[PATCH 0/2] elf: Implement single global definition marker

H.J. Lu hjl.tools@gmail.com
Sun Jun 20 22:50:27 GMT 2021 

On systems with copy relocation:
* A copy in executable is created for the definition in a shared library
at run-time by ld.so.
* The copy is referenced by executable and shared libraries.
* Executable can access the copy directly.

Issues are:
* Overhead of a copy, time and space, may be visible at run-time.
* Read-only data in the shared library becomes read-write copy in
executable at run-time.
* Local access to data with the STV_PROTECTED visibility in the shared
library must use GOT.

On systems without function descriptor, function pointers vary depending
on where and how the functions are defined.
* If the function is defined in executable, it can be the address of
function body.
* If the function, including the function with STV_PROTECTED visibility,
is defined in the shared library, it can be the address of the PLT entry
in executable or shared library.

Issues are:
* The address of function body may not be used as its function pointer.
* ld.so needs to search loaded shared libraries for the function pointer
of the function with STV_PROTECTED visibility.

Here is a proposal to remove copy relocation and use canonical function
pointer:

1. Accesses, including in PIE and non-PIE, to undefined symbols must
use GOT.
  a. Linker may optimize out GOT access if the data is defined in PIE or
  non-PIE.
2. Read-only data in the shared library remain read-only at run-time
3. Address of global data with the STV_PROTECTED visibility in the shared
library is the address of data body.
  a. Can use IP-relative access.
  b. May need GOT without IP-relative access.
4. For systems without function descriptor,
  a. All global function pointers of undefined functions in PIE and
  non-PIE must use GOT.  Linker may optimize out GOT access if the
  function is defined in PIE or non-PIE.
  b. Function pointer of functions with the STV_PROTECTED visibility in
  executable and shared library is the address of function body.
   i. Can use IP-relative access.
   ii. May need GOT without IP-relative access.
   iii. Branches to undefined functions may use PLT.
5. Single global definition marker:

Add GNU_PROPERTY_1_NEEDED:

#define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO

to indicate the needed properties by the object file.

Add GNU_PROPERTY_1_NEEDED_SINGLE_GLOBAL_DEFINITION:

#define GNU_PROPERTY_1_NEEDED_SINGLE_GLOBAL_DEFINITION (1U << 0)

to indicate that the object file requires canonical function pointers and
cannot be used with copy relocation.

  a. Copy relocation should be disallowed at link-time and run-time.
  b. Canonical function pointers are required at link-time and run-tima

Linker change:

If any relocatable input files contain the single global definition
marker:
* Generate the single global definition marker in output.
* Avoid copy relocation if possible.
* Access to symbols with the STV_PROTECTED visibility is the same as
local access.
* For systems without function descriptor, function pointer is the address
of function body.

H.J. Lu (2):
  elf: Add GNU_PROPERTY_1_NEEDED
  elf: Add GNU_PROPERTY_1_NEEDED check

 bfd/elf-properties.c                          | 103 ++++++++++++--
 bfd/elflink.c                                 |   4 +
 binutils/readelf.c                            |  39 ++++++
 include/bfdlink.h                             |   6 +
 include/elf/common.h                          |   7 +
 ld/NEWS                                       |   3 +
 ld/emultempl/elf.em                           |   4 +
 ld/ld.texi                                    |  12 ++
 ld/ldmain.c                                   |   1 +
 ld/lexsup.c                                   |   5 +
 ld/testsuite/ld-elf/property-1_needed-1.s     |  15 ++
 ld/testsuite/ld-elf/property-1_needed-1a.d    |  17 +++
 ld/testsuite/ld-elf/property-1_needed-1b.d    |  16 +++
 ld/testsuite/ld-elf/property-1_needed-1c.d    |  17 +++
 ld/testsuite/ld-x86-64/protected-data-1.h     |  11 ++
 ld/testsuite/ld-x86-64/protected-data-1a.c    |  40 ++++++
 ld/testsuite/ld-x86-64/protected-data-1b.c    |  59 ++++++++
 ld/testsuite/ld-x86-64/protected-data-2a.S    | 109 +++++++++++++++
 ld/testsuite/ld-x86-64/protected-data-2b.S    | 119 ++++++++++++++++
 ld/testsuite/ld-x86-64/protected-func-2a.S    |  68 +++++++++
 ld/testsuite/ld-x86-64/protected-func-2b.S    |  83 +++++++++++
 ld/testsuite/ld-x86-64/protected-func-2c.c    |  29 ++++
 .../ld-x86-64/single-global-definition.rd     |   6 +
 ld/testsuite/ld-x86-64/x86-64.exp             | 131 ++++++++++++++++++
 24 files changed, 889 insertions(+), 15 deletions(-)
 create mode 100644 ld/testsuite/ld-elf/property-1_needed-1.s
 create mode 100644 ld/testsuite/ld-elf/property-1_needed-1a.d
 create mode 100644 ld/testsuite/ld-elf/property-1_needed-1b.d
 create mode 100644 ld/testsuite/ld-elf/property-1_needed-1c.d
 create mode 100644 ld/testsuite/ld-x86-64/protected-data-1.h
 create mode 100644 ld/testsuite/ld-x86-64/protected-data-1a.c
 create mode 100644 ld/testsuite/ld-x86-64/protected-data-1b.c
 create mode 100644 ld/testsuite/ld-x86-64/protected-data-2a.S
 create mode 100644 ld/testsuite/ld-x86-64/protected-data-2b.S
 create mode 100644 ld/testsuite/ld-x86-64/protected-func-2a.S
 create mode 100644 ld/testsuite/ld-x86-64/protected-func-2b.S
 create mode 100644 ld/testsuite/ld-x86-64/protected-func-2c.c
 create mode 100644 ld/testsuite/ld-x86-64/single-global-definition.rd

-- 
2.31.1

More information about the Binutils mailing list