From: "H.J. Lu" <hjl.tools@gmail.com>
To: GCC Patches <gcc-patches@gcc.gnu.org>
Cc: Florian Weimer <fweimer@redhat.com>,
Uros Bizjak <ubizjak@gmail.com>,
Jakub Jelinek <jakub@redhat.com>,
Richard Biener <richard.guenther@gmail.com>,
Jeff Law <jeffreyalaw@gmail.com>,
Adhemerval Zanella <adhemerval.zanella@linaro.org>
Subject: PING^3 [PATCH v4 0/2] Implement indirect external access
Date: Thu, 25 Nov 2021 09:54:59 -0800 [thread overview]
Message-ID: <CAMe9rOqVGMWjqDb=vyK-mi5d1_66pXkFTPNUO-nQgyfaK_NCmw@mail.gmail.com> (raw)
In-Reply-To: <CAMe9rOrGO6qFXbu3Z35XJosDC_d9p7UXO4vy_HnaDE2V+7NP9A@mail.gmail.com>
On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > >
> > > Changes in the v4 patch.
> > >
> > > 1. Add nodirect_extern_access attribute.
> > >
> > > Changes in the v3 patch.
> > >
> > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been added to
> > > GNU binutils 2.38. But the -z indirect-extern-access linker option is
> > > only available for Linux/x86. However, the --max-cache-size=SIZE linker
> > > option was also addded within a day. --max-cache-size=SIZE is used to
> > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support.
> > >
> > > Changes in the v2 patch.
> > >
> > > 1. Rename the option to -fdirect-extern-access.
> > >
> > > ---
> > > On systems with copy relocation:
> > > * A copy in executable is created for the definition in a shared library
> > > at run-time by ld.so.
> > > * The copy is referenced by executable and shared libraries.
> > > * Executable can access the copy directly.
> > >
> > > Issues are:
> > > * Overhead of a copy, time and space, may be visible at run-time.
> > > * Read-only data in the shared library becomes read-write copy in
> > > executable at run-time.
> > > * Local access to data with the STV_PROTECTED visibility in the shared
> > > library must use GOT.
> > >
> > > On systems without function descriptor, function pointers vary depending
> > > on where and how the functions are defined.
> > > * If the function is defined in executable, it can be the address of
> > > function body.
> > > * If the function, including the function with STV_PROTECTED visibility,
> > > is defined in the shared library, it can be the address of the PLT entry
> > > in executable or shared library.
> > >
> > > Issues are:
> > > * The address of function body may not be used as its function pointer.
> > > * ld.so needs to search loaded shared libraries for the function pointer
> > > of the function with STV_PROTECTED visibility.
> > >
> > > Here is a proposal to remove copy relocation and use canonical function
> > > pointer:
> > >
> > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> > > use GOT.
> > > a. Linker may optimize out GOT access if the data is defined in PIE or
> > > non-PIE.
> > > 2. Read-only data in the shared library remain read-only at run-time
> > > 3. Address of global data with the STV_PROTECTED visibility in the shared
> > > library is the address of data body.
> > > a. Can use IP-relative access.
> > > b. May need GOT without IP-relative access.
> > > 4. For systems without function descriptor,
> > > a. All global function pointers of undefined functions in PIE and
> > > non-PIE must use GOT. Linker may optimize out GOT access if the
> > > function is defined in PIE or non-PIE.
> > > b. Function pointer of functions with the STV_PROTECTED visibility in
> > > executable and shared library is the address of function body.
> > > i. Can use IP-relative access.
> > > ii. May need GOT without IP-relative access.
> > > iii. Branches to undefined functions may use PLT.
> > > 5. Single global definition marker:
> > >
> > > Add GNU_PROPERTY_1_NEEDED:
> > >
> > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
> > >
> > > to indicate the needed properties by the object file.
> > >
> > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
> > >
> > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
> > >
> > > to indicate that the object file requires canonical function pointers and
> > > cannot be used with copy relocation. This bit should be cleared in
> > > executable when there are non-GOT or non-PLT relocations in relocatable
> > > input files without this bit set.
> > >
> > > a. Protected symbol access within the shared library can be treated as
> > > local.
> > > b. Copy relocation should be disallowed at link-time and run-time.
> > > c. GOT function pointer reference is required at link-time and run-time.
> > >
> > > The indirect external access marker can be used in the following ways:
> > >
> > > 1. Linker can decide the best way to resolve a relocation against a
> > > protected symbol before seeing all relocations against the symbol.
> > > 2. Dynamic linker can decide if it is an error to have a copy relocation
> > > in executable against the protected symbol in a shared library by checking
> > > if the shared library is built with -fno-direct-extern-access.
> > >
> > > Add a compiler option, -fdirect-extern-access. -fdirect-extern-access is
> > > the default. With -fno-direct-extern-access:
> > >
> > > 1. Always to use GOT to access undefined symbols, including in PIE and
> > > non-PIE. This is safe to do and does not break the ABI.
> > > 2. In executable and shared library, for symbols with the STV_PROTECTED
> > > visibility:
> > > a. The address of data symbol is the address of data body.
> > > b. For systems without function descriptor, the function pointer is
> > > the address of function body.
> > > These break the ABI and resulting shared libraries may not be compatible
> > > with executables which are not compiled with -fno-direct-extern-access.
> > > 3. Generate an indirect external access marker in relocatable objects if
> > > supported by linker.
> > >
> > > H.J. Lu (2):
> > > Add -f[no-]direct-extern-access
> > > Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE
> > >
> >
> > Hi,
> >
> > This has been implemented in binutils 2.38 and glibc 2.35.
> > What do I need to do to get it into GCC 12?
> >
>
> Hi Richard, Jeff,
>
> Can you help review this patch for GCC 12:
>
> https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580108.html
> https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580107.html
>
PING.
--
H.J.
next prev parent reply other threads:[~2021-11-25 17:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-23 2:02 H.J. Lu
2021-09-23 2:02 ` [PATCH v4 1/2] Add -f[no-]direct-extern-access H.J. Lu
2021-09-23 2:02 ` [PATCH v4 2/2] Add TARGET_ASM_EMIT_GNU_PROPERTY_NOTE H.J. Lu
2021-10-21 19:56 ` PING [PATCH v4 0/2] Implement indirect external access H.J. Lu
2021-11-01 14:02 ` PING^2 " H.J. Lu
2021-11-25 17:54 ` H.J. Lu [this message]
2021-12-11 18:44 ` PING^4 " H.J. Lu
2022-01-04 3:32 ` PING^5 " H.J. Lu
2022-01-17 19:23 ` Marek Polacek
2022-02-09 6:44 ` Fāng-ruì Sòng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMe9rOqVGMWjqDb=vyK-mi5d1_66pXkFTPNUO-nQgyfaK_NCmw@mail.gmail.com' \
--to=hjl.tools@gmail.com \
--cc=adhemerval.zanella@linaro.org \
--cc=fweimer@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
--cc=jeffreyalaw@gmail.com \
--cc=richard.guenther@gmail.com \
--cc=ubizjak@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).