This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Copy relocations against protected symbols
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>, Cary Coutant <ccoutant at google dot com>, Binutils <binutils at sourceware dot org>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Thu, 18 Dec 2014 19:47:50 -0800
- Subject: Re: Copy relocations against protected symbols
- Authentication-results: sourceware.org; auth=none
- References: <CAMe9rOoJ-0ER8VAckjZyLwdgGJFeQBfri+d+NY81WozizTnCQw at mail dot gmail dot com> <20141218221354 dot GA31055 at bubble dot grove dot modra dot org> <CAMe9rOoa=V+PEUx_+x_PGiAXFhGRPW9vTRSjLpOJ1YYAUcM=XA at mail dot gmail dot com> <20141219031025 dot GA32031 at bubble dot grove dot modra dot org>
On Thu, Dec 18, 2014 at 7:10 PM, Alan Modra <amodra@gmail.com> wrote:
> On Thu, Dec 18, 2014 at 03:06:14PM -0800, H.J. Lu wrote:
>> On Thu, Dec 18, 2014 at 2:13 PM, Alan Modra <amodra@gmail.com> wrote:
>> > On Thu, Dec 18, 2014 at 11:02:59AM -0800, H.J. Lu wrote:
>> >> Adding glibc.
>> >>
>> >> On Thu, Dec 18, 2014 at 10:52 AM, Cary Coutant <ccoutant@google.com> wrote:
>> >> >> Should we simply disallow creating DSO with protected data on targets
>> >> >> with copy relocation?
>> >> >
>> >> > I don't think so. Protected symbols are useful, and their presence
>> >>
>> >> As soon as they are used in executable, the program will misbehave.
>> >
>> > Not if the references in the executable are in code compiled with
>> > -fPIC. I agree with Cary, disallowing protected visibility variables
>>
>> It only works with -fPIC, not -fPIE when GCC 5 is used:
>>
>> https://gcc.gnu.org/ml/gcc-patches/2014-12/msg00428.html
>
> That optimisation may not be such a good idea. What you gain in an
> executable by using .dynbss, you lose in a shared library by not being
> able to use protected visibility. So for hot variables accessed
> mostly by a shared library you'd want to turn this optimisation off.
>
You are assuming there are more hot protected data access inside
DSO than normal data access in executable/PIE.
Protected data in DSO doesn't work with executable nor PIE when
GCC 5 is used. Compiler doesn't even know an external definition
will be protected. Unless we make it to work with executable and
PIE+GCC 5, I doubt it is very useful on x86. Since it never worked,
I don't think anyone will miss it on x86.
--
H.J.