On 2021-01-07, Florian Weimer wrote:
>* H. J. Lu:
>
>> Currently R_X86_64_COPY is used in executable. In PIE, R_X86_64_COPY
>> is optional. If PIE doesn't have R_X86_64_COPY, access to protected data
>> definition in a shared object can be optimized.
>
>I don't understand why R_X86_64_COPY is optional in PIE. It certainly
>it is also optional for ET_DYN?
R_*_COPY is only available in executables. GNU ld, gold, LLD and musl
enforce this.
>> Also function pointer of undefined function in executable is resolved
>> to its PLT entry in the executable. In PIE, the undefined function
>> pointer can be accessed via GOT and access to protected function
>> pointer in a shared object can be optimized.
>
>I'm also not sure why this should be restricted to PIE.
Agreed. GOT indirection can be generated for default visibility external
data/function pointers in both -fno-pic and -fpie mode, to prevent copy
relocations / canonical PLT entry (st_shndx=0, st_value!=0; the term is
common among LLD developers but not widely used elsewhere).
-fno-pic and -fpie are what
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98112 the proposed
-fdirect-access-external-data mainly aims for. (-fpic can use it but
the produced .o likely need ld options like -Bsymbolic or --dynamic-list
to link)
>> This is an ABI change. To avoid incorrect run-time behavior, we can
>>
>> 1. Create a marker, GNU_PROPERTY_LOCAL_PROTECTED, to
>> indicate that access to protected symbols in the shared object is
>> truly local.
>
>I think this should be a flag in the dynamic section. There seems to be
>some precedent in the form of BIND_NOW and DT_SYMBOLIC.
I think this is merely a behavior change. .o files with and without this
behavior are theoretically compatible.
If a.o references an external data symbol via R_X86_64_PC32 and b.o
references the symbol via R_X86_64_REX_GOTPCRELX and the symbol turns
out to be defined in a DSO (st_type=STT_OBJECT, st_size!=0), linkers
(GNU ld, gold and LLD) create a copy relocation, produce an
R_X86_64_GLOB_DAT and an R_X86_64_COPY.
A simply example shows that this works
cat > ./a.s <<eof
.data
.globl dat
.type dat, @object
dat:
.long 0
.size dat, 4
eof
cat > ./b.s <<eof
.globl foo
foo:
movq dat@gotpcrel(%rip), %rax
ret
eof
cat > ./c.s <<eof
.globl bar
bar:
leaq dat(%rip), %rax
ret
eof
cat > ./d.c <<eof
#include <stdio.h>
void *foo(void);
void *bar(void);
int main() {
printf("%p %p\n", foo(), bar());
}
eof
gcc -shared a.s -o a.so
gcc -no-pie ./a.so b.s c.s d.c && ./a.out
gcc -pie ./a.so b.s c.s d.c && ./a.out
>> 2. Add a linker option not to generate R_X86_64_COPY nor
>> resolve the undefined function pointer to its PLT entry in PIE.
>> Linker adds GNU_PROPERTY_LOCAL_PROTECTED marker
>> to such shared objects and PIE.
>> 3. Update ld.so to issue an error for R_X86_64_COPY against
>> protected definition in GNU_PROPERTY_LOCAL_PROTECTED
>> shared object. ld.so skips special protected function pointer handling
>> for GNU_PROPERTY_LOCAL_PROTECTED executable.
>>
>> We can rename GNU_PROPERTY_NO_COPY_ON_PROTECTED
>> to GNU_PROPERTY_LOCAL_PROTECTED.
I think gold/LLD and other backends of GNU ld don't allow copy
relocation on STV_PROTECTED data symbols. If we agree that copy
relocation (as an ELF hack working around the -fno-pic direct relocation
issue) does not necessarily work with STV_PROTECTED data symbols, GNU
ld's x86-64 port can just be made stricter and there is no need for an
option. I think the friction (if any) will be much smaller than the GCC
5/binutils 2.26 changes.
* Clang never defaults to R_X86_64_PC32 referencing external data symbol in -fno-pic mode.
https://gcc.gnu.org/legacy-ml/gcc/2019-05/msg00215.html
>Another use case:
>
>It is desirable to avoid copy relocations for __libc_single_threaded,
>for PIE and non-PIE executables. The reason is that it avoids a
>performance quirk where the copied data object is put on the same
>cacheline as something that is frequently modified.
>
>Qt also needs to avoid copy relocations from the main program for its
>global data objects.
>
>I think ideally, we would have some compiler magic we can put into
>headers. For the Qt use case, we would also need link editor validation
>that no copy relocations are created, ever. (Users are expected to
>build with -fpic today, and they will encounter breakage if they don't.)
>
>Thanks,
>Florian
I have made plan to fix this on Clang
https://reviews.llvm.org/D92738#2436274 :)
I was just giving extended time to GCC developers
on
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98112
>Red Hat GmbH,
https://de.redhat.com/ , Registered seat: Grasbrunn,
>Commercial register: Amtsgericht Muenchen, HRB 153243,
>Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
>
>--
>You received this message because you are subscribed to the Google Groups "X86-64 System V Application Binary Interface" group.
>To unsubscribe from this group and stop receiving emails from it, send an email to
x86-64-abi+...@googlegroups.com.
>To view this discussion on the web visit
https://groups.google.com/d/msgid/x86-64-abi/874kjszqiq.fsf%40oldenburg2.str.redhat.com.