From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 111832 invoked by alias); 28 Mar 2016 12:12:06 -0000 Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org Received: (qmail 111819 invoked by uid 89); 28 Mar 2016 12:12:05 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=mutually, effectiveness, living, protect X-HELO: mail-qg0-f53.google.com Received: from mail-qg0-f53.google.com (HELO mail-qg0-f53.google.com) (209.85.192.53) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256 encrypted) ESMTPS; Mon, 28 Mar 2016 12:11:55 +0000 Received: by mail-qg0-f53.google.com with SMTP id y89so106615820qge.2 for ; Mon, 28 Mar 2016 05:11:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=9C4N4gSXYVo/9m5FgkVA9rabPia1iWX4MBl1QAXbd4o=; b=JnIY6T03fflqT9B3e7vdamN1Yc9/adxsovawNKiuk+du14MiohVawWyTpzkXjjR9E4 E6bLMuRSV8vKyBD2tffsp5aliaRaUPQEkuytVfYJV834oN8PN6FOk5o5QeC+zeixkrhI xv7UbVLB4fQOfKBunHWzR5NqIow2DMTAlSN+Uay83yo4cT5wPh0iBJMqhUgHpYl4fIOI aXoiwnKyVtZ829KyGWKroXvZSK6tx8vKcN5tmGIkq8QrAJTOmkhT/WW9QdY8zeNiQUhw kjS3hnxel6q772nqw14nhnLRETjW6RyF1kLmIIXCyI73XTE1AWHnc3yjF9lZA4n7S3J4 7z5Q== X-Gm-Message-State: AD7BkJKBM73+iKbzN2mUrrqj3TLEM40Ke0v2qew8Qe1VU+aMd5xfZSNy9Eq9JkATRqTshjgLRkHyoKzNQXDVeg== MIME-Version: 1.0 X-Received: by 10.140.31.135 with SMTP id f7mr35845554qgf.96.1459167113384; Mon, 28 Mar 2016 05:11:53 -0700 (PDT) Received: by 10.55.57.203 with HTTP; Mon, 28 Mar 2016 05:11:53 -0700 (PDT) In-Reply-To: References: <9106B2FB-BB06-413A-A04D-EEFB992784FA@apple.com> <9EFBBDCE-4054-4867-B3E9-9DFE216A234F@apple.com> Date: Mon, 28 Mar 2016 12:12:00 -0000 Message-ID: Subject: Re: Preventing preemption of 'protected' symbols in GNU ld 2.26 From: "H.J. Lu" To: Cary Coutant Cc: Joe Groff , Binutils Content-Type: text/plain; charset=UTF-8 X-IsSubscribed: yes X-SW-Source: 2016-03/txt/msg00345.txt.bz2 On Thu, Mar 24, 2016 at 11:31 AM, Cary Coutant wrote: >>>> What relocation do you propose to access external protected >>>> symbol on x86 for non-PIC code? >>> >>> Non-PIC code can still use a GOT, can't it? >> >> Yes. > > Right. > > Some additional thoughts: > > - This has nothing to do with PIE. Non-PIC-non-PIE code has been > living with this restriction for at least 18 years (since visiblity > was introduced into the gABI). > > - This has nothing to do with Ulrich's diatribe against protected > visibility, which applies only to function symbols (and really only to > one platform, due to how function pointer comparison works). Copy relocation and protected symbol are mutually exclusive. Since copy relocation is the part of x86 psABIs, it limits protected symbol effectiveness on x86. In glibc, we add a local alias to symbol we want to protect and access the local alias within glibc without GOT. > - You don't need to go full-on PIC to reference a protected data > symbol in a shared library. You can always statically initialize a > pointer variable, and go indirect through that ("poor-man's PIC"). > > - We could add support for __attribute__((dllimport)) or > __declspec(dllimport) when declaring an external variable that is > expected to be defined in a shared library (ideally, that attribute > ought to be placed in the library's public interface). The compiler > can generate a PIC-style reference for that variable without > penalizing all the other variables in the main program. This is how > HP-UX compilers work on PA and Itanium (using #pragma external). This is a useful feature, similar to -fno-plt, like -fgot, but only on selective symbols. > - Compilers could also generate tentative PIC-style references, with > sufficient relocations to allow the linker to convert the indirect > reference to a direct reference when possible (changing the second > load into a nop or copy). HP-UX also does this. I extended the x86 psABIs with relaxable GOT relocations and implemented the similar linker optimization in ld in binutils 2.26 and gold also implemented the subset of the linker optimization. > - Indirect references from PIC code to a protected symbol penalize the > common case (referencing a symbol within its own module) to support > the uncommon case, while introducing the nasty side effects of a COPY > relocation. > > - COPY relocations are evil. They bind an application to a specific > version of a shared library's ABI, and introduce a hidden startup > cost. If we're going to make any changes, we should be moving towards > elimination of COPY relocations, rather than disabling features that > were designed to improve performance. Copy relocation can improve performance. Google enabled copy relocations for PIE in ld/gold and GCC to improve prefomance by up to 5%: https://gcc.gnu.org/ml/gcc-patches/2014-05/msg01215.html It is in GCC 5. > - Arguing that protected means that the definition is in the same > module but its address might be external is absurd. The *only* reason > for the gABI to make that guarantee is so the compilers can optimize > the code based on the knowledge that the symbol can't be pre-empted. One possible solution: 1. Compiler accesses protected symbols without GOT in PIC mode and marks object files no-copy-relocation-against-protected-symbol. 2. Compiler accesses external symbols with GOT in non-PIC mode. 3. Linker marks shared object with no-copy-relocation-against-protected-symbol if any input files have no-copy-relocation-against-protected-symbol marker. 4. Linker optimizes out GOT access if symbol is defined locally in executable. 5. ld.so checks no-copy-relocation-against-protected-symbol marker on shared object to avoid copy relocation against protected symbol at run-time. -- H.J.