This is an archive of the discontinued LLVM Phabricator instance.

[ELF2] - dont merge .data.rel.ro/.data.rel.ro.local into .data section.
ClosedPublic

Authored by grimar on Nov 11 2015, 3:16 AM.

Download Raw Diff

Details

Reviewers

ruiu
• rafael

Commits

rG51e37d999763: [ELF2] - dont merge .data.rel.ro/.data.rel.ro.local into .data section.
rLLD253018: [ELF2] - dont merge .data.rel.ro/.data.rel.ro.local into .data section.
rL253018: [ELF2] - dont merge .data.rel.ro/.data.rel.ro.local into .data section.

Summary

This sections can be protected with relro after resolving relocations by dynamic linker.

Diff Detail

Repository: rL LLVM

Event Timeline

grimar updated this revision to Diff 39895.Nov 11 2015, 3:16 AM

grimar retitled this revision from to [ELF2] - dont merge .data.rel.ro/.data.rel.ro.local into .data section..

grimar updated this object.

grimar added reviewers: ruiu, • rafael.

grimar added subscribers: llvm-commits, grimar.

ruiu added inline comments.Nov 11 2015, 12:58 PM

ELF/Writer.cpp
465–468 ↗	(On Diff #39895)	Is this equivalent to this? if (S.startswith(".data.rel.ro") return S;

grimar added inline comments.Nov 12 2015, 12:28 AM

ELF/Writer.cpp
465–468 ↗	(On Diff #39895)	I am not sure it is. Thats depends on if something like ".data.rel.ro.1" can appear in .o files. I dont think I saw such things and dont know if that is possible. Probably someone can rely on this behavior in gold. My implementation here is similiar to what gold do and I would keep that for behavior consistency.

I am taking a look at what exactly these sections are, but in general
sections can have suffixes because of
-ffunction-section/-fdata-section.

If the main aim to make code shorter then I would suggest next one.

if (S.startswith(".data.rel.ro")
  return ".data.rel.ro";

The only point to have this sections in output is to split the rw .data to read only part + smaller rw .data for Relro. There are probably no reasons to keep both .data.rel.ro and .data.rel.ro.local for that. Except behavior consistency with gold of-cource.

The logic behind .data.rel.ro is simple: The compiler knows that any
data in it is read only once the dynamic linker is done.

For .data.rel.ro.local things are not as simple. It was created to
support prelinking. The idea was to

Put in .data.rel.ro.local data that is ro once the dynamic linker is

done and whose relocations resolve to the same DSO.

Have a prelink program assign addresses to the DSOs and resolve the

relocations in .data.rel.ro.local.

There are a few things that are bad with this

There are ways of speeding up DSOs that don't compromise security.
The linker knows if a reloattion will always refer to the same DSO

or not, so having the compiler pass that down seems redundant.

The prelinker seems dead. It has removed from fedora after failing

to build for two releases:
http://pkgs.fedoraproject.org/cgit/prelink.git/commit/?id=eb43100a8331d91c801ee3dcdb0a0bb9babfdc1f

As for the patch, it would also have been incomplete, since it was not
putting the .local sections in a contiguous range.

My suggestion then is:

Map ".data.rel.ro.*" to ".data.rel.ro". That is, fully ignore the .local part.
Drop prelink support from llvm (I am writing the patch).

Cheers,
Rafael

Updated to suggested variant.

LGTM

This revision is now accepted and ready to land.Nov 12 2015, 11:16 AM

LGTM

Closed by commit rL253018: [ELF2] - dont merge .data.rel.ro/.data.rel.ro.local into .data section. (authored by grimar). · Explain WhyNov 12 2015, 11:59 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lld/

trunk/

ELF/

Writer.cpp

2 lines

test/

elf2/

section-name.s

7 lines

Diff 40113

lld/trunk/ELF/Writer.cpp

Show First 20 Lines • Show All 485 Lines • ▼ Show 20 Lines	StringRef Writer<ELFT>::getOutputSectionName(StringRef S) const {
auto It = InputToOutputSection.find(S);		auto It = InputToOutputSection.find(S);
if (It != std::end(InputToOutputSection))		if (It != std::end(InputToOutputSection))
return It->second;		return It->second;

if (S.startswith(".text."))		if (S.startswith(".text."))
return ".text";		return ".text";
if (S.startswith(".rodata."))		if (S.startswith(".rodata."))
return ".rodata";		return ".rodata";
		if (S.startswith(".data.rel.ro"))
		return ".data.rel.ro";
if (S.startswith(".data."))		if (S.startswith(".data."))
return ".data";		return ".data";
if (S.startswith(".bss."))		if (S.startswith(".bss."))
return ".bss";		return ".bss";
return S;		return S;
}		}

template <class ELFT>		template <class ELFT>
▲ Show 20 Lines • Show All 510 Lines • Show Last 20 Lines

lld/trunk/test/elf2/section-name.s

	Show All 11 Lines
	.section .rodata.a,"a"			.section .rodata.a,"a"
	.section .rodata,"a"			.section .rodata,"a"
	.section .data.a,"aw"			.section .data.a,"aw"
	.section .data,"aw"			.section .data,"aw"
	.section .bss.a,"",@nobits			.section .bss.a,"",@nobits
	.section .bss,"",@nobits			.section .bss,"",@nobits
	.section .foo.a,"aw"			.section .foo.a,"aw"
	.section .foo,"aw"			.section .foo,"aw"
				.section .data.rel.ro,"aw",%progbits
				.section .data.rel.ro.a,"aw",%progbits
				.section .data.rel.ro.local,"aw",%progbits
				.section .data.rel.ro.local.a,"aw",%progbits

	// CHECK-NOT: Name: .rodata.a			// CHECK-NOT: Name: .rodata.a
	// CHECK: Name: .rodata			// CHECK: Name: .rodata
	// CHECK-NOT: Name: .text.a			// CHECK-NOT: Name: .text.a
	// CHECK: Name: .text			// CHECK: Name: .text
	// CHECK-NOT: Name: .data.a			// CHECK-NOT: Name: .data.a
	// CHECK: Name: .data			// CHECK: Name: .data
	// CHECK: Name: .foo.a			// CHECK: Name: .foo.a
	// CHECK: Name: .foo			// CHECK: Name: .foo
				// CHECK-NOT: Name: .data.rel.ro.a
				// CHECK-NOT: Name: .data.rel.ro.local.a
				// CHECK: Name: .data.rel.ro
	// CHECK-NOT: Name: .bss.a			// CHECK-NOT: Name: .bss.a
	// CHECK: Name: .bss			// CHECK: Name: .bss