Fāng-ruì Sòng via llvm-dev
2021-Jun-17 20:25 UTC
[llvm-dev] RFC: Add GNU_PROPERTY_UINT32_AND_XXX/GNU_PROPERTY_UINT32_OR_XXX
On Thu, Jun 17, 2021 at 12:46 PM H.J. Lu <hjl.tools at gmail.com> wrote:> > On Thu, Jun 17, 2021 at 12:38 PM Fangrui Song <maskray at google.com> wrote: > > > > On 2021-06-17, H.J. Lu via llvm-dev wrote: > > >On Thu, Jan 21, 2021 at 7:02 AM H.J. Lu <hjl.tools at gmail.com> wrote: > > >> > > >> On Wed, Jan 13, 2021 at 9:06 AM H.J. Lu <hjl.tools at gmail.com> wrote: > > >> > > > >> > 1. GNU_PROPERTY_UINT32_AND_LO..GNU_PROPERTY_UINT32_AND_HI > > >> > > > >> > #define GNU_PROPERTY_UINT32_AND_LO 0xb0000000 > > >> > #define GNU_PROPERTY_UINT32_AND_HI 0xb0007fff > > >> > > > >> > A bit in the output pr_data field is set only if it is set in all > > >> > relocatable input pr_data fields. If all bits in the the output > > >> > pr_data field are zero, this property should be removed from output. > > >> > > > >> > If the bit is 1, all input relocatables have the feature. If the > > >> > bit is 0 or the property is missing, the info is unknown. > > > > How to use AND in practice? > > Are you going to add .note.gnu.property to all of crt1.o crti.o > > crtbegin.o crtend.o crtn.o and miscellaneous libc_nonshared.a object > > files written in assembly? > > > > >> > 2. GNU_PROPERTY_UINT32_OR_LO..GNU_PROPERTY_UINT32_OR_HI > > >> > > > >> > #define GNU_PROPERTY_UINT32_OR_LO 0xb0008000 > > >> > #define GNU_PROPERTY_UINT32_OR_HI 0xb000ffff > > >> > > > >> > A bit in the output pr_data field is set if it is set in any > > >> > relocatable input pr_data fields. If all bits in the the output > > >> > pr_data field are zero, this property should be removed from output. > > >> > > > >> > If the bit is 1, some input relocatables have the feature. If the > > >> > bit is 0 or the property is missing, the info is unknown. > > >> > > > >> > The PDF is at > > >> > > > >> > https://gitlab.com/x86-psABIs/Linux-ABI/-/wikis/uploads/0690db0a3b7e5d8a44e0271a4be54aa7/linux-gABI-and-or-2021-01-13.pdf > > >> > > > >> > -- > > >> > H.J. > > >> > > >> Here is the binutils patch to implement it. > > >> > > > > > >If there are no objections, I will check it in tomorrow. > > > > If the use case is just ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA, it'd be > > very kind of you if you can collect more use cases before generalizing > > this into a non-arch-specific GNU PROPERTY. > > > > The "copy relocations on protected data symbols" thing is x86 specific > > and only applies with gcc+GNU ld+glibc. > > Non-x86 architectures don't have this thing. > > gold doesn't have this thing. > > clang doesn't have this thing. > > It will be used to remove copy relocation and implement canonical function > pointers, which will benefit protected data and function.The action items in https://gitlab.com/x86-psABIs/x86-64-ABI/-/issues/8#note_593822281 can be applied without a GNU PROPERTY. If we want to enforce the link-time check that a shared object is no longer compatible with copy relocations, just make the shared object's non-weak definitions protected, and add a GNU ld diagnostic like gold (https://sourceware.org/bugzilla/show_bug.cgi?id=19823) --- For functions, On x86-64, gcc -fpic has been using leaq addr()(%rip), %rax since at least 4.1.2 (oldest gcc I can find on godbolt): __attribute__((visibility("protected"))) void *addr() { return (void*)addr; } // a protected non-definition declaration is the same. // while asm(".protected addr") can use GOT, it is super rare if ever exists // outside glibc elf/vis*.c I have checked all of binutils 2.11, 2.16, 2.20, 2.24, 2.35. The have the same diagnostic: relocation R_X86_64_PC32 against protected function `addr' can not be used when making a shared object I think we can assert that taking the address of a protected function never works with GNU ld. So no compatibility concern. Fixing it (https://sourceware.org/pipermail/binutils/2021-June/116985.html) doesn't need any GNU PROPERTY. --- For variables, if an object file/archive member does not have GNU PROPERTY, do you consider it incompatible with "single global definition"? That is why I mentioned crt1.o crti.o crtbegin.o crtend.o crtn.o and libc_nonshared.a members written in assembly. If you consider such an object compatible with "single global definition", I don't see why a GNU PROPERTY is needed. If you consider such an object incompatible with "single global definition", I don't see how "single global definition" benefits can be claimed giving so many prebuilt object files without GNU PROPERTY. If we still want "absolutely no copy relocation for -fno-pic", just use GOT for default visibility external data access (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98112) Some architectures may not like it (i386/ppc32), just leave them behind. Modern architectures can do it. When things get matured, add a ld warning, then add a ld.so warning. When things get more matured, change the warnings to errors. Such changes should use a mechanism similar to glibc LD_DYNAMIC_WEAK (weak can preempt global) and Solaris LD_BREADTH (breadth-first order based dependency order) and LD_NODIRECT (direct bindings). At some point, introduce a behavior change. I don't think how an explicit marker can improve the compatibility story. The conceived compatibility issues likely don't really exist for functions. For copy relocations, I think we may need to wait an extended period of time.
H.J. Lu via llvm-dev
2021-Jun-17 23:01 UTC
[llvm-dev] RFC: Add GNU_PROPERTY_UINT32_AND_XXX/GNU_PROPERTY_UINT32_OR_XXX
On Thu, Jun 17, 2021 at 1:25 PM Fāng-ruì Sòng <maskray at google.com> wrote:> > On Thu, Jun 17, 2021 at 12:46 PM H.J. Lu <hjl.tools at gmail.com> wrote: > > > > On Thu, Jun 17, 2021 at 12:38 PM Fangrui Song <maskray at google.com> wrote: > > > > > > On 2021-06-17, H.J. Lu via llvm-dev wrote: > > > >On Thu, Jan 21, 2021 at 7:02 AM H.J. Lu <hjl.tools at gmail.com> wrote: > > > >> > > > >> On Wed, Jan 13, 2021 at 9:06 AM H.J. Lu <hjl.tools at gmail.com> wrote: > > > >> > > > > >> > 1. GNU_PROPERTY_UINT32_AND_LO..GNU_PROPERTY_UINT32_AND_HI > > > >> > > > > >> > #define GNU_PROPERTY_UINT32_AND_LO 0xb0000000 > > > >> > #define GNU_PROPERTY_UINT32_AND_HI 0xb0007fff > > > >> > > > > >> > A bit in the output pr_data field is set only if it is set in all > > > >> > relocatable input pr_data fields. If all bits in the the output > > > >> > pr_data field are zero, this property should be removed from output. > > > >> > > > > >> > If the bit is 1, all input relocatables have the feature. If the > > > >> > bit is 0 or the property is missing, the info is unknown. > > > > > > How to use AND in practice? > > > Are you going to add .note.gnu.property to all of crt1.o crti.o > > > crtbegin.o crtend.o crtn.o and miscellaneous libc_nonshared.a object > > > files written in assembly? > > > > > > >> > 2. GNU_PROPERTY_UINT32_OR_LO..GNU_PROPERTY_UINT32_OR_HI > > > >> > > > > >> > #define GNU_PROPERTY_UINT32_OR_LO 0xb0008000 > > > >> > #define GNU_PROPERTY_UINT32_OR_HI 0xb000ffff > > > >> > > > > >> > A bit in the output pr_data field is set if it is set in any > > > >> > relocatable input pr_data fields. If all bits in the the output > > > >> > pr_data field are zero, this property should be removed from output. > > > >> > > > > >> > If the bit is 1, some input relocatables have the feature. If the > > > >> > bit is 0 or the property is missing, the info is unknown. > > > >> > > > > >> > The PDF is at > > > >> > > > > >> > https://gitlab.com/x86-psABIs/Linux-ABI/-/wikis/uploads/0690db0a3b7e5d8a44e0271a4be54aa7/linux-gABI-and-or-2021-01-13.pdf > > > >> > > > > >> > -- > > > >> > H.J. > > > >> > > > >> Here is the binutils patch to implement it. > > > >> > > > > > > > >If there are no objections, I will check it in tomorrow. > > > > > > If the use case is just ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA, it'd be > > > very kind of you if you can collect more use cases before generalizing > > > this into a non-arch-specific GNU PROPERTY. > > > > > > The "copy relocations on protected data symbols" thing is x86 specific > > > and only applies with gcc+GNU ld+glibc. > > > Non-x86 architectures don't have this thing. > > > gold doesn't have this thing. > > > clang doesn't have this thing. > > > > It will be used to remove copy relocation and implement canonical function > > pointers, which will benefit protected data and function. > > The action items in > https://gitlab.com/x86-psABIs/x86-64-ABI/-/issues/8#note_593822281 > can be applied without a GNU PROPERTY. > > If we want to enforce the link-time check that a shared object is no longer > compatible with copy relocations, just make the shared object's non-weak > definitions protected, and add a GNU ld diagnostic like gold > (https://sourceware.org/bugzilla/show_bug.cgi?id=19823) > > --- > > For functions, > > On x86-64, gcc -fpic has been using leaq addr()(%rip), %rax since at least > 4.1.2 (oldest gcc I can find on godbolt): > > __attribute__((visibility("protected"))) > void *addr() { return (void*)addr; } > > // a protected non-definition declaration is the same. > > // while asm(".protected addr") can use GOT, it is super rare if ever exists > // outside glibc elf/vis*.c > > I have checked all of binutils 2.11, 2.16, 2.20, 2.24, 2.35. The have > the same diagnostic: > > relocation R_X86_64_PC32 against protected function `addr' can not > be used when making a shared object > > I think we can assert that taking the address of a protected function > never works with GNU ld. > So no compatibility concern. > Fixing it (https://sourceware.org/pipermail/binutils/2021-June/116985.html) > doesn't need any GNU PROPERTY. > > --- > > For variables, if an object file/archive member does not have GNU PROPERTY, do > you consider it incompatible with "single global definition"? That is why I > mentioned crt1.o crti.o crtbegin.o crtend.o crtn.o and libc_nonshared.a members > written in assembly. > > If you consider such an object compatible with "single global definition", I > don't see why a GNU PROPERTY is needed. > > If you consider such an object incompatible with "single global definition", I > don't see how "single global definition" benefits can be claimed giving so many > prebuilt object files without GNU PROPERTY.Please see the slides in https://gitlab.com/x86-psABIs/x86-64-ABI/-/issues/8 which includes Dynamic Linker for Single Global Definition • Check the single global definition marker on all components, the executable and its dependency shared libraries. • Issue an error/warning if the marker is not consistent on all components. • Disallow copy relocation against definition in the shared library with the marker. • For systems without function descriptor: • Disallow function pointer reference in executable without the marker to the definition with the STV_PROTECTED visibility in a shared library with the marker. • Use the address of the function body as function pointer on functions with the STV_PROTECTED visibility, which are defined in shared libraries with the marker. This provides the capability to detect the ABI change at run-time as well as optimize for STV_PROTECTED symbol lookup. My linker implementation is at https://gitlab.com/x86-binutils/binutils-gdb/-/tree/users/hjl/property/master I will implement the dynamic linker change.> If we still want "absolutely no copy relocation for -fno-pic", just use GOT for > default visibility external data access > (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98112) > Some architectures may not like it (i386/ppc32), just leave them behind. > Modern architectures can do it. When things get matured, add a ld warning, > then add a ld.so warning. When things get more matured, change the warnings to > errors. > > Such changes should use a mechanism similar to glibc LD_DYNAMIC_WEAK (weak can > preempt global) and Solaris LD_BREADTH (breadth-first order based dependency > order) and LD_NODIRECT (direct bindings). At some point, introduce a behavior > change. I don't think how an explicit marker can improve the compatibility > story. The conceived compatibility issues likely don't really exist forThe compatibility issue does exist. Please see the linker tests I added.> functions. For copy relocations, I think we may need to wait an extended period > of time.That is what the single global definition marker is used for. -- H.J.