[PATCH v2 0/2] elf: Implement indirect external access marker

H.J. Lu hjl.tools@gmail.com
Wed Jul 7 13:58:08 GMT 2021 

On Tue, Jun 22, 2021 at 4:57 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> Changes in the v2 patch.
>
> 1. Rename GNU_PROPERTY_1_NEEDED_SINGLE_GLOBAL_DEFINITION to
> GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS.
> 2. Rename the option to -z [no]indirect-extern-access and move it to
> ld/emulparams/extern_protected_data.sh.
> 3. Clear the indirect external access bit in executable when there are
> non-GOT or non-PLT relocations in relocatable input files without this
> bit set.
> 4. Add more tests.
>
> ---
> On systems with copy relocation:
> * A copy in executable is created for the definition in a shared library
> at run-time by ld.so.
> * The copy is referenced by executable and shared libraries.
> * Executable can access the copy directly.
>
> Issues are:
> * Overhead of a copy, time and space, may be visible at run-time.
> * Read-only data in the shared library becomes read-write copy in
> executable at run-time.
> * Local access to data with the STV_PROTECTED visibility in the shared
> library must use GOT.
>
> On systems without function descriptor, function pointers vary depending
> on where and how the functions are defined.
> * If the function is defined in executable, it can be the address of
> function body.
> * If the function, including the function with STV_PROTECTED visibility,
> is defined in the shared library, it can be the address of the PLT entry
> in executable or shared library.
>
> Issues are:
> * The address of function body may not be used as its function pointer.
> * ld.so needs to search loaded shared libraries for the function pointer
> of the function with STV_PROTECTED visibility.
>
> Here is a proposal to remove copy relocation and use canonical function
> pointer:
>
> 1. Accesses, including in PIE and non-PIE, to undefined symbols must
> use GOT.
>   a. Linker may optimize out GOT access if the data is defined in PIE or
>   non-PIE.
> 2. Read-only data in the shared library remain read-only at run-time
> 3. Address of global data with the STV_PROTECTED visibility in the shared
> library is the address of data body.
>   a. Can use IP-relative access.
>   b. May need GOT without IP-relative access.
> 4. For systems without function descriptor,
>   a. All global function pointers of undefined functions in PIE and
>   non-PIE must use GOT.  Linker may optimize out GOT access if the
>   function is defined in PIE or non-PIE.
>   b. Function pointer of functions with the STV_PROTECTED visibility in
>   executable and shared library is the address of function body.
>    i. Can use IP-relative access.
>    ii. May need GOT without IP-relative access.
>    iii. Branches to undefined functions may use PLT.
> 5. Single global definition marker:
>
> Add GNU_PROPERTY_1_NEEDED:
>
> #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO
>
> to indicate the needed properties by the object file.
>
> Add GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS:
>
> #define GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS (1U << 0)
>
> to indicate that the object file requires canonical function pointers and
> cannot be used with copy relocation.
>
>   a. Copy relocation should be disallowed at link-time and run-time.
>   b. Canonical function pointers are required at link-time and run-tima
>
> Linker change:
>
> If any relocatable input files contain the indirect external access
> marker:
> * Generate the indirect external access marker in output.
>   a. Linker should clear the indirect external access bit in executable
>      when there are non-GOT or non-PLT relocations in relocatable input
>      files without this bit set.
> * Avoid copy relocation if possible.
> * Access to symbols with the STV_PROTECTED visibility is the same as
> local access.
> * For systems without function descriptor, function pointer is the address
> of function body.
>
> H.J. Lu (2):
>   elf: Add GNU_PROPERTY_1_NEEDED
>   elf: Add GNU_PROPERTY_1_NEEDED check
>
>  bfd/elf-bfd.h                                 |   6 +
>  bfd/elf-properties.c                          | 126 ++++++++++++++---
>  bfd/elf32-i386.c                              |   3 +
>  bfd/elf64-x86-64.c                            |   6 +-
>  bfd/elflink.c                                 |   4 +
>  bfd/elfxx-x86.c                               |  19 +++
>  bfd/elfxx-x86.h                               |   4 +
>  binutils/readelf.c                            |  39 ++++++
>  include/bfdlink.h                             |  23 ++-
>  include/elf/common.h                          |   7 +
>  ld/NEWS                                       |   3 +
>  ld/emulparams/extern_protected_data.sh        |  11 ++
>  ld/ld.texi                                    |  12 ++
>  ld/ldmain.c                                   |   1 +
>  .../ld-elf/indirect-extern-access-1.rd        |   8 ++
>  .../ld-elf/indirect-extern-access-1a.c        |   1 +
>  .../ld-elf/indirect-extern-access-1b.c        |  12 ++
>  .../ld-elf/indirect-extern-access-2.rd        |   8 ++
>  .../ld-elf/indirect-extern-access-2a.c        |  10 ++
>  .../ld-elf/indirect-extern-access-2b.c        |  13 ++
>  .../ld-elf/indirect-extern-access-3.rd        |   8 ++
>  ld/testsuite/ld-elf/indirect-extern-access.S  |  20 +++
>  ld/testsuite/ld-elf/linux-x86.exp             |  97 +++++++++++++
>  ld/testsuite/ld-elf/property-1_needed-1.s     |  15 ++
>  ld/testsuite/ld-elf/property-1_needed-1a.d    |  17 +++
>  ld/testsuite/ld-elf/property-1_needed-1b.d    |  16 +++
>  ld/testsuite/ld-elf/property-1_needed-1c.d    |  17 +++
>  .../ld-x86-64/indirect-extern-access.rd       |   6 +
>  ld/testsuite/ld-x86-64/protected-data-1.h     |  11 ++
>  ld/testsuite/ld-x86-64/protected-data-1a.c    |  40 ++++++
>  ld/testsuite/ld-x86-64/protected-data-1b.c    |  59 ++++++++
>  ld/testsuite/ld-x86-64/protected-data-2a.S    | 109 +++++++++++++++
>  ld/testsuite/ld-x86-64/protected-data-2b.S    | 119 ++++++++++++++++
>  ld/testsuite/ld-x86-64/protected-func-2a.S    |  68 +++++++++
>  ld/testsuite/ld-x86-64/protected-func-2b.S    |  83 +++++++++++
>  ld/testsuite/ld-x86-64/protected-func-2c.c    |  29 ++++
>  ld/testsuite/ld-x86-64/x86-64.exp             | 131 ++++++++++++++++++
>  37 files changed, 1138 insertions(+), 23 deletions(-)
>  create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-1.rd
>  create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-1a.c
>  create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-1b.c
>  create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-2.rd
>  create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-2a.c
>  create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-2b.c
>  create mode 100644 ld/testsuite/ld-elf/indirect-extern-access-3.rd
>  create mode 100644 ld/testsuite/ld-elf/indirect-extern-access.S
>  create mode 100644 ld/testsuite/ld-elf/property-1_needed-1.s
>  create mode 100644 ld/testsuite/ld-elf/property-1_needed-1a.d
>  create mode 100644 ld/testsuite/ld-elf/property-1_needed-1b.d
>  create mode 100644 ld/testsuite/ld-elf/property-1_needed-1c.d
>  create mode 100644 ld/testsuite/ld-x86-64/indirect-extern-access.rd
>  create mode 100644 ld/testsuite/ld-x86-64/protected-data-1.h
>  create mode 100644 ld/testsuite/ld-x86-64/protected-data-1a.c
>  create mode 100644 ld/testsuite/ld-x86-64/protected-data-1b.c
>  create mode 100644 ld/testsuite/ld-x86-64/protected-data-2a.S
>  create mode 100644 ld/testsuite/ld-x86-64/protected-data-2b.S
>  create mode 100644 ld/testsuite/ld-x86-64/protected-func-2a.S
>  create mode 100644 ld/testsuite/ld-x86-64/protected-func-2b.S
>  create mode 100644 ld/testsuite/ld-x86-64/protected-func-2c.c
>
> --
> 2.31.1
>

I am checking in this patch by the end of this week.

-- 
H.J.

More information about the Binutils mailing list