Am 07.04.22 um 13:05 schrieb Jan Engelhardt:
On Thursday 2022-04-07 02:19, Aaron Puchert wrote:
We did not yet do "Full RELRO" (-z now) as we feared the amount of integration work. The way the manpages are written, one would not think of -z now (or ld.so LD_BIND_NOW) having ties to relro, but be more of a debugging aid, so that debugger sessions don't go through the symbol resolution Is that what happens? I thought it would only resolve the symbols that are used, and "resolve all symbols" means resolving all symbols that need to be resolved, i.e. are listed in .dynsym of some loaded ELF file I did not mean to contradict; indeed there are different interpretations for "all" and "used".
- symbols in .dynsym of a library (libstdc++ roughly 5971) - symbols in .rela.dyn/.rela.plt/.dynsym section of an executable (hello world[1] in c++: up to 14 depending on what you count) Good point, the .rela.* sections are probably more appropriate when estimating the cost, since symbols in .dynsym don't need to be looked up necessarily. (If they're defined in the library but not used there, or if the library uses -fno-semantic-interposition.) - set of functions that actually get invoked during runtime (if rand yields 0, cout.operator<< won't be called, so it need not be resolved) Indeed, “used” can mean statically used or dynamically used, and neither necessarily implies the other. (Statically used symbols might not be needed in a particular execution, and dynamically used symbols might have been resolved with dlsym.)
There could be quite a number of functions that aren't used in a particular invocation of an executable, which I guess could happen especially in scripts. Then on the other hand, looking up all statically used functions at once might be more cache-friendly.
[1] #include <iostream> #include <cstdlib> int main() { srand(time(nullptr)); if (rand() & 1) std::cout << "Hello world\n"; }
LD_BIND_NOW=1 LD_DEBUG=symbols ./a.out 2>&1|grep -i symbo|sort -u|wc -l 6302 LD_BIND_NOW=0 LD_DEBUG=symbols ./a.out 2>&1|grep -i symbo|sort -u|wc -l 4044
Strangely I get 6300 for both and I haven't updated to the “-z now by default” snapshot yet. But either way there is an awful lot of symbols used by libstdc++. Aaron