This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: Preventing preemption of 'protected' symbols in GNU ld 2.26
- From: Rafael EspÃndola <rafael dot espindola at gmail dot com>
- To: Cary Coutant <ccoutant at gmail dot com>
- Cc: "H.J. Lu" <hjl dot tools at gmail dot com>, Joe Groff <jgroff at apple dot com>, Binutils <binutils at sourceware dot org>
- Date: Sun, 27 Mar 2016 12:26:42 -0400
- Subject: Re: Preventing preemption of 'protected' symbols in GNU ld 2.26
- Authentication-results: sourceware.org; auth=none
- References: <9106B2FB-BB06-413A-A04D-EEFB992784FA at apple dot com> <CAJimCsEzZ8GDByd8r9x5J9sQ__V0o1mn21FD1xLPe7OhWdikKQ at mail dot gmail dot com> <CAMe9rOqipnAMa-OeYfks6=FYRffxSrcLuJnJD=wX-PjoKcGWRA at mail dot gmail dot com> <CAJimCsFxza3TWVXorqYLa--SfUZ_LznR=m2GkJ_Mq6YZ9Ga3YQ at mail dot gmail dot com> <CAMe9rOphSdEp8mO7OpuEAVpUz-hT8eRb=6RJmaP1XWvDC_UNpQ at mail dot gmail dot com> <CAJimCsHGnHp+s4OXVMt5K=AOsz=nPqY_W7L_M0Ey5rSdK7nk1g at mail dot gmail dot com> <CAMe9rOowzNKqmgf+5A6R-BdEjv2_KAnEYO=PxUH6=MYST_Fu3w at mail dot gmail dot com> <9EFBBDCE-4054-4867-B3E9-9DFE216A234F at apple dot com> <CAMe9rOqqPVeaRZ8SPD-uoxRnHFOCGV3xXFNnDY5ez6xY8uG6hw at mail dot gmail dot com> <CAJimCsFffshMvsDoRq_33Ss8u9Y_Z4y2NKsqDbxJQuO6SyJNbg at mail dot gmail dot com>
On 24 March 2016 at 14:31, Cary Coutant <ccoutant@gmail.com> wrote:
>>>> What relocation do you propose to access external protected
>>>> symbol on x86 for non-PIC code?
>>>
>>> Non-PIC code can still use a GOT, can't it?
>>
>> Yes.
>
> Right.
>
> Some additional thoughts:
>
> - This has nothing to do with PIE. Non-PIC-non-PIE code has been
> living with this restriction for at least 18 years (since visiblity
> was introduced into the gABI).
>
> - This has nothing to do with Ulrich's diatribe against protected
> visibility, which applies only to function symbols (and really only to
> one platform, due to how function pointer comparison works).
The old powerpc ABI?
> - You don't need to go full-on PIC to reference a protected data
> symbol in a shared library. You can always statically initialize a
> pointer variable, and go indirect through that ("poor-man's PIC").
>
> - We could add support for __attribute__((dllimport)) or
> __declspec(dllimport) when declaring an external variable that is
> expected to be defined in a shared library (ideally, that attribute
> ought to be placed in the library's public interface). The compiler
> can generate a PIC-style reference for that variable without
> penalizing all the other variables in the main program. This is how
> HP-UX compilers work on PA and Itanium (using #pragma external).
>
> - Compilers could also generate tentative PIC-style references, with
> sufficient relocations to allow the linker to convert the indirect
> reference to a direct reference when possible (changing the second
> load into a nop or copy). HP-UX also does this.
>
> - Indirect references from PIC code to a protected symbol penalize the
> common case (referencing a symbol within its own module) to support
> the uncommon case, while introducing the nasty side effects of a COPY
> relocation.
>
> - COPY relocations are evil. They bind an application to a specific
> version of a shared library's ABI, and introduce a hidden startup
> cost. If we're going to make any changes, we should be moving towards
> elimination of COPY relocations, rather than disabling features that
> were designed to improve performance.
>
> - Arguing that protected means that the definition is in the same
> module but its address might be external is absurd. The *only* reason
> for the gABI to make that guarantee is so the compilers can optimize
> the code based on the knowledge that the symbol can't be pre-empted.
For what it is worth I strongly agree with Cary on these points.
I never quite understood the warning against using protected. Without
copy relocations or the PLT hacks, they are a really handy way to
produce visible symbols from dsos that are efficient to use in the DSO
itself.
It is unfortunate that without copy reloc and PLT hack they are not
easy to use from executables, but that can be fixed. Having the
compiler be conservative and the linker relax access would do it and
it is something I think we should try.
I will try to audit the llvm side to make sure protected in there
works as expected.
Cheers,
Rafael