From: "H.J. Lu" <hjl.tools@gmail.com>
To: Szabolcs Nagy <szabolcs.nagy@arm.com>
Cc: GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [PATCH v3 2/5] Make libc symbols hidden in static PIE
Date: Fri, 15 Jan 2021 05:43:42 -0800 [thread overview]
Message-ID: <CAMe9rOqXn+VDbHHYZ-Tin7ykJeTehGGR4E3EAb-DFf_ZUzrPTQ@mail.gmail.com> (raw)
In-Reply-To: <20210115112524.GE11466@arm.com>
On Fri, Jan 15, 2021 at 3:25 AM Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
>
> The 01/14/2021 19:36, H.J. Lu wrote:
> > On Thu, Jan 14, 2021 at 3:18 AM Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
> > > The 01/13/2021 09:50, Szabolcs Nagy via Libc-alpha wrote:
> > > There are targets (i686) where hidden visibility functions are
> > > problematic in PIE code so hidden cannot be applied to all symbols.
> > > Then static PIE requires extern object access without relocations
> > > (e.g. by relying on copy relocations in shared libraries instead of
> > > GOT access in PIE code). See bug 14961.
> >
> > It isn't about copy relocations. It is IFUNC, PLT and PIE. I needed
> > additional patches to make static PIE to work on i386 and x86-64.
> > I am enclosing my patches. Please include them in your patch set.
>
> it is about avoiding GOT for object access, which copy
> relocations can do. hidden does it better, but you said
> that does not work on i686 so i removed it (assuming
> you know the implications: every pie object access must
> be local and copy relocated in shared libraries)
>
> morally all symbols should be hidden in static pie
> because everything is local (the code is only linked
> into static exectuables). this is useful outside the
> start code too to avoid GOT indirections.
>
> i686 does not want to set up EBX for hidden extern calls,
> which is needed for ifuncs, so making everything hidden
> does not work.
>
> options:
>
> (1) fix extern hidden pie calls on i686 (by making
> them the same as default vis pie calls so ifuncs
> work).
>
> (2) annotate ifuncs (avoid hidden for them, ifuncs
> cannot appear in early start code anyway because
> of IRELATIVE): this can be difficult to maintain.
>
> (3) annotate early object accesses to be hidden so
> RELATIVE relocs are avoided. (most targets want
> all objects to be hidden, but this solves bug
> 27072 without causing problems on i686)
>
> (4) make pie always use copy relocations on i686.
> (and then no hidden annotation is needed, object
> access is always local in pie).
Linker doesn't generate copy relocations for static PIE.
The problem is GOT indirections which require RELATIVE
relocations.
> my patches assumed (4), but that seems to not work so
> i think doing (3) is reasonable: you either need a few
> carefully placed 'pragma GCC visibility push(hidden)'
> or an attribute_hidden_pie_data on object declarations
> that may be used by the early start code.
>
> > From 15488890220a8c580689e6f78a38847853b78850 Mon Sep 17 00:00:00 2001
> > From: "H.J. Lu" <hjl.tools@gmail.com>
> > Date: Thu, 14 Jan 2021 18:39:24 -0800
> > Subject: [PATCH 1/4] libmvec: Add extra-test-objs to test-extras
> >
> > Add extra-test-objs to test-extras so that they are compiled with
> > -DMODULE_NAME=testsuite instead of -DMODULE_NAME=libc.
>
> this makes sense.
>
> > From e1e10cd6bd52d9061f138f49b35d4939e1cd5692 Mon Sep 17 00:00:00 2001
> > From: "H.J. Lu" <hjl.tools@gmail.com>
> > Date: Thu, 14 Jan 2021 16:40:43 -0800
> > Subject: [PATCH 2/4] Make all symbols used by _dl_relocate_static_pie hidden
> >
> > On i386, all calls to IFUNC functions must go through PLT and calls to
> > hidden functions CANNOT go through PLT in PIE since EBX used in PIE PLT
> > may not be set up for local calls to hidden IFUNC functions.
> >
> > Even if we can't make all libc symbols hidden for static PIE on i386, we
> > must make all symbols used by _dl_relocate_static_pie hidden.
> > ---
> > elf/dl-reloc-static-pie.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/elf/dl-reloc-static-pie.c b/elf/dl-reloc-static-pie.c
> > index a8d964061e..cc34c2d2fe 100644
> > --- a/elf/dl-reloc-static-pie.c
> > +++ b/elf/dl-reloc-static-pie.c
> > @@ -17,6 +17,7 @@
> > <https://www.gnu.org/licenses/>. */
> >
> > #if ENABLE_STATIC_PIE
> > +#pragma GCC visibility push(hidden)
>
> yes, this is option (3). you will also need it in _dl_aux_init
> and __libc_init_secure and __tunables_init.
I will try it.
> > From c5ffa46591550d945b009f0e3bcf66603d48ac0b Mon Sep 17 00:00:00 2001
> > From: "H.J. Lu" <hjl.tools@gmail.com>
> > Date: Thu, 14 Jan 2021 13:26:29 -0800
> > Subject: [PATCH 3/4] i386: Call _dl_aux_init after relocating static PIE
> >
> > In i386 static PIE, we need to call _dl_aux_init after relocating static
> > PIE so that symbol addresses in _dl_aux_init and ARCH_SETUP_TLS are in
> > sync. Also in i386 static PIE, since __libc_init_secure is called before
> > ARCH_SETUP_TLS, it must use "int $0x80" for system calls. Update
> > __libc_init_secure to use __geteuid_startup, __getuid_startup,
> > __getegid_startup and __getgid_startup.
>
> the syscall part i understand, but auxv vs tls i don't:
>
> i thought you only need to ensure that objects are hidden
> visibility in _dl_aux_init.
>
> i think the dependency order is:
>
> 1 auxv
> 2 libc_secure
> 3 tunables
> 4 cpu features
> 5 self reloc
> 6 setup _dl_phdr from __ehdr_start
> 7 setup tls
>
> i got 6 wrong in my patch: setup tls can use _dl_phdr,
> i will fix it.
On i386, setup tls uses auxv. But there are GOT
indirections in _dl_aux_init () which require RELATIVE
relocations.
> moving auxv a bit later is possible (if you don't mind
> syscalls in libc_secure and nothing requires it in
> cpu features), but i don't see how that's related to
> tls.
--
H.J.
next prev parent reply other threads:[~2021-01-15 13:44 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-12 17:21 [PATCH v3 0/5] fix ifunc with static pie [BZ #27072] Szabolcs Nagy
2021-01-12 17:21 ` [PATCH v3 1/5] configure: Require PI_STATIC_AND_HIDDEN for static pie Szabolcs Nagy
2021-01-12 18:38 ` Adhemerval Zanella
2021-01-12 17:22 ` [PATCH v3 2/5] Make libc symbols hidden in static PIE Szabolcs Nagy
2021-01-12 23:09 ` H.J. Lu
2021-01-13 0:02 ` H.J. Lu
2021-01-13 0:33 ` H.J. Lu
2021-01-13 1:19 ` H.J. Lu
2021-01-13 9:50 ` Szabolcs Nagy
2021-01-14 11:17 ` Szabolcs Nagy
2021-01-14 15:39 ` H.J. Lu
2021-01-15 3:36 ` H.J. Lu
2021-01-15 4:29 ` H.J. Lu
2021-01-15 11:25 ` Szabolcs Nagy
2021-01-15 13:43 ` H.J. Lu [this message]
2021-01-15 14:27 ` Szabolcs Nagy
2021-01-15 15:28 ` H.J. Lu
2021-01-15 22:42 ` H.J. Lu
2021-01-16 0:41 ` H.J. Lu
2021-01-16 13:18 ` H.J. Lu
2021-01-18 16:22 ` Szabolcs Nagy
2021-01-12 17:22 ` [PATCH v3 3/5] elf: Make the tunable struct definition internal only Szabolcs Nagy
2021-01-13 17:38 ` Adhemerval Zanella
2021-01-12 17:22 ` [PATCH v3 4/5] elf: Avoid RELATIVE relocs in __tunables_init Szabolcs Nagy
2021-01-13 17:42 ` Adhemerval Zanella
2021-01-12 17:23 ` [PATCH v3 5/5] csu: Move static pie self relocation later [BZ #27072] Szabolcs Nagy
2021-01-12 22:55 ` H.J. Lu
2021-01-14 15:49 ` H.J. Lu
2021-01-14 15:52 ` H.J. Lu
2021-01-14 16:01 ` H.J. Lu
2021-01-14 16:26 ` H.J. Lu
2021-01-14 17:19 ` Szabolcs Nagy
2021-01-14 17:59 ` Szabolcs Nagy
2021-01-14 17:05 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMe9rOqXn+VDbHHYZ-Tin7ykJeTehGGR4E3EAb-DFf_ZUzrPTQ@mail.gmail.com \
--to=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=szabolcs.nagy@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).