Re: [PATCH v3 2/2] elf: Add GNU_PROPERTY_1_NEEDED check

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

From: Florian Weimer <fweimer@redhat.com>
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: Binutils <binutils@sourceware.org>,
	 Alan Modra <amodra@gmail.com>, Nick Clifton <nickc@redhat.com>,
	 Richard Earnshaw <rearnsha@arm.com>
Subject: Re: [PATCH v3 2/2] elf: Add GNU_PROPERTY_1_NEEDED check
Date: Mon, 28 Jun 2021 10:46:28 +0200	[thread overview]
Message-ID: <87v95yxtp7.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <CAMe9rOoUuaRBwr-v=V4B-CJmA2AVfPp03a7VkhdYd448k9P8bQ@mail.gmail.com> (H. J. Lu's message of "Fri, 25 Jun 2021 11:52:31 -0700")

* H. J. Lu:

>> Should the property be used just for error checking?  We would flip the
>> default unconditionally.  Such a behavioral change simply based on some
>> input file is quite surprising.
>
> The property is used to to allow compiling sources with
> -fno-direct-extern-access
> by pieces.  When creating a shared library, if one input relocatable file
> is compiled with -fno-direct-extern-access, linker will bind all protected
> symbols locally before seeing ALL relocations against them in different
> input relocatables files.

What is the advantage of this behavior?  Why should the presence of one
such object file in the link cause symbol binding behavior change
everywhere?  Especially if that one file does not even reference any
protected symbols?

>> For (4), I think we need to set a different flag (or perhaps even
>> flags), and be really careful about what we do.  I think an output file
>> that is an executable will never require indirect-extern-access, but it
>
> What did you mean by that?  We need to compile executable with
> -fno-direct-extern-access for the whole scheme to work.

indirect-extern-access imposes a requirement on executables, but
building an executable to comply with the new requirements will not
impose anything on the rest of the link.  I do not see the markup
covering that.

>> can be incompatible with indirect-extern-access objects at run time.
>> Shared objects as output files may themselves depend on
>> indirect-extern-access objects at run time.  Ideally, markup would be
>> applied to the relocations that are affected by the changes in the ABI.
>
> That is what my glibc changes do:
>
> $ ./elf/tst-protected1a
> ./elf/tst-protected1a: protected1:
> /export/build/gnu/tools-build/glibc-gitlab/build-x86_64-linux/elf/tst-protected1moda.so:
> copy relocation against non-copyable protected symbol
> $ readelf -r ./elf/tst-protected1a | grep COPY
> 0000004071d8  004300000005 R_X86_64_COPY     00000000004071d8 protected1 + 0
> 0000004071dc  004600000005 R_X86_64_COPY     00000000004071dc protected3 + 0
>
> This error happens only if there is a copy relocation against protected symbol
> definition compiled with -fno-direct-extern-access.

Does this mean that executables do not need any markup at all, and that
looking at the relocation types is sufficient?  (Same for canonical
function addresses.)

Thanks,
Florian

next prev parent reply	other threads:[~2021-06-28  8:46 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-24 13:24 [PATCH v3 0/2] elf: Implement indirect external access marker H.J. Lu
2021-06-24 13:24 ` [PATCH v3 1/2] elf: Add GNU_PROPERTY_1_NEEDED H.J. Lu
2021-06-24 13:24 ` [PATCH v3 2/2] elf: Add GNU_PROPERTY_1_NEEDED check H.J. Lu
2021-06-25 14:10   ` Florian Weimer
2021-06-25 18:52     ` H.J. Lu
2021-06-28  8:46       ` Florian Weimer [this message]
2021-06-28 11:55         ` H.J. Lu
2021-07-08  7:27           ` Florian Weimer
2021-07-08 12:26             ` H.J. Lu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87v95yxtp7.fsf@oldenburg.str.redhat.com \
    --to=fweimer@redhat.com \
    --cc=amodra@gmail.com \
    --cc=binutils@sourceware.org \
    --cc=hjl.tools@gmail.com \
    --cc=nickc@redhat.com \
    --cc=rearnsha@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).