > to indicate that the object file requires canonical function pointers and
> > cannot be used with copy relocation.  This bit should be cleared in
> > executable when there are non-GOT or non-PLT relocations in relocatable
> > input files without this bit set.
> >
> >   a. Protected symbol access within the shared library can be treated as
> >   local.
> >   b. Copy relocation should be disallowed at link-time and run-time.
> >   c. GOT function pointer reference is required at link-time and run-time.
> >
> > The indirect external access marker can be used in the following ways:
> >
> > 1. Linker can decide the best way to resolve a relocation against a
> > protected symbol before seeing all relocations against the symbol.
> > 2. Dynamic linker can decide if it is an error to have a copy relocation
> > in executable against the protected symbol in a shared library by checking
> > if the shared library is built with -fno-direct-extern-access.
> >
> > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> > the default.  With -fno-direct-extern-access:
> >
> > 1. Always to use GOT to access undefined symbols, including in PIE and
> > non-PIE.  This is safe to do and does not break the ABI.
> > 2. In executable and shared library, for symbols with the STV_PROTECTED
> > visibility:
> >   a. The address of data symbol is the address of data body.
> >   b. For systems without function descriptor, the function pointer is
> >   the address of function body.
> > These break the ABI and resulting shared libraries may not be compatible
> > with executables which are not compiled with -fno-direct-extern-access.
> > 3. Generate an indirect external access marker in relocatable objects if
> > supported by linker.
> >
> > H.J. Lu (2):
> >   Add -f[no-]direct-extern-access
> >   Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
> >
>
> Hi,
>
> This has been implemented in binutils 2.38 and glibc 2.35.
> What do I need to do to get it into GCC 12?
>

Hi Richard, Jeff,

Can you help review this patch for GCC 12:

https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html
https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html

Thanks.

-- 
H.J.


More information about the Gcc-patches mailing list