[llvm-dev] RFC: Add GNU_PROPERTY_UINT32_AND_XXX/GNU_PROPERTY_UINT32_OR_XXX
H.J. Lu via llvm-dev
llvm-dev at lists.llvm.org
Sat Apr 17 12:05:17 PDT 2021
On Sat, Apr 17, 2021 at 11:25 AM Fangrui Song <i at maskray.me> wrote:
>
>
> On 2021-04-17, H.J. Lu wrote:
> >On Thu, Jan 21, 2021 at 1:42 PM Fangrui Song <i at maskray.me> wrote:
> >>
> >> On 2021-01-21, H.J. Lu via Gnu-gabi wrote:
> >> >On Wed, Jan 13, 2021 at 9:06 AM H.J. Lu <hjl.tools at gmail.com> wrote:
> >> >>
> >> >> 1. GNU_PROPERTY_UINT32_AND_LO..GNU_PROPERTY_UINT32_AND_HI
> >> >>
> >> >> #define GNU_PROPERTY_UINT32_AND_LO 0xb0000000
> >> >> #define GNU_PROPERTY_UINT32_AND_HI 0xb0007fff
> >> >>
> >> >> A bit in the output pr_data field is set only if it is set in all
> >> >> relocatable input pr_data fields. If all bits in the the output
> >> >> pr_data field are zero, this property should be removed from output.
> >> >>
> >> >> If the bit is 1, all input relocatables have the feature. If the
> >> >> bit is 0 or the property is missing, the info is unknown.
> >> >>
> >> >> 2. GNU_PROPERTY_UINT32_OR_LO..GNU_PROPERTY_UINT32_OR_HI
> >> >>
> >> >> #define GNU_PROPERTY_UINT32_OR_LO 0xb0008000
> >> >> #define GNU_PROPERTY_UINT32_OR_HI 0xb000ffff
> >> >>
> >> >> A bit in the output pr_data field is set if it is set in any
> >> >> relocatable input pr_data fields. If all bits in the the output
> >> >> pr_data field are zero, this property should be removed from output.
> >> >>
> >> >> If the bit is 1, some input relocatables have the feature. If the
> >> >> bit is 0 or the property is missing, the info is unknown.
> >> >>
> >> >> The PDF is at
> >> >>
> >> >> https://gitlab.com/x86-psABIs/Linux-ABI/-/wikis/uploads/0690db0a3b7e5d8a44e0271a4be54aa7/linux-gABI-and-or-2021-01-13.pdf
> >> >>
> >> >> --
> >> >> H.J.
> >> >
> >> >Here is the binutils patch to implement it.
> >> >
> >> >--
> >> >H.J.
> >>
> >> Hi, H.J.
> >>
> >> Thank you for CCing llvm-dev:) In the past various GNU ABI proposals
> >> went unnoticed by LLVM folks who don't happen to subscribe to GNU lists.
> >> (A lot! I personally subscribe to some lists and check the discussion
> >> just in case I miss something important:) )
> >>
> >> I have researched a bit and observed that the following GNU_PROPERTY
> >> values are currently used by compilers/linkers:
> >>
> >> Bitwise OR for relocatable links. Bitwise AND for executable/shared
> >> object links.
> >>
> >> * GNU_PROPERTY_X86_FEATURE_1_AND = GNU_PROPERTY_X86_UINT32_AND_LO + 0,
> >> * used by Intel Indirect branch tracking and Shadow Stack
> >> * GNU_PROPERTY_AARCH64_FEATURE_1_AND, used by AArch64 Branch Target
> >> * Identification and Pointer Authentication
> >>
> >> Bitwise OR for all links.
> >>
> >> * GNU_PROPERTY_X86_ISA_1_NEEDED = GNU_PROPERTY_X86_UINT32_OR_LO + 2,
> >> * used by GCC -mneeded (for -march=x86-64-v[234])
> >>
> >> There appear to be another type of AND/OR bits which are not defined in
> >> ABIs (AFAICT):
> >>
> >> * GNU_PROPERTY_X86_ISA_1_USED = GNU_PROPERTY_X86_UINT32_OR_AND_LO + 2
> >> * GNU_PROPERTY_X86_FEATURE_2_USED = GNU_PROPERTY_X86_UINT32_OR_AND_LO +
> >> * 1
> >
> >I have no use for these operations for generic targets.
> >
> >>
> >> I think generalizing the AND/OR idea to all architectures probably
> >> requires us to think about these questions:
> >>
> >> * What's the impending usage of the generic AND/OR ranges? ifunc? :)
> >
> >I'd like to add GNU_PROPERTY_SINGLE_GLOBAL_DEFINITION:
> >
> >https://groups.google.com/g/x86-64-abi/c/DRvKxJ1AH3Q
> >
> >> * Does the concept generalize well to other architectures? If we
> >
> >It should work for GNU_PROPERTY_SINGLE_GLOBAL_DEFINITION.
> >
> >> * consider AArch64/x86 FEATURE_1_AND to be the same thing, the current
> >> * usage is purely x86 specific.
> >> * Is AND/OR encoding expressive enough to represent the required states?
> >
> >For GNU_PROPERTY_SINGLE_GLOBAL_DEFINITION, yes.
> >
> >> * I've asked two folks and they expressed concerns. I think the three
> >> * AND/OR usage above speak for themselves.
> >> * Szabolcs Nagy mentioned that GNU_PROPERTY is an OS-specific mechanism
> >> * (GNU), but the features are oftentimes arch specific which make sense
> >> * to other OSes or bare-metal.
> >> * Szabolcs: Do we need any versioning mechanism?
> >>
> >> The feature selection and compatibility checking mechanism has some
> >> overlap with GNU/arch-specific attributes (e.g .ARM.attributes,
> >> .riscv.attributes). If I understand correctly, GNU_PROPERTY has an
> >> associated program header so it can be checked by loaders
> >> (kernel/ld.so/emulator) while Attributes don't have program headers so
> >> they are largely assembler/linker protocols. In an inflexible way that
> >> such feature bits can affect observable states to loaders as well, e.g.
> >> .ARM.attributes can affect e_flags (soft/hard float). .MIPS.abiflags
> >> has an associated program header PT_MIPS_ABIFLAGS (I know nearly nothing
> >> about mips) Some thoughts from mips folks would be useful.
> >>
> >> Last, I think a feature selection and compatibility checking mechanism
> >> is assuredly useful, but whether the current AND/OR scheme can perfectly
> >> satisfy that goal I am unsure. Having the proposal is a very good start,
> >> though:) Thanks a lot for driving the discussion:)
> >
> >My current ultimate goal is GNU_PROPERTY_SINGLE_GLOBAL_DEFINITION
> >with a compiler option, -fsingle-global-definition:
> >
> >1. All accesses to protected definitions are local access.
> >2. In executable, all accesses to defined symbols are local access.
>
> For other folks,
> I think
> https://maskray.me/blog/2021-01-09-copy-relocations-canonical-plt-entries-and-protected#protected-data-symbols-and-copy-relocations
> has summarized the current toolchain state and answered these questions.
>
> clang always emits local access for protected definitions so there
> should be no change.
> gcc does use GOT for protected data symbols but the scheme only works on
> i386 and x86-64.
> (arm and aarch64 have glibc support bot no binutils support IIUC).
> ld.lld always errors for copy relocations on protected data, and it will
> continue doing so, like gold (https://sourceware.org/bugzilla/show_bug.cgi?id=19823)
>
> So on the clang side, there is no needed change.
>
>
> On the GCC side, switching to local access for protected data symbols
> technically changes the behavior for i386 and x86-64 and might be considered an
> ABI change. But I'd argue that that does not matter because of three reasons:
>
> * clang i386 and x86-64 always emits local access for protected definitions
> * protected data+copy relocations never work on non-x86. (glibc has support for arm/aarch64 but binutils doesn't support it)
> * gold never supports protected data+copy relocations, even for x86 (https://sourceware.org/bugzilla/show_bug.cgi?id=19823)
>
> So if there is breakage (if any..), it must be x86 specific code using
> protected definitions, only built with gcc, not caring about traditional
> behavior (<~2015 or 2016), never supporting non-x86 architectures, only
> linkable with GNU ld (not gold), never supporting libc other than glibc.
>
> OK, I cannot even imagine who is doing this:)
>
> My blog post has mentioned what'd be great if gcc does:
>
> * GCC: add -f[no-]direct-access-external-data.
> * GCC: drop HAVE_LD_PIE_COPYRELOC in favor of -f[no-]direct-access-external-data.
> * GCC x86-64: default to GOT indirection for external data symbols in -fpie mode.
> * GCC or GNU as i386: emit R_386_PLT32 for branches to undefined function symbols.
> * GNU ld x86: disallow copy relocations on protected data symbols. (I think canonical PLT entries on protected symbols have been disallowed.)
> * GCC aarch64/arm/x86/...: allow direct access relocations on protected symbols in -fpic mode.
> * GNU ld aarch64/x86: allow direct access relocations on protected data symbols in -shared mode.
>
> I can understand that some GCC folks may like
> -f[no-]direct-access-external-data. That doesn't matter: just ignore
> -f[no-]direct-access-external-data (which gives the user a choice) and do the
> rest.
>
> >3. All global function pointers, whose function bodies aren't
> >locally defined, must use GOT.
>
> This should be the case for -fpie and -fpic.
>
> For -fno-pic, some users may want direct access and I think the compiler should
> give users a choice for compatibility.
>
> clang -fno-pic -fdirect-access-external-data (in -fno-pic mode,
> -fdirect-access-external-data is the default)does this perfectly. I know some
> GCC folks may not like the idea that the option name does not talk about
> function pointers.... That is unfortunate.
>
> >4. All read/write accesses to symbols, which aren't locally defined
> >must, use GOT.
>
> Ditto.
>
> >5. Branches to undefined symbols may use PLT.
>
> This has always been the case for most non-x86 architectures.
> For x86-64, the 2018 R_X86_64_PLT32 switch made this true.
>
> There is just a disagreement for R_386_PC32/R_386_PLT32 due to an ifunc
> diagnostic (which I think is not a big deal). Since i386 is becoming
> more and more irrelevant, this can be left unresolved. If you want to
> switch to R_386_PLT32, that'd certainly be great news to me:)
>
> >GNU_PROPERTY_SINGLE_GLOBAL_DEFINITION will be enforced
> >by assembler, linker and ld.so.
>
> With the above, I think we won't break code without introducing a new
> gnu property. It is just that GCC/GNU ld need to take some actions
> which reflect traditional/non-x86 behaviors.
There are special codes in ld.so to handle STV_PROTECTED:
commit 62da1e3b00b51383ffa7efc89d8addda0502e107
Author: H.J. Lu <hjl.tools at gmail.com>
Date: Tue Mar 31 05:15:43 2015 -0700
Add ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA to x86
With copy relocation, address of protected data defined in the shared
library may be external. When there is a relocation against the
protected data symbol within the shared library, we need to check if we
should skip the definition in the executable copied from the protected
data. This patch adds ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA and defines
it for x86. If ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA isn't 0, do_lookup_x
will skip the data definition in the executable from copy reloc.
commit 6aa29abe9fab81e153d6232edf4ba048ac7d0b6e
Author: Ulrich Drepper <drepper at redhat.com>
Date: Mon May 22 16:33:19 2000 +0000
Update.
2000-05-21 H.J. Lu <hjl at gnu.org>
* elf/do-lookup.h (do_lookup_versioned): Replace reloc_type paramete
r
with noexec and noplt parameter.
(do_lookup): Likewise.
* elf/dl-lookup.c (_dl_lookup_symbol): Change for new parameters of
do_lookup. Support STV_PROTECTED.
(_dl_lookup_symbol_skip): Likewise.
(_dl_lookup_versioned_symbol): Likewise.
(_dl_lookup_versioned_symbol_skip): Likewise.
* elf/dl-reloc.c (RESOLVE): Check STB_LOCAL instead of
ST_VISIBILITY.
* elf/dl-runtime.c (profile_fixup): Fix a typo in comment.
They and together with COPY relocation can be safely skipped only for
GNU_PROPERTY_SINGLE_GLOBAL_DEFINITION binaries.
--
H.J.
More information about the llvm-dev
mailing list