Re: [PATCH] Allow direct access relocations referencing a protected function symbol

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

From: Michael Matz <matz@suse.de>
To: Alan Modra <amodra@gmail.com>
Cc: Fangrui Song <maskray@google.com>,
	Florian Weimer <fweimer@redhat.com>,
	 Szabolcs Nagy <szabolcs.nagy@arm.com>,
	binutils@sourceware.org
Subject: Re: [PATCH] Allow direct access relocations referencing a protected function symbol
Date: Mon, 14 Jun 2021 14:03:46 +0000 (UTC)	[thread overview]
Message-ID: <alpine.LSU.2.22.394.2106141345340.6035@wotan.suse.de> (raw)
In-Reply-To: <YMdXoJiMA+Wry2ke@bubble.grove.modra.org>

Hello,

On Mon, 14 Jun 2021, Alan Modra via Binutils wrote:

> On Sun, Jun 13, 2021 at 02:54:00PM -0700, Fangrui Song via Binutils wrote:
> > This fixes the bogus "relocation R_* against protected symbol `foo'
> > can not be used when making a shared object" for function symbols for
> > at least aarch64/i386/x86-64.
> > 
> > The controversial "copy relocations on protected data symbols" (which has some
> > fragile glibc support) is irrelevant to function symbols.
> 
> No, this patch doesn't do that.  What you are doing here will disable
> dynamic relocations on protected function symbols in shared libraries.
> That will break function pointer comparison for architectures that
> implement non-pic executables, where a function that is undefined in
> the executable is given a fixed address in the executable, that of its
> plt call code.

Correct.  But I'm oscillating between thinking that this would be a 
problem and thinking the opposite :-/

One could always say that function addresses of protected functions aren't 
comparable.  Taking an address and using it as indirect call target will 
always work, you just wouldn't be able to compare them usefully.  Or one 
could require address references from outside components to a protected 
(function) symbol to always be via a GOT(-like structure).

Or (the other extremum of my oscillations) one says that function address 
comparisons absolutely need to work even in absence of 
indirection-via-GOT, at which point we basically talk about the same 
problem like protected data symbols and copy relocations.  If you then 
don't have relocations differing between calls and address taking, you 
effectively throw out the usefullness of protected visibility.

The problem with the latter stance is that it's not really justifiable 
from the ELF gABI: nothing says that getting at "the" function address 
must be possible without a GOT indirection.

(Adding to that is that what actually works in practice changed over time 
and depends on the architecture (and well, yeah, compiler and linker) so 
that now it's impossible to say "look there, that's how it should work 
and how everyone expects it to work" :-/ )

Ciao,
Michael.

next prev parent reply	other threads:[~2021-06-14 14:03 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-13 21:54 Fangrui Song
2021-06-14 13:20 ` Alan Modra
2021-06-14 14:03   ` Michael Matz [this message]
2021-06-14 14:48     ` H.J. Lu
2021-06-14 17:43       ` Fangrui Song
2021-06-15  2:46         ` Alan Modra
2021-06-15  3:19           ` Fangrui Song
2021-06-16  3:53             ` Alan Modra
2021-06-16  4:42               ` Fangrui Song
2021-06-16  6:31                 ` Alan Modra
2021-06-16  8:11                   ` Fangrui Song
2021-06-16 14:06                     ` Michael Matz
2021-06-17  2:59                     ` Alan Modra
2021-06-17  4:24                       ` Fangrui Song
2021-06-17 17:25                         ` H.J. Lu
2021-06-17 17:51                           ` Fangrui Song
2021-06-18  1:54                           ` Alan Modra
2021-06-18  2:41                             ` H.J. Lu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LSU.2.22.394.2106141345340.6035@wotan.suse.de \
    --to=matz@suse.de \
    --cc=amodra@gmail.com \
    --cc=binutils@sourceware.org \
    --cc=fweimer@redhat.com \
    --cc=maskray@google.com \
    --cc=szabolcs.nagy@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).