From: "H.J. Lu" <hjl.tools@gmail.com>
To: libc-alpha@sourceware.org
Subject: [PATCH 0/4] Implement single global definition marker
Date: Sun, 20 Jun 2021 16:36:16 -0700 [thread overview]
Message-ID: <20210620233620.391576-1-hjl.tools@gmail.com> (raw)
On systems with copy relocation:
* A copy in executable is created for the definition in a shared library
at run-time by ld.so.
* The copy is referenced by executable and shared libraries.
* Executable can access the copy directly.
Issues are:
* Overhead of a copy, time and space, may be visible at run-time.
* Read-only data in the shared library becomes read-write copy in
executable at run-time.
* Local access to data with the STV_PROTECTED visibility in the shared
library must use GOT.
On systems without function descriptor, function pointers vary depending
on where and how the functions are defined.
* If the function is defined in executable, it can be the address of
function body.
* If the function, including the function with STV_PROTECTED visibility,
is defined in the shared library, it can be the address of the PLT entry
in executable or shared library.
Issues are:
* The address of function body may not be used as its function pointer.
* ld.so needs to search loaded shared libraries for the function pointer
of the function with STV_PROTECTED visibility.
Here is a proposal to remove copy relocation and use canonical function
pointer:
1. Accesses, including in PIE and non-PIE, to undefined symbols must
use GOT.
a. Linker may optimize out GOT access if the data is defined in PIE or
non-PIE.
2. Read-only data in the shared library remain read-only at run-time
3. Address of global data with the STV_PROTECTED visibility in the shared
library is the address of data body.
a. Can use IP-relative access.
b. May need GOT without IP-relative access.
4. For systems without function descriptor,
a. All global function pointers of undefined functions in PIE and
non-PIE must use GOT. Linker may optimize out GOT access if the
function is defined in PIE or non-PIE.
b. Function pointer of functions with the STV_PROTECTED visibility in
executable and shared library is the address of function body.
i. Can use IP-relative access.
ii. May need GOT without IP-relative access.
iii. Branches to undefined functions may use PLT.
5. Single global definition marker:
Add GNU_PROPERTY_1_NEEDED:
#define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
to indicate the needed properties by the object file.
Add GNU_PROPERTY_1_NEEDED_SINGLE_GLOBAL_DEFINITION:
#define GNU_PROPERTY_1_NEEDED_SINGLE_GLOBAL_DEFINITION (1U << 0)
to indicate that the object file requires canonical function pointers and
cannot be used with copy relocation.
a. Copy relocation should be disallowed at link-time and run-time.
b. Canonical function pointers are required at link-time and run-tima
Dynamic linker changes:
* Scan the single global definition marker on all components, including
the executable and its dependency shared libraries.
* When performing symbol lookup for references in an object without
single global definition:
a. Disallow copy relocations against protected data symbols in an object
with single global definition.
b. Disallow non-zero symbol values of undefined function symbols, which
are used as the function pointer, against protected function symbols in
an object with single global definition.
The corresponding binutils patches are posted at
https://sourceware.org/pipermail/binutils/2021-June/117091.html
and GCC patches are posted at
https://gcc.gnu.org/pipermail/gcc-patches/2021-June/573236.html
H.J. Lu (4):
Initial support for GNU_PROPERTY_1_NEEDED
Check -z single-global-definition and -fsingle-global-definition
Add run-time chesk for single global definition
Update tests for protected data and function symbols
configure | 73 +++++++++++++++++-
configure.ac | 37 ++++++++++
elf/Makefile | 54 ++++++++++++++
elf/dl-lookup.c | 5 ++
elf/elf.h | 17 +++++
elf/tst-protected1moda.c | 10 +--
elf/tst-protected1modb.c | 4 +-
elf/tst-protected2a.c | 130 +++++++++++++++++++++++++++++++++
elf/tst-protected2apie.c | 1 +
elf/tst-protected2b.c | 121 ++++++++++++++++++++++++++++++
elf/tst-protected2bpie.c | 1 +
elf/tst-protected2mod.h | 35 +++++++++
elf/tst-protected2moda.c | 52 +++++++++++++
elf/tst-protected2moda2.c | 41 +++++++++++
elf/tst-protected2modb.c | 45 ++++++++++++
elf/tst-protected2modb2.c | 28 +++++++
sysdeps/generic/dl-prop.h | 9 ++-
sysdeps/generic/dl-protected.h | 51 +++++++++++++
sysdeps/generic/link_map.h | 3 +-
sysdeps/x86/dl-prop.h | 19 +++--
sysdeps/x86/link_map.h | 2 +
21 files changed, 720 insertions(+), 18 deletions(-)
create mode 100644 elf/tst-protected2a.c
create mode 100644 elf/tst-protected2apie.c
create mode 100644 elf/tst-protected2b.c
create mode 100644 elf/tst-protected2bpie.c
create mode 100644 elf/tst-protected2mod.h
create mode 100644 elf/tst-protected2moda.c
create mode 100644 elf/tst-protected2moda2.c
create mode 100644 elf/tst-protected2modb.c
create mode 100644 elf/tst-protected2modb2.c
create mode 100644 sysdeps/generic/dl-protected.h
--
2.31.1
next reply other threads:[~2021-06-20 23:36 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-20 23:36 H.J. Lu [this message]
2021-06-20 23:36 ` [PATCH 1/4] Initial support for GNU_PROPERTY_1_NEEDED H.J. Lu
2021-06-21 7:06 ` Florian Weimer
2021-06-21 12:57 ` H.J. Lu
2021-06-20 23:36 ` [PATCH 2/4] Check -z single-global-definition and -fsingle-global-definition H.J. Lu
2021-06-21 7:31 ` Andreas Schwab
2021-06-21 7:43 ` Florian Weimer
2021-06-21 12:49 ` H.J. Lu
2021-06-20 23:36 ` [PATCH 3/4] Add run-time chesk for single global definition H.J. Lu
2021-06-21 7:16 ` Florian Weimer
2021-06-21 13:20 ` H.J. Lu
2021-06-22 7:12 ` Florian Weimer
2021-06-20 23:36 ` [PATCH 4/4] Update tests for protected data and function symbols H.J. Lu
2021-06-21 7:19 ` Florian Weimer
2021-06-21 12:54 ` H.J. Lu
2021-06-21 12:57 ` Florian Weimer
2021-06-21 13:05 ` H.J. Lu
2021-06-21 20:05 ` [PATCH 0/4] Implement single global definition marker Joseph Myers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210620233620.391576-1-hjl.tools@gmail.com \
--to=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).