Expanding the list of "Hardened Packages"
Florian Weimer
fweimer at redhat.com
Thu Apr 4 08:27:31 UTC 2013
On 04/04/2013 09:47 AM, Jakub Jelinek wrote:
> On Thu, Apr 04, 2013 at 09:39:18AM +0200, Paolo Bonzini wrote:
>>> I'm willing to agree that PIE on x86 is going to be very slow due to
>>> register pressure.
>>
>> Yes, but not on x86-64 which has %rip-relative addressing. It is
>> probably a wash there.
On x86_64, GCC uses %rip-relative addressing even in non-PIC mode.
> It isn't, while the register pressure doesn't increase on x86-64 due to
> PIC/PIE and PIC register setup doesn't require any code, whenever you access
> data that aren't known at compile time to be in the binary/shared library
> (i.e. static or hidden mostly), then for PIC/PIE it means an extra indirection
> through GOT.
For PIE, ld should be able to avoid the indirection for function calls
because the function in the binary always takes precedence. (A bit like
protected visibility.) It seems this optimization is already implemented.
I think a similar optimization would be possible for access to global
variables because ld could compute the final layout of all global
variables in the binary itself, just as in the non-PIE case.
--
Florian Weimer / Red Hat Product Security Team
More information about the devel
mailing list