Re: Update x86-64 PLT for MPX

["H.J. Lu" <hjl.tools@gmail.com>]

On Mon, Jan 27, 2014 at 1:42 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
> On Sat, Jan 18, 2014 at 8:11 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>> Hi,
>>
>> Here is the proposal to update x86-64 PLT for MPX.  The linker change
>> is implemented on hjl/mpx/pltext8 branch.  Any comments/feedbacks?
>>
>> Thanks.
>>
>> --
>> H.J.
>> ---
>> Intel MPX:
>>
>> http://software.intel.com/en-us/file/319433-017pdf
>>
>> introduces 4 bound registers, which will be used for parameter passing
>> in x86-64.  Bound registers are cleared by branch instructions.  Branch
>> instructions with BND prefix will keep bound register contents. This leads
>> to 2 requirements to 64-bit MPX run-time:
>>
>> 1. Dynamic linker (ld.so) should save and restore bound registers during
>> symbol lookup.
>> 2. Change the current 16-byte PLT0:
>>
>>   ff 35 08 00 00 00    pushq  GOT+8(%rip)
>>   ff 25 00 10 00    jmpq  *GOT+16(%rip)
>>   0f 1f 40 00        nopl   0x0(%rax)
>>
>> and 16-byte PLT1:
>>
>>   ff 25 00 00 00 00        jmpq   *name@GOTPCREL(%rip)
>>   68 00 00 00 00           pushq  $index
>>   e9 00 00 00 00           jmpq   PLT0
>>
>> which clear bound registers, to preserve bound registers.
>>
>> We use 2 new relocations:
>>
>> #define R_X86_64_PC32_BND  39 /* PC relative 32 bit signed with BND prefix */
>> #define R_X86_64_PLT32_BND 40 /* 32 bit PLT address with BND prefix */
>>
>> to mark branch instructions with BND prefix.
>>
>> When linker sees any R_X86_64_PC32_BND or R_X86_64_PLT32_BND relocations,
>> it switches to a different PLT0:
>>
>>   ff 35 08 00 00 00    pushq  GOT+8(%rip)
>>   f2 ff 25 00 10 00    bnd jmpq *GOT+16(%rip)
>>   0f 1f 00        nopl   (%rax)
>>
>> to preserve bound registers for symbol lookup and it also creates an
>> external PLT section, .pl.bnd.  Linker will create a BND PLT1 entry
>> in .plt:
>>
>>   68 00 00 00 00           pushq  $index
>>   f2 e9 00 00 00 00     bnd jmpq PLT0
>>   0f 1f 44 00 00        nopl 0(%rax,%rax,1)
>>
>> and a 8-byte BND PLT entry in .plt.bnd:
>>
>>   f2 ff 25 00 00 00 00  bnd jmpq *name@GOTPCREL(%rip)
>>   90            nop
>>
>> Otherwise, linker will create a legacy PLT entry in .plt:
>>
>>   68 00 00 00 00           pushq  $index
>>   e9 00 00 00 00        jmpq PLT0
>>   66 0f 1f 44 00 00     nopw 0(%rax,%rax,1)
>>
>> and a 8-byte legacy PLT in .plt.bnd:
>>
>>   ff 25 00 00 00 00     jmpq  *name@GOTPCREL(%rip)
>>   66 90                 xchg  %ax,%ax
>>
>> The initial value of the GOT entry for "name" will be set to the the
>> "pushq" instruction in the corresponding entry in .plt.  Linker will
>> resolve reference of symbol "name" to the entry in the second PLT,
>> .plt.bnd.
>>
>> Prelink stores the offset of pushq of PLT1 (plt_base + 0x10) in GOT[1]
>> and GOT[1] is stored in GOT[3].  We can undo prelink in GOT by computing
>> the corresponding the pushq offset with
>>
>> GOT[1] + (GOT offset - &GOT[3]) * 2
>>
>> Since for each entry in .plt except for PLT0 we create a 8-byte entry in
>> .plt.bnd, there is extra 8-byte per PLT symbol.
>>
>> We also investigated the 16-byte entry for .plt.bnd.  We compared the
>> 8-byte entry vs the the 16-byte entry for .plt.bnd on Sandy Bridge.
>> There are no performance differences in SPEC CPU 2000/2006 as well as
>> micro benchmarks.
>>
>> Pros:
>>     No change to undo prelink in dynamic linker.
>>     Only 8-byte memory overhead for each PLT symbol.
>> Cons:
>>     Extra .plt.bnd section is needed.
>>     Extra 8 byte for legacy branches to PLT.
>>     GDB is unware of the new layout of .plt and .plt.bnd.
>
> Hi,
>
> I am enclosing the updated x86-64 psABI with PLT change.
> I checkeMy email is rejected due to PDF attachment.   I am resubmitting it with
out PDF file.
d it onto hjl/mpx/master branch at
>
> https://github.com/hjl-tools/x86-64-psABI
>
> I will check in the binutils changes if there are no disagreements
> in 2 weeks.
>
> Thanks.


My email is rejected due to PDF attachment.   I am resubmitting it with
out PDF file.


-- 
H.J.