Re: PING^5 [PATCH v4 0/2] Implement indirect external access
On Mon, Jan 3, 2022 at 7:33 PM H.J. Lu via Gcc-patches wrote: > > On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu wrote: > > > > On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu wrote: > > > > > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu wrote: > > > > > > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu wrote: > > > > > > > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu wrote: > > > > > > > > > > > > Changes in the v4 patch. > > > > > > > > > > > > 1. Add nodirect_extern_access attribute. > > > > > > > > > > > > Changes in the v3 patch. > > > > > > > > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been > > > > > > added to > > > > > > GNU binutils 2.38. But the -z indirect-extern-access linker option > > > > > > is > > > > > > only available for Linux/x86. However, the --max-cache-size=SIZE > > > > > > linker > > > > > > option was also addded within a day. --max-cache-size=SIZE is used > > > > > > to > > > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > > > > > > > > > Changes in the v2 patch. > > > > > > > > > > > > 1. Rename the option to -fdirect-extern-access. > > > > > > > > > > > > --- > > > > > > On systems with copy relocation: > > > > > > * A copy in executable is created for the definition in a shared > > > > > > library > > > > > > at run-time by ld.so. > > > > > > * The copy is referenced by executable and shared libraries. > > > > > > * Executable can access the copy directly. > > > > > > > > > > > > Issues are: > > > > > > * Overhead of a copy, time and space, may be visible at run-time. > > > > > > * Read-only data in the shared library becomes read-write copy in > > > > > > executable at run-time. > > > > > > * Local access to data with the STV_PROTECTED visibility in the > > > > > > shared > > > > > > library must use GOT. > > > > > > > > > > > > On systems without function descriptor, function pointers vary > > > > > > depending > > > > > > on where and how the functions are defined. > > > > > > * If the function is defined in executable, it can be the address of > > > > > > function body. > > > > > > * If the function, including the function with STV_PROTECTED > > > > > > visibility, > > > > > > is defined in the shared library, it can be the address of the PLT > > > > > > entry > > > > > > in executable or shared library. > > > > > > > > > > > > Issues are: > > > > > > * The address of function body may not be used as its function > > > > > > pointer. > > > > > > * ld.so needs to search loaded shared libraries for the function > > > > > > pointer > > > > > > of the function with STV_PROTECTED visibility. > > > > > > > > > > > > Here is a proposal to remove copy relocation and use canonical > > > > > > function > > > > > > pointer: > > > > > > > > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > > > > > use GOT. > > > > > > a. Linker may optimize out GOT access if the data is defined in > > > > > > PIE or > > > > > > non-PIE. > > > > > > 2. Read-only data in the shared library remain read-only at run-time > > > > > > 3. Address of global data with the STV_PROTECTED visibility in the > > > > > > shared > > > > > > library is the address of data body. > > > > > > a. Can use IP-relative access. > > > > > > b. May need GOT without IP-relative access. > > > > > > 4. For systems without function descriptor, > > > > > > a. All global function pointers of undefined functions in PIE and > > > > > > non-PIE must use GOT. Linker may optimize out GOT access if the > > > > > > function is defined in PIE or non-PIE. > > > > > > b. Function pointer of functions with the STV_PROTECTED > > > > > > visibility in > > > > > > executable and shared library is the address of function body. > > > > > >i. Can use IP-relative access. > > > > > >ii. May need GOT without IP-relative access. > > > > > >iii. Branches to undefined functions may use PLT. > > > > > > 5. Single global definition marker: > > > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED: > > > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > > > > > > > > > to indicate the needed properties by the object file. > > > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > > > > > > > > > to indicate that the object file requires canonical function > > > > > > pointers and > > > > > > cannot be used with copy relocation. This bit should be cleared in > > > > > > executable when there are non-GOT or non-PLT relocations in > > > > > > relocatable > > > > > > input files without this bit set. > > > > > > > > > > > > a. Protected symbol access within the shared library can be > > > > > > treated as > > > > > > local. > > > > > > b. Copy relocation should be disallowed at link-time and run-time. > > > > > > c. GOT function pointer reference is required at link-time and > > > > > > run-time. > >
Re: PING^5 [PATCH v4 0/2] Implement indirect external access
Ping, could a global maintainer take a look at this? On Mon, Jan 03, 2022 at 07:32:25PM -0800, H.J. Lu via Gcc-patches wrote: > On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu wrote: > > > > On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu wrote: > > > > > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu wrote: > > > > > > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu wrote: > > > > > > > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu wrote: > > > > > > > > > > > > Changes in the v4 patch. > > > > > > > > > > > > 1. Add nodirect_extern_access attribute. > > > > > > > > > > > > Changes in the v3 patch. > > > > > > > > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been > > > > > > added to > > > > > > GNU binutils 2.38. But the -z indirect-extern-access linker option > > > > > > is > > > > > > only available for Linux/x86. However, the --max-cache-size=SIZE > > > > > > linker > > > > > > option was also addded within a day. --max-cache-size=SIZE is used > > > > > > to > > > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > > > > > > > > > Changes in the v2 patch. > > > > > > > > > > > > 1. Rename the option to -fdirect-extern-access. > > > > > > > > > > > > --- > > > > > > On systems with copy relocation: > > > > > > * A copy in executable is created for the definition in a shared > > > > > > library > > > > > > at run-time by ld.so. > > > > > > * The copy is referenced by executable and shared libraries. > > > > > > * Executable can access the copy directly. > > > > > > > > > > > > Issues are: > > > > > > * Overhead of a copy, time and space, may be visible at run-time. > > > > > > * Read-only data in the shared library becomes read-write copy in > > > > > > executable at run-time. > > > > > > * Local access to data with the STV_PROTECTED visibility in the > > > > > > shared > > > > > > library must use GOT. > > > > > > > > > > > > On systems without function descriptor, function pointers vary > > > > > > depending > > > > > > on where and how the functions are defined. > > > > > > * If the function is defined in executable, it can be the address of > > > > > > function body. > > > > > > * If the function, including the function with STV_PROTECTED > > > > > > visibility, > > > > > > is defined in the shared library, it can be the address of the PLT > > > > > > entry > > > > > > in executable or shared library. > > > > > > > > > > > > Issues are: > > > > > > * The address of function body may not be used as its function > > > > > > pointer. > > > > > > * ld.so needs to search loaded shared libraries for the function > > > > > > pointer > > > > > > of the function with STV_PROTECTED visibility. > > > > > > > > > > > > Here is a proposal to remove copy relocation and use canonical > > > > > > function > > > > > > pointer: > > > > > > > > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > > > > > use GOT. > > > > > > a. Linker may optimize out GOT access if the data is defined in > > > > > > PIE or > > > > > > non-PIE. > > > > > > 2. Read-only data in the shared library remain read-only at run-time > > > > > > 3. Address of global data with the STV_PROTECTED visibility in the > > > > > > shared > > > > > > library is the address of data body. > > > > > > a. Can use IP-relative access. > > > > > > b. May need GOT without IP-relative access. > > > > > > 4. For systems without function descriptor, > > > > > > a. All global function pointers of undefined functions in PIE and > > > > > > non-PIE must use GOT. Linker may optimize out GOT access if the > > > > > > function is defined in PIE or non-PIE. > > > > > > b. Function pointer of functions with the STV_PROTECTED > > > > > > visibility in > > > > > > executable and shared library is the address of function body. > > > > > >i. Can use IP-relative access. > > > > > >ii. May need GOT without IP-relative access. > > > > > >iii. Branches to undefined functions may use PLT. > > > > > > 5. Single global definition marker: > > > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED: > > > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > > > > > > > > > to indicate the needed properties by the object file. > > > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > > > > > > > > > to indicate that the object file requires canonical function > > > > > > pointers and > > > > > > cannot be used with copy relocation. This bit should be cleared in > > > > > > executable when there are non-GOT or non-PLT relocations in > > > > > > relocatable > > > > > > input files without this bit set. > > > > > > > > > > > > a. Protected symbol access within the shared library can be > > > > > > treated as > > > > > > local. > > > > > > b. Copy relocation should be disallowed at link-time and run-time. > > > > > > c. GOT function pointer refe
PING^5 [PATCH v4 0/2] Implement indirect external access
On Sat, Dec 11, 2021 at 10:44 AM H.J. Lu wrote: > > On Thu, Nov 25, 2021 at 9:54 AM H.J. Lu wrote: > > > > On Mon, Nov 1, 2021 at 7:02 AM H.J. Lu wrote: > > > > > > On Thu, Oct 21, 2021 at 12:56 PM H.J. Lu wrote: > > > > > > > > On Wed, Sep 22, 2021 at 7:02 PM H.J. Lu wrote: > > > > > > > > > > Changes in the v4 patch. > > > > > > > > > > 1. Add nodirect_extern_access attribute. > > > > > > > > > > Changes in the v3 patch. > > > > > > > > > > 1. GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support has been > > > > > added to > > > > > GNU binutils 2.38. But the -z indirect-extern-access linker option is > > > > > only available for Linux/x86. However, the --max-cache-size=SIZE > > > > > linker > > > > > option was also addded within a day. --max-cache-size=SIZE is used to > > > > > check for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS support. > > > > > > > > > > Changes in the v2 patch. > > > > > > > > > > 1. Rename the option to -fdirect-extern-access. > > > > > > > > > > --- > > > > > On systems with copy relocation: > > > > > * A copy in executable is created for the definition in a shared > > > > > library > > > > > at run-time by ld.so. > > > > > * The copy is referenced by executable and shared libraries. > > > > > * Executable can access the copy directly. > > > > > > > > > > Issues are: > > > > > * Overhead of a copy, time and space, may be visible at run-time. > > > > > * Read-only data in the shared library becomes read-write copy in > > > > > executable at run-time. > > > > > * Local access to data with the STV_PROTECTED visibility in the shared > > > > > library must use GOT. > > > > > > > > > > On systems without function descriptor, function pointers vary > > > > > depending > > > > > on where and how the functions are defined. > > > > > * If the function is defined in executable, it can be the address of > > > > > function body. > > > > > * If the function, including the function with STV_PROTECTED > > > > > visibility, > > > > > is defined in the shared library, it can be the address of the PLT > > > > > entry > > > > > in executable or shared library. > > > > > > > > > > Issues are: > > > > > * The address of function body may not be used as its function > > > > > pointer. > > > > > * ld.so needs to search loaded shared libraries for the function > > > > > pointer > > > > > of the function with STV_PROTECTED visibility. > > > > > > > > > > Here is a proposal to remove copy relocation and use canonical > > > > > function > > > > > pointer: > > > > > > > > > > 1. Accesses, including in PIE and non-PIE, to undefined symbols must > > > > > use GOT. > > > > > a. Linker may optimize out GOT access if the data is defined in PIE > > > > > or > > > > > non-PIE. > > > > > 2. Read-only data in the shared library remain read-only at run-time > > > > > 3. Address of global data with the STV_PROTECTED visibility in the > > > > > shared > > > > > library is the address of data body. > > > > > a. Can use IP-relative access. > > > > > b. May need GOT without IP-relative access. > > > > > 4. For systems without function descriptor, > > > > > a. All global function pointers of undefined functions in PIE and > > > > > non-PIE must use GOT. Linker may optimize out GOT access if the > > > > > function is defined in PIE or non-PIE. > > > > > b. Function pointer of functions with the STV_PROTECTED visibility > > > > > in > > > > > executable and shared library is the address of function body. > > > > >i. Can use IP-relative access. > > > > >ii. May need GOT without IP-relative access. > > > > >iii. Branches to undefined functions may use PLT. > > > > > 5. Single global definition marker: > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED: > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO > > > > > > > > > > to indicate the needed properties by the object file. > > > > > > > > > > Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS: > > > > > > > > > > #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0) > > > > > > > > > > to indicate that the object file requires canonical function pointers > > > > > and > > > > > cannot be used with copy relocation. This bit should be cleared in > > > > > executable when there are non-GOT or non-PLT relocations in > > > > > relocatable > > > > > input files without this bit set. > > > > > > > > > > a. Protected symbol access within the shared library can be treated > > > > > as > > > > > local. > > > > > b. Copy relocation should be disallowed at link-time and run-time. > > > > > c. GOT function pointer reference is required at link-time and > > > > > run-time. > > > > > > > > > > The indirect external access marker can be used in the following ways: > > > > > > > > > > 1. Linker can decide the best way to resolve a relocation against a > > > > > protected symbol before seeing all relocations against the symbol. > > > > > 2. Dynamic linker can decide if it is an error to have a copy >