[PATCH v2 0/2] elf: Implement indirect external access marker
H.J. Lu
hjl.tools@gmail.com
Wed Jul 7 13:58:08 GMT 2021
On Tue, Jun 22, 2021 at 4:57 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> Changes in the v2 patch.
>
> 1. Rename GNU_PROPERTY_1_NEEDED_SINGLE_GLOBAL_DEFINITION to
> GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS.
> 2. Rename the option to -z [no]indirect-extern-access and move it to
> ld/emulparams/extern_protected_data.sh.
> 3. Clear the indirect external access bit in executable when there are
> non-GOT or non-PLT relocations in relocatable input files without this
> bit set.
> 4. Add more tests.
>
> ---
> On systems with copy relocation:
> * A copy in executable is created for the definition in a shared library
> at run-time by ld.so.
> * The copy is referenced by executable and shared libraries.
> * Executable can access the copy directly.
>
> Issues are:
> * Overhead of a copy, time and space, may be visible at run-time.
> * Read-only data in the shared library becomes read-write copy in
> executable at run-time.
> * Local access to data with the STV_PROTECTED visibility in the shared
> library must use GOT.
>
> On systems without function descriptor, function pointers vary depending
> on where and how the functions are defined.
> * If the function is defined in executable, it can be the address of
> function body.
> * If the function, including the function with STV_PROTECTED visibility,
> is defined in the shared library, it can be the address of the PLT entry
> in executable or shared library.
>
> Issues are:
> * The address of function body may not be used as its function pointer.
> * ld.so needs to search loaded shared libraries for the function pointer
> of the function with STV_PROTECTED visibility.
>
> Here is a proposal to remove copy relocation and use canonical function
> pointer:
>
> 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> use GOT.
> a. Linker may optimize out GOT access if the data is defined in PIE or
> non-PIE.
> 2. Read-only data in the shared library remain read-only at run-time
> 3. Address of global data with the STV_PROTECTED visibility in the shared
> library is the address of data body.
> a. Can use IP-relative access.
> b. May need GOT without IP-relative access.
> 4. For systems without function descriptor,
> a. All global function pointers of undefined functions in PIE and
> non-PIE must use GOT. Linker may optimize out GOT access if the
> function is defined in PIE or non-PIE.
> b. Function pointer of functions with the STV_PROTECTED visibility in
> executable and shared library is the address of function body.
> i. Can use IP-relative access.
> ii. May need GOT without IP-relative access.
> iii. Branches to undefined functions may use PLT.
> 5. Single global definition marker:
>
> Add GNU_PROPERTY_1_NEEDED:
>
> #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
>
> to indicate the needed properties by the object file.
>
> Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
>
> #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
>
> to indicate that the object file requires canonical function pointers and
> cannot be used with copy relocation.
>
> a. Copy relocation should be disallowed at link-time and run-time.
> b. Canonical function pointers are required at link-time and run-tima
>
> Linker change:
>
> If any relocatable input files contain the indirect external access
> marker:
> * Generate the indirect external access marker in output.
> a. Linker should clear the indirect external access bit in executable
> when there are non-GOT or non-PLT relocations in relocatable input
> files without this bit set.
> * Avoid copy relocation if possible.
> * Access to symbols with the STV_PROTECTED visibility is the same as
> local access.
> * For systems without function descriptor, function pointer is the address
> of function body.
>
> H.J. Lu (2):
> elf: Add GNU_PROPERTY_1_NEEDED
> elf: Add GNU_PROPERTY_1_NEEDED check
>
> bfd/elf-bfd.h | 6 +
> bfd/elf-properties.c | 126 ++++++++++++++---
> bfd/elf32-i386.c | 3 +
> bfd/elf64-x86-64.c | 6 +-
> bfd/elflink.c | 4 +
> bfd/elfxx-x86.c | 19 +++
> bfd/elfxx-x86.h | 4 +
> binutils/readelf.c | 39 ++++++
> include/bfdlink.h | 23 ++-
> include/elf/common.h | 7 +
> ld/NEWS | 3 +
> ld/emulparams/extern_protected_data.sh | 11 ++
> ld/ld.texi | 12 ++
> ld/ldmain.c | 1 +
> .../ld-elf/indirect-extern-access-1.rd | 8 ++
> .../ld-elf/indirect-extern-access-1a.c | 1 +
> .../ld-elf/indirect-extern-access-1b.c | 12 ++
> .../ld-elf/indirect-extern-access-2.rd | 8 ++
> .../ld-elf/indirect-extern-access-2a.c | 10 ++
> .../ld-elf/indirect-extern-access-2b.c | 13 ++
> .../ld-elf/indirect-extern-access-3.rd | 8 ++
> ld/testsuite/ld-elf/indirect-extern-access.S | 20 +++
> ld/testsuite/ld-elf/linux-x86.exp | 97 +++++++++++++
> ld/testsuite/ld-elf/property-1_needed-1.s | 15 ++
> ld/testsuite/ld-elf/property-1_needed-1a.d | 17 +++
> ld/testsuite/ld-elf/property-1_needed-1b.d | 16 +++
> ld/testsuite/ld-elf/property-1_needed-1c.d | 17 +++
> .../ld-x86-64/indirect-extern-access.rd | 6 +
> ld/testsuite/ld-x86-64/protected-data-1.h | 11 ++
> ld/testsuite/ld-x86-64/protected-data-1a.c | 40 ++++++
> ld/testsuite/ld-x86-64/protected-data-1b.c | 59 ++++++++
> ld/testsuite/ld-x86-64/protected-data-2a.S | 109 +++++++++++++++
> ld/testsuite/ld-x86-64/protected-data-2b.S | 119 ++++++++++++++++
> ld/testsuite/ld-x86-64/protected-func-2a.S | 68 +++++++++
> ld/testsuite/ld-x86-64/protected-func-2b.S | 83 +++++++++++
> ld/testsuite/ld-x86-64/protected-func-2c.c | 29 ++++
> ld/testsuite/ld-x86-64/x86-64.exp | 131 ++++++++++++++++++
> 37 files changed, 1138 insertions(+), 23 deletions(-)
> create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-1.rd
> create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-1a.c
> create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-1b.c
> create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-2.rd
> create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-2a.c
> create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-2b.c
> create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-3.rd
> create mode 100644 ld/testsuite/ld-elf/indirect-extern-access.S
> create mode 100644 ld/testsuite/ld-elf/property-1_needed-1.s
> create mode 100644 ld/testsuite/ld-elf/property-1_needed-1a.d
> create mode 100644 ld/testsuite/ld-elf/property-1_needed-1b.d
> create mode 100644 ld/testsuite/ld-elf/property-1_needed-1c.d
> create mode 100644 ld/testsuite/ld-x86-64/indirect-extern-access.rd
> create mode 100644 ld/testsuite/ld-x86-64/protected-data-1.h
> create mode 100644 ld/testsuite/ld-x86-64/protected-data-1a.c
> create mode 100644 ld/testsuite/ld-x86-64/protected-data-1b.c
> create mode 100644 ld/testsuite/ld-x86-64/protected-data-2a.S
> create mode 100644 ld/testsuite/ld-x86-64/protected-data-2b.S
> create mode 100644 ld/testsuite/ld-x86-64/protected-func-2a.S
> create mode 100644 ld/testsuite/ld-x86-64/protected-func-2b.S
> create mode 100644 ld/testsuite/ld-x86-64/protected-func-2c.c
>
> --
> 2.31.1
>
I am checking in this patch by the end of this week.
--
H.J.
More information about the Binutils
mailing list