From patchwork Sun Jun 20 23:36:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 43924 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 80839385F015 for ; Sun, 20 Jun 2021 23:38:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 80839385F015 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1624232295; bh=JuoUUeNGXf7+J1iTRqkiLH5Qv+8dF4T3e0SECdgTcPo=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=lltn3waK+fMqvvlEhUYdhAe6GZVcV9zj/QpLaE0swgmGToVimeS0cD4mB509lqjdE IEcs+l9hA4frq8H0gY5sQ1KCUzAQQvqQ3ABNFHAhyE3rtLwAtBQ91nk6qgSOykajJ+ c7PkmLea/dyXmGXkf+00HfYGqSGdi916IweOppO8= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by sourceware.org (Postfix) with ESMTPS id CC815385741C for ; Sun, 20 Jun 2021 23:36:23 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org CC815385741C Received: by mail-pf1-x431.google.com with SMTP id q192so5692536pfc.7 for ; Sun, 20 Jun 2021 16:36:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=JuoUUeNGXf7+J1iTRqkiLH5Qv+8dF4T3e0SECdgTcPo=; b=GDfZgjlxHdTgF3a2jh0qBnsOatea1bTN10EMdi+akprfllucKS/C/C42Za1Uy1UKkQ mbcUQPn4kpdBX6HS1u2TnlHt1cBCx5/mjmZbWTc23geN89vi1gpbgBeJ14TC400hc6tb 0dKKXgCagat+Dqj7s+vOi6o3HzqIsH6QRwb6m23foCKXZx+FFq0DwE95CZw0Tk2Em3PC DYxs7FMKys6syilb2inj1B0JR5j8/8P7hhcmQr7FZ886t3sid+tE1w1AZdhlgGTPNEZf EN6YCHP15zAi+Id84xCB2YQt0ktTtAoNC0Ya/4n0hlV2WJL1cWDXQy7V+wQDjhvsMWIk 1RrQ== X-Gm-Message-State: AOAM5338AB9iEaa52AG0ekV6ttNl8OtkADRnI85TIA7pV7f6GH58diaQ 0TUAgu9G0SCl3LX5YSG8iI5T+l++jEM= X-Google-Smtp-Source: ABdhPJzhatS1NHWq6PxpUoOsHFzVfwrWkMrtt6Nf3lKIGU/0vL0OUPly0R3ZAvMnkply3th8AgVlCQ== X-Received: by 2002:a63:e114:: with SMTP id z20mr21040225pgh.207.1624232182826; Sun, 20 Jun 2021 16:36:22 -0700 (PDT) Received: from gnu-cfl-2.localdomain ([172.56.39.115]) by smtp.gmail.com with ESMTPSA id 189sm13093207pfu.84.2021.06.20.16.36.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 20 Jun 2021 16:36:22 -0700 (PDT) Received: from gnu-cfl-2.. (localhost [IPv6:::1]) by gnu-cfl-2.localdomain (Postfix) with ESMTP id 3DA54C035E for ; Sun, 20 Jun 2021 16:36:20 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH 0/4] Implement single global definition marker Date: Sun, 20 Jun 2021 16:36:16 -0700 Message-Id: <20210620233620.391576-1-hjl.tools@gmail.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-Spam-Status: No, score=-3024.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: "H.J. Lu via Libc-alpha" From: "H.J. Lu" Reply-To: "H.J. Lu" Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" On systems with copy relocation: * A copy in executable is created for the definition in a shared library at run-time by ld.so. * The copy is referenced by executable and shared libraries. * Executable can access the copy directly. Issues are: * Overhead of a copy, time and space, may be visible at run-time. * Read-only data in the shared library becomes read-write copy in executable at run-time. * Local access to data with the STV_PROTECTED visibility in the shared library must use GOT. On systems without function descriptor, function pointers vary depending on where and how the functions are defined. * If the function is defined in executable, it can be the address of function body. * If the function, including the function with STV_PROTECTED visibility, is defined in the shared library, it can be the address of the PLT entry in executable or shared library. Issues are: * The address of function body may not be used as its function pointer. * ld.so needs to search loaded shared libraries for the function pointer of the function with STV_PROTECTED visibility. Here is a proposal to remove copy relocation and use canonical function pointer: 1. Accesses, including in PIE and non-PIE, to undefined symbols must use GOT. a. Linker may optimize out GOT access if the data is defined in PIE or non-PIE. 2. Read-only data in the shared library remain read-only at run-time 3. Address of global data with the STV_PROTECTED visibility in the shared library is the address of data body. a. Can use IP-relative access. b. May need GOT without IP-relative access. 4. For systems without function descriptor, a. All global function pointers of undefined functions in PIE and non-PIE must use GOT. Linker may optimize out GOT access if the function is defined in PIE or non-PIE. b. Function pointer of functions with the STV_PROTECTED visibility in executable and shared library is the address of function body. i. Can use IP-relative access. ii. May need GOT without IP-relative access. iii. Branches to undefined functions may use PLT. 5. Single global definition marker: Add GNU_PROPERTY_1_NEEDED: #define GNU_PROPERTY_1_NEEDED GNU_PROPERTY_UINT32_OR_LO to indicate the needed properties by the object file. Add GNU_PROPERTY_1_NEEDED_SINGLE_GLOBAL_DEFINITION: #define GNU_PROPERTY_1_NEEDED_SINGLE_GLOBAL_DEFINITION (1U << 0) to indicate that the object file requires canonical function pointers and cannot be used with copy relocation. a. Copy relocation should be disallowed at link-time and run-time. b. Canonical function pointers are required at link-time and run-tima Dynamic linker changes: * Scan the single global definition marker on all components, including the executable and its dependency shared libraries. * When performing symbol lookup for references in an object without single global definition: a. Disallow copy relocations against protected data symbols in an object with single global definition. b. Disallow non-zero symbol values of undefined function symbols, which are used as the function pointer, against protected function symbols in an object with single global definition. The corresponding binutils patches are posted at https://sourceware.org/pipermail/binutils/2021-June/117091.html and GCC patches are posted at https://gcc.gnu.org/pipermail/gcc-patches/2021-June/573236.html H.J. Lu (4): Initial support for GNU_PROPERTY_1_NEEDED Check -z single-global-definition and -fsingle-global-definition Add run-time chesk for single global definition Update tests for protected data and function symbols configure | 73 +++++++++++++++++- configure.ac | 37 ++++++++++ elf/Makefile | 54 ++++++++++++++ elf/dl-lookup.c | 5 ++ elf/elf.h | 17 +++++ elf/tst-protected1moda.c | 10 +-- elf/tst-protected1modb.c | 4 +- elf/tst-protected2a.c | 130 +++++++++++++++++++++++++++++++++ elf/tst-protected2apie.c | 1 + elf/tst-protected2b.c | 121 ++++++++++++++++++++++++++++++ elf/tst-protected2bpie.c | 1 + elf/tst-protected2mod.h | 35 +++++++++ elf/tst-protected2moda.c | 52 +++++++++++++ elf/tst-protected2moda2.c | 41 +++++++++++ elf/tst-protected2modb.c | 45 ++++++++++++ elf/tst-protected2modb2.c | 28 +++++++ sysdeps/generic/dl-prop.h | 9 ++- sysdeps/generic/dl-protected.h | 51 +++++++++++++ sysdeps/generic/link_map.h | 3 +- sysdeps/x86/dl-prop.h | 19 +++-- sysdeps/x86/link_map.h | 2 + 21 files changed, 720 insertions(+), 18 deletions(-) create mode 100644 elf/tst-protected2a.c create mode 100644 elf/tst-protected2apie.c create mode 100644 elf/tst-protected2b.c create mode 100644 elf/tst-protected2bpie.c create mode 100644 elf/tst-protected2mod.h create mode 100644 elf/tst-protected2moda.c create mode 100644 elf/tst-protected2moda2.c create mode 100644 elf/tst-protected2modb.c create mode 100644 elf/tst-protected2modb2.c create mode 100644 sysdeps/generic/dl-protected.h