On 2021-06-07, Jakub Jelinek wrote:
On Mon, Jun 07, 2021 at 12:01:55PM -0600, Jeff Law via Gcc-patches wrote:
> This breaks assumptions across the board. If software packages want
> to use -fno-semantic-interposition that is one thing. But distros
> should not be changing the default. This is just like using
> -ffast-math :).
Some distros already force immediate binding at link time for security
purposes on a distro-wide basis which, IIUC, does the same thing, but
without the benefits from a code generation standpoint.
If you are talking about -Wl,-z,now, that is very different, semantic
interposition then still works just fine.
If you are talking about the glibc style by hand "protected" visibility,
bind calls to symbols defined in the same library through internal symbols,
then that is done only for a couple of packages and is stronger than
-fno-semantic-interposition.
Jakub
-fno-semantic-interposition can save a PLT entry (and associated
R_*_JUMP_SLOT dynamic relocation) if a default visibility STB_GLOBAL
function is only called in its defining TU, not by other TUs linked into
the shared object.
This is a subset of the PLT-suppressing optimization if a distribution defaults
to ld -Bsymbolic-non-weak-functions
(https://maskray.me/blog/2021-05-16-elf-interposition-and-bsymbolic#the-last-alliance-of-elf-and-men)
Binding definitions in the same component can make software securer.
https://twitter.com/CarlosODonell/status/1400879768028028935
"Disable PRELOAD/AUDIT, which is what I'm going to pursue e.g. system-wide glibc
hardening tunable."
If such a thing is deployed, why cannot a passionate distribution default to
gcc -fno-semantic-interposition and ld -Bsymbolic-non-weak-functions
can bring back the lost performance (15+% for my clang; 27% for cpython; ...)
Last, the "assumption" is just GCC's mapping from source code to the ELF binary
format.
https://maskray.me/blog/2021-05-09-fno-semantic-interposition#source-level-implication
We could also argue that C++ odr rule doesn't like us doing semantic
interposition.
(I know it's vague
https://stackoverflow.com/questions/55632222/odr-violation-when-linking-static-and-dynamic-library
)
