From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by sourceware.org (Postfix) with ESMTPS id C61423858C54 for ; Sun, 26 Jun 2022 18:14:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C61423858C54 Received: by mail-pg1-x530.google.com with SMTP id d129so7077877pgc.9 for ; Sun, 26 Jun 2022 11:14:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EyDCT7zmwqrh9JPA0qSNqLozONoyOTxlCsdD/XQjJ1w=; b=T6ABoaB1R+lGmEsmBDgUJaNm+RxBD1SnfnrnMfYw/7zvnWScNEQAeqTEzGl7cOwh1S d8zEbLD0keyUcek4r/AqhCSOgCVphTaoWVSa1zQEm5iYApHrbxNz+1yW01NopQRh6lvq bjRQsGZKwtX8VFwRtCBkg3qUaTVfnNf88/kdzhwGFFoKAJi74k4mWHw19L+awn1ZXK92 Wjya9KjHlVnafpvMg1RuCzCw7za8j50MhC5ryCMKAd29XVGKAdohd+7QXmW80uCVjHK4 yCPKcKAjJ+cs5TZcVRV54Li+f4D3vhPseTqjWVCp+LjcOJRCfLwKC8ERne1dz1cVTsEc 1b7g== X-Gm-Message-State: AJIora+wmKgRPgxk6mTY52A8yHMQSY7TlTZq4c+dOomRmhmnwKAXVP4B 27HNMbtnhXbXeiH+roiFuvZS0Uk1hjTB2xLfdVii48l+nVs= X-Google-Smtp-Source: AGRyM1uNrTNey06mNEs3dmRw9A6UNIaDmEsMlEmOyF9FK6zENrIQ0vXVCaiUrWqbGy/tm/RyHhl+f5tYboUWAfpH+qE= X-Received: by 2002:a05:6a00:14c4:b0:525:9341:288 with SMTP id w4-20020a056a0014c400b0052593410288mr7476372pfu.1.1656267275601; Sun, 26 Jun 2022 11:14:35 -0700 (PDT) MIME-Version: 1.0 References: <20220625174426.1475218-1-i@maskray.me> In-Reply-To: <20220625174426.1475218-1-i@maskray.me> From: "H.J. Lu" Date: Sun, 26 Jun 2022 11:13:59 -0700 Message-ID: Subject: Re: [PATCH] x86: Make protected symbols local for -shared To: Fangrui Song Cc: Binutils Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-3024.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_STOCKGEN, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2022 18:14:39 -0000 On Sat, Jun 25, 2022 at 10:44 AM Fangrui Song wrote: > > Call _bfd_elf_symbol_refs_local_p with local_protected==true. This has > 2 noticeable effects for -shared: > > * GOT-generating relocations referencing a protected data symbol no > longer lead to a GLOB_DAT (similar to a hidden symbol). > * Direct access relocations (e.g. R_X86_64_PC32) no longer has the > confusing diagnostic below. > > __attribute__((visibility("protected"))) void *foo() { > return (void *)foo; > } > > // gcc -fpic -shared -fuse-ld=bfd > relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object > > The new behavior matches arm, aarch64 (commit > 83c325007c5599fa9b60b8d5f7b84842160e1d1b), and powerpc ports, and other > linkers: gold and ld.lld. > > Note: if some code tries to use direct access relocations to take the > address of foo, the pointer equality will break, but the error should be > reported on the executable link, not on the innocent shared object link. > glibc 2.36 will give a warning at relocation resolving time. It should be controlled by -z [no]indirect-extern-access. Can you enable -z indirect-extern-access with -shared by default instead? > With this change, `#define elf_backend_extern_protected_data 1` is no > longer effective. Just remove it. > > Remove the test "Run protected-func-1 without PIE" since -fno-pic > address taken operation in the executable doesn't work with protected > symbol in a shared object by default. Similarly, remove > protected-data-1a and protected-data-1b. protected-data-1b can be made > working by removing HAVE_LD_PIE_COPYRELOC from GCC > (https://sourceware.org/pipermail/gcc-patches/2022-June/596678.html). > --- > bfd/elf32-i386.c | 1 - > bfd/elf64-x86-64.c | 1 - > bfd/elfxx-x86.c | 2 +- > ld/testsuite/ld-i386/protected1.d | 4 +++- > ld/testsuite/ld-i386/protected3.d | 2 +- > ld/testsuite/ld-i386/protected6a.d | 4 +++- > ld/testsuite/ld-x86-64/pr24151a-x32.d | 4 +++- > ld/testsuite/ld-x86-64/pr24151a.d | 4 +++- > ld/testsuite/ld-x86-64/protected1.d | 4 +++- > ld/testsuite/ld-x86-64/protected3.d | 2 +- > ld/testsuite/ld-x86-64/protected6a.d | 4 +++- > ld/testsuite/ld-x86-64/protected7a.d | 4 +++- > ld/testsuite/ld-x86-64/x86-64.exp | 27 --------------------------- > 13 files changed, 24 insertions(+), 39 deletions(-) > > diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c > index e4106d9fd3b..c3c46795731 100644 > --- a/bfd/elf32-i386.c > +++ b/bfd/elf32-i386.c > @@ -4424,7 +4424,6 @@ elf_i386_link_setup_gnu_properties (struct bfd_link_info *info) > #define elf_backend_got_header_size 12 > #define elf_backend_plt_alignment 4 > #define elf_backend_dtrel_excludes_plt 1 > -#define elf_backend_extern_protected_data 1 > #define elf_backend_caches_rawsize 1 > #define elf_backend_want_dynrelro 1 > > diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c > index 6154a70bdd7..aaa5f1496b9 100644 > --- a/bfd/elf64-x86-64.c > +++ b/bfd/elf64-x86-64.c > @@ -5275,7 +5275,6 @@ elf_x86_64_special_sections[]= > #define elf_backend_got_header_size (GOT_ENTRY_SIZE*3) > #define elf_backend_rela_normal 1 > #define elf_backend_plt_alignment 4 > -#define elf_backend_extern_protected_data 1 > #define elf_backend_caches_rawsize 1 > #define elf_backend_dtrel_excludes_plt 1 > #define elf_backend_want_dynrelro 1 > diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c > index acb2cc8528d..18f3d335458 100644 > --- a/bfd/elfxx-x86.c > +++ b/bfd/elfxx-x86.c > @@ -3094,7 +3094,7 @@ _bfd_x86_elf_link_symbol_references_local (struct bfd_link_info *info, > 2. When building executable, there is no dynamic linker. Or > 3. or "-z nodynamic-undefined-weak" is used. > */ > - if (SYMBOL_REFERENCES_LOCAL (info, h) > + if (_bfd_elf_symbol_refs_local_p (h, info, 1) > || (h->root.type == bfd_link_hash_undefweak > && (ELF_ST_VISIBILITY (h->other) != STV_DEFAULT > || (bfd_link_executable (info) > diff --git a/ld/testsuite/ld-i386/protected1.d b/ld/testsuite/ld-i386/protected1.d > index a3cb5cef140..531645b8fe8 100644 > --- a/ld/testsuite/ld-i386/protected1.d > +++ b/ld/testsuite/ld-i386/protected1.d > @@ -1,3 +1,5 @@ > #as: --32 > #ld: -shared -melf_i386 > -#error: .*relocation R_386_GOTOFF against protected function `foo' can not be used when making a shared object > +#readelf: -rW > +#... > +There are no relocations in this file. > diff --git a/ld/testsuite/ld-i386/protected3.d b/ld/testsuite/ld-i386/protected3.d > index c3a6888d900..77367c4738f 100644 > --- a/ld/testsuite/ld-i386/protected3.d > +++ b/ld/testsuite/ld-i386/protected3.d > @@ -8,7 +8,7 @@ > Disassembly of section .text: > > 0+[a-f0-9]+ : > -[ ]*[a-f0-9]+: 8b 81 [a-f0-9][a-f0-9] [a-f0-9][a-f0-9] ff ff mov -0x[a-f0-9]+\(%ecx\),%eax > +[ ]*[a-f0-9]+: 8d 81 00 00 00 00 lea 0x0\(%ecx\),%eax > [ ]*[a-f0-9]+: 8b 00 mov \(%eax\),%eax > [ ]*[a-f0-9]+: c3 ret > #pass > diff --git a/ld/testsuite/ld-i386/protected6a.d b/ld/testsuite/ld-i386/protected6a.d > index 7dc350432f4..4d3873239f9 100644 > --- a/ld/testsuite/ld-i386/protected6a.d > +++ b/ld/testsuite/ld-i386/protected6a.d > @@ -1,4 +1,6 @@ > #source: protected6.s > #as: --32 > #ld: -shared -melf_i386 > -#error: .*relocation R_386_GOTOFF against protected data `foo' can not be used when making a shared object > +#readelf: -rW > +#... > +There are no relocations in this file. > diff --git a/ld/testsuite/ld-x86-64/pr24151a-x32.d b/ld/testsuite/ld-x86-64/pr24151a-x32.d > index 130611ddf49..1f49b655f7d 100644 > --- a/ld/testsuite/ld-x86-64/pr24151a-x32.d > +++ b/ld/testsuite/ld-x86-64/pr24151a-x32.d > @@ -1,4 +1,6 @@ > #source: pr24151a.s > #as: --x32 > #ld: -shared -melf32_x86_64 > -#error: .*relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object > +#readelf: -rW > +#... > +There are no relocations in this file. > diff --git a/ld/testsuite/ld-x86-64/pr24151a.d b/ld/testsuite/ld-x86-64/pr24151a.d > index 783b85a1a6f..6c48e383e01 100644 > --- a/ld/testsuite/ld-x86-64/pr24151a.d > +++ b/ld/testsuite/ld-x86-64/pr24151a.d > @@ -1,3 +1,5 @@ > #as: --64 > #ld: -shared -melf_x86_64 > -#error: .*relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object > +#readelf: -rW > +#... > +There are no relocations in this file. > diff --git a/ld/testsuite/ld-x86-64/protected1.d b/ld/testsuite/ld-x86-64/protected1.d > index 783b85a1a6f..6c48e383e01 100644 > --- a/ld/testsuite/ld-x86-64/protected1.d > +++ b/ld/testsuite/ld-x86-64/protected1.d > @@ -1,3 +1,5 @@ > #as: --64 > #ld: -shared -melf_x86_64 > -#error: .*relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object > +#readelf: -rW > +#... > +There are no relocations in this file. > diff --git a/ld/testsuite/ld-x86-64/protected3.d b/ld/testsuite/ld-x86-64/protected3.d > index 57950e4d6b6..ba63991582f 100644 > --- a/ld/testsuite/ld-x86-64/protected3.d > +++ b/ld/testsuite/ld-x86-64/protected3.d > @@ -8,7 +8,7 @@ > Disassembly of section .text: > > 0+[a-f0-9]+ : > -[ ]*[a-f0-9]+: 48 8b 05 ([0-9a-f]{2} ){4} * mov 0x[a-f0-9]+\(%rip\),%rax # [a-f0-9]+ <.*> > +[ ]*[a-f0-9]+: 48 8d 05 ([0-9a-f]{2} ){4} * lea 0x[a-f0-9]+\(%rip\),%rax # [a-f0-9]+ <.*> > [ ]*[a-f0-9]+: 8b 00 mov \(%rax\),%eax > [ ]*[a-f0-9]+: c3 ret > #pass > diff --git a/ld/testsuite/ld-x86-64/protected6a.d b/ld/testsuite/ld-x86-64/protected6a.d > index 3a7963ffd2f..50d6430b577 100644 > --- a/ld/testsuite/ld-x86-64/protected6a.d > +++ b/ld/testsuite/ld-x86-64/protected6a.d > @@ -1,4 +1,6 @@ > #source: protected6.s > #as: --64 > #ld: -shared -melf_x86_64 > -#error: .*relocation R_X86_64_GOTOFF64 against protected data `foo' can not be used when making a shared object > +#readelf: -rW > +#... > +There are no relocations in this file. > diff --git a/ld/testsuite/ld-x86-64/protected7a.d b/ld/testsuite/ld-x86-64/protected7a.d > index 3082084a7b8..3974246a2a8 100644 > --- a/ld/testsuite/ld-x86-64/protected7a.d > +++ b/ld/testsuite/ld-x86-64/protected7a.d > @@ -1,4 +1,6 @@ > #source: protected7.s > #as: --64 > #ld: -shared -melf_x86_64 > -#error: .*relocation R_X86_64_GOTOFF64 against protected function `foo' can not be used when making a shared object > +#readelf: -rW > +#... > +There are no relocations in this file. > diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp > index 5e5636bcebe..a096c0b9d0f 100644 > --- a/ld/testsuite/ld-x86-64/x86-64.exp > +++ b/ld/testsuite/ld-x86-64/x86-64.exp > @@ -1832,15 +1832,6 @@ if { [isnative] && [check_compiler_available] } { > "pr23997" \ > "pass.out" \ > ] \ > - [list \ > - "Run protected-func-1 without PIE" \ > - "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-func-1.so" \ > - "-Wa,-mx86-used-note=yes" \ > - { protected-func-1b.c } \ > - "protected-func-1a" \ > - "pass.out" \ > - "$NOPIE_CFLAGS" \ > - ] \ > [list \ > "Run protected-func-1 with PIE" \ > "-Wl,--no-as-needed -pie tmpdir/libprotected-func-1.so" \ > @@ -1904,24 +1895,6 @@ if { [isnative] && [check_compiler_available] } { > "pass.out" \ > "-fPIE" \ > ] \ > - [list \ > - "Run protected-data-1a without PIE" \ > - "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-data-1a.so" \ > - "-Wa,-mx86-used-note=yes" \ > - { protected-data-1b.c } \ > - "protected-data-1a" \ > - "pass.out" \ > - "$NOPIE_CFLAGS" \ > - ] \ > - [list \ > - "Run protected-data-1b with PIE" \ > - "-Wl,--no-as-needed -pie tmpdir/libprotected-data-1a.so" \ > - "-Wa,-mx86-used-note=yes" \ > - { protected-data-1b.c } \ > - "protected-data-1b" \ > - "pass.out" \ > - "-fPIE" \ > - ] \ > [list \ > "Run protected-data-2a without PIE" \ > "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-data-2a.so" \ > -- > 2.37 > -- H.J.