This is the mail archive of the
mailing list for the binutils project.
Re: Preventing preemption of 'protected' symbols in GNU ld 2.26
- From: Joe Groff <jgroff at apple dot com>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>
- Cc: Alan Modra <amodra at gmail dot com>, Cary Coutant <ccoutant at gmail dot com>, Binutils <binutils at sourceware dot org>
- Date: Tue, 29 Mar 2016 12:36:28 -0700
- Subject: Re: Preventing preemption of 'protected' symbols in GNU ld 2.26
- Authentication-results: sourceware.org; auth=none
- References: <AB592ABD-D6D7-4D2F-A0D6-45738F168DC4 at apple dot com> <BEDD88C6-7F80-45DA-9021-10587244AAE5 at apple dot com> <CAMe9rOq6rmvH458nufzfZnnU_=_n1yysbLzERNy-LWvEmjmN1A at mail dot gmail dot com>
> On Mar 29, 2016, at 12:33 PM, H.J. Lu <email@example.com> wrote:
> On Tue, Mar 29, 2016 at 12:31 PM, Joe Groff <firstname.lastname@example.org> wrote:
>> On Mar 29, 2016, at 8:44 AM, H.J. Lu <email@example.com> wrote:
>>> On Mon, Mar 28, 2016 at 4:21 PM, Alan Modra <firstname.lastname@example.org> wrote:
>>>> On Mon, Mar 28, 2016 at 03:38:01PM -0700, Cary Coutant wrote:
>>>>>>>> Did you look at what the costs were in startup time and dirty pages by using
>>>>>>>> copy relocations? What do you do if the size of the definition changes in a
>>>>>>>> new version of the library?
>>>>>>> There wouldn't be a measurable cost in dirty pages; the copied objects
>>>>>>> are simply allocated in bss in the executable.
>>>>>> Wouldn't references to the symbol from within the .so need to be relocated to reference the now-canonical copy in the executable?
>>>>> No, references from within the .so would have always used the GOT.
>>>>> Non-protected global symbols in a shared library are still
>>>>> pre-emptible, so they are always indirect, and there's always a
>>>>> dynamic relocation for the GOT entry. Whether the prevailing
>>>>> definition winds up in the executable or the shared library, the
>>>>> dynamic loader still has to bind the symbol and apply the relocation.
>>>> HJ's changes to protected visibility meant compiler changes so that
>>>> protected visibility in shared libraries is no longer seen as local.
>>>> So yes, protected visibility symbols in shared libraries now go
>>>> through the GOT. Prior to his changes, they were optimized to a
>>>> pc-relative access. Joe is correct in pointing out that shared
>>>> libraries needed a change. Bad luck if you're using an older
>>>> compiler. Also bad luck if you want to use protected visibility to
>>>> optimize your shared library.
>>>> HJ also made glibc ld.so changes to ensure the semantics of protected
>>>> visibility symbols remain unchanged when multiple shared libraries
>>>> define the same protected visibility symbol.
>>>> Apparently most people in the gcc and glibc communities saw these
>>>> toolchain modifications as fiendishly clever.
>>> As I said before, copy relocation and protected symbol are fundamentally
>>> incompatible. Since copy relocation is the part of x86 psABIs, I updated
>>> GCC, glibc and ld to make protected symbol to work with copy relocation.
>>> That is protected symbol may be external, but won't be preempted. The
>>> price I paid is that protected symbol won't be accessed via PC-relative
>>> relocation within the shared object. To access protected symbol via
>>> PC-relative relocation within the shared object, we need to disable copy
>>> relocation in executable, which is a psABI change. That is why I proposed
>>> to mark the object as such so that we won't get surprise at run-time.
>> I think what Cary's arguing (and I honestly would expect) is that copying the protected symbol *is* for all intents and purposes a preemption. I'd expect copy relocations against protected symbols to be linker errors. I guess what's missing for gcc's intended optimization is an indication to the compiler that a symbol is protected in its home library, to suppress emitting PC-relative references to a copy relocation.
> That is what I meant by "That is why I proposed to mark the object as such so
> that we won't get surprise at run-time."
I don't see why it would be a runtime failure. ld could refuse to resolve the relocation at static link time, couldn't it?