ld: Add --enable-separate-code

This patch adds --enable-separate-code to ld configure to turn on
-z separate-code by default and enables it by default for Linux/x86.
This avoids mixing code pages with data to improve cache performance
as well as security.

To reduce x86-64 executable and shared object sizes, the maximum page
size is reduced from 2MB to 4KB when -z separate-code is turned on by
default.  Note: -z max-page-size= can be used to set the maximum page
size.

We compared SPEC CPU 2017 performance before and after this change on
Skylake server.  There are no any significant performance changes.
Everything is mostly below +/-1%.

bfd/

	* config.in: Regenerated.
	* configure: Likewise.
	* configure.ac: Add --enable-separate-code.
	(DEFAULT_LD_Z_SEPARATE_CODE): New AC_DEFINE_UNQUOTED.  Default
	to 1 for Linux/x86 targets,
	* elf64-x86-64.c (ELF_MAXPAGESIZE): Set to 0x1000 if
	DEFAULT_LD_Z_SEPARATE_CODE is 1.

ld/

	* NEWS: Mention --enable-separate-code.
	* configure.ac: Add --enable-separate-code.
	(DEFAULT_LD_Z_SEPARATE_CODE): New AC_DEFINE_UNQUOTED.
	* configure.tgt: Default ac_default_ld_z_separate_code to 1 for
	Linux/x86 targets.
	* config.in: Regenerated.
	* configure: Likewise.
	* emultempl/elf32.em (gld${EMULATION_NAME}_before_parse): Set
	link_info.separate_code DEFAULT_LD_Z_SEPARATE_CODE.

bfd/ChangeLog

@@ -1,3 +1,13 @@
+2018-02-27  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config.in: Regenerated.
+	* configure: Likewise.
+	* configure.ac: Add --enable-separate-code.
+	(DEFAULT_LD_Z_SEPARATE_CODE): New AC_DEFINE_UNQUOTED.  Default
+	to 1 for Linux/x86 targets,
+	* elf64-x86-64.c (ELF_MAXPAGESIZE): Set to 0x1000 if
+	DEFAULT_LD_Z_SEPARATE_CODE is 1.
+
 2018-02-27  Nick Clifton  <nickc@redhat.com>
 
 	* aout-cris.c (swap_ext_reloc_out): Standadize error/warning

bfd/config.in

@@ -10,6 +10,10 @@
 /* Name of host specific core header file to include in elf.c. */
 #undef CORE_HEADER
 
+/* Define to 1 if you want to enable -z separate-code in ELF linker by
+   default. */
+#undef DEFAULT_LD_Z_SEPARATE_CODE
+
 /* Define to 1 if translation of program messages to the user's native
    language is requested. */
 #undef ENABLE_NLS

bfd/configure

@@ -793,6 +793,7 @@ enable_targets
 enable_64_bit_archive
 with_mmap
 enable_secureplt
+enable_separate_code
 enable_leading_mingw64_underscores
 with_separate_debug_dir
 with_pkgversion
@@ -1446,6 +1447,7 @@ Optional Features:
   --enable-targets        alternative target configurations
   --enable-64-bit-archive force 64-bit archives
   --enable-secureplt      Default to creating read-only plt entries
+  --enable-separate-code  enable -z separate-code in ELF linker by default
   --enable-leading-mingw64-underscores
                           Enable leading underscores on 64 bit mingw targets
   --enable-werror         treat compile warnings as errors
@@ -11428,7 +11430,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11431 "configure"
+#line 11433 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11534,7 +11536,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11537 "configure"
+#line 11539 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -12171,6 +12173,33 @@ $as_echo "#define USE_SECUREPLT 1" >>confdefs.h
 
 fi
 
+# Decide if -z separate-code should be enabled in ELF linker by default.
+ac_default_ld_z_separate_code=unset
+# Check whether --enable-separate-code was given.
+if test "${enable_separate_code+set}" = set; then :
+  enableval=$enable_separate_code; case "${enableval}" in
+  yes) ac_default_ld_z_separate_code=1 ;;
+  no) ac_default_ld_z_separate_code=0 ;;
+esac
+fi
+
+# Enable -z separate-code by default for Linux/x86.
+case "${target}" in
+i3-786-*-linux-* | x86_64-*-linux-*)
+  if test ${ac_default_ld_z_separate_code} = unset; then
+    ac_default_ld_z_separate_code=1
+  fi
+  ;;
+esac
+if test "${ac_default_ld_z_separate_code}" = unset; then
+  ac_default_ld_z_separate_code=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define DEFAULT_LD_Z_SEPARATE_CODE $ac_default_ld_z_separate_code
+_ACEOF
+
+
 # Check whether --enable-leading-mingw64-underscores was given.
 if test "${enable_leading_mingw64_underscores+set}" = set; then :
   enableval=$enable_leading_mingw64_underscores;

bfd/configure.ac

@@ -97,6 +97,30 @@ if test $use_secureplt = true; then
     [Define if we should default to creating read-only plt entries])
 fi
 
+# Decide if -z separate-code should be enabled in ELF linker by default.
+ac_default_ld_z_separate_code=unset
+AC_ARG_ENABLE(separate-code,
+	      AS_HELP_STRING([--enable-separate-code],
+	      [enable -z separate-code in ELF linker by default]),
+[case "${enableval}" in
+  yes) ac_default_ld_z_separate_code=1 ;;
+  no) ac_default_ld_z_separate_code=0 ;;
+esac])
+# Enable -z separate-code by default for Linux/x86.
+case "${target}" in
+i[3-7]86-*-linux-* | x86_64-*-linux-*)
+  if test ${ac_default_ld_z_separate_code} = unset; then
+    ac_default_ld_z_separate_code=1
+  fi
+  ;;
+esac
+if test "${ac_default_ld_z_separate_code}" = unset; then
+  ac_default_ld_z_separate_code=0
+fi
+AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_SEPARATE_CODE,
+  $ac_default_ld_z_separate_code,
+  [Define to 1 if you want to enable -z separate-code in ELF linker by default.])
+
 AC_ARG_ENABLE(leading-mingw64-underscores,
   AS_HELP_STRING([--enable-leading-mingw64-underscores],
                  [Enable leading underscores on 64 bit mingw targets]),

bfd/elf64-x86-64.c

@@ -4942,7 +4942,11 @@ elf_x86_64_special_sections[]=
 #define ELF_ARCH			    bfd_arch_i386
 #define ELF_TARGET_ID			    X86_64_ELF_DATA
 #define ELF_MACHINE_CODE		    EM_X86_64
-#define ELF_MAXPAGESIZE			    0x200000
+#if DEFAULT_LD_Z_SEPARATE_CODE
+# define ELF_MAXPAGESIZE		    0x1000
+#else
+# define ELF_MAXPAGESIZE		    0x200000
+#endif
 #define ELF_MINPAGESIZE			    0x1000
 #define ELF_COMMONPAGESIZE		    0x1000
 
@@ -5335,7 +5339,11 @@ elf64_l1om_elf_object_p (bfd *abfd)
 #undef	ELF_MAXPAGESIZE
 #undef	ELF_MINPAGESIZE
 #undef	ELF_COMMONPAGESIZE
-#define ELF_MAXPAGESIZE			0x200000
+#if DEFAULT_LD_Z_SEPARATE_CODE
+# define ELF_MAXPAGESIZE		0x1000
+#else
+# define ELF_MAXPAGESIZE		0x200000
+#endif
 #define ELF_MINPAGESIZE			0x1000
 #define ELF_COMMONPAGESIZE		0x1000
 #undef	elf_backend_plt_alignment

ld/ChangeLog

@@ -1,3 +1,15 @@
+2018-02-27  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* NEWS: Mention --enable-separate-code.
+	* configure.ac: Add --enable-separate-code.
+	(DEFAULT_LD_Z_SEPARATE_CODE): New AC_DEFINE_UNQUOTED.
+	* configure.tgt: Default ac_default_ld_z_separate_code to 1 for
+	Linux/x86 targets.
+	* config.in: Regenerated.
+	* configure: Likewise.
+	* emultempl/elf32.em (gld${EMULATION_NAME}_before_parse): Set
+	link_info.separate_code DEFAULT_LD_Z_SEPARATE_CODE.
+
 2018-02-26  Alan Modra  <amodra@gmail.com>
 
 	* emulparams/call_nop.sh, * emulparams/cet.sh,

ld/NEWS

@@ -1,5 +1,10 @@
 -*- text -*-
 
+* Add a configure option --enable-separate-code to decide whether
+  -z separate-code should be enabled in ELF linker by default.  Default
+  to yes for Linux/x86 targets.  Note that -z separate-code can increase
+  disk and memory size.
+
 Changes in 2.30:
 
 * Add -z separate-code to generate separate code PT_LOAD segment.

ld/config.in

@@ -19,6 +19,10 @@
 /* Define to 1 if you want to enable -z relro in ELF linker by default. */
 #undef DEFAULT_LD_Z_RELRO
 
+/* Define to 1 if you want to enable -z separate-code in ELF linker by
+   default. */
+#undef DEFAULT_LD_Z_SEPARATE_CODE
+
 /* Define to 1 if you want to set DT_RUNPATH instead of DT_RPATH by default.
    */
 #undef DEFAULT_NEW_DTAGS

ld/configure

@@ -790,6 +790,7 @@ enable_got
 enable_compressed_debug_sections
 enable_new_dtags
 enable_relro
+enable_separate_code
 enable_default_hash_style
 enable_werror
 enable_build_warnings
@@ -1451,6 +1452,7 @@ Optional Features:
                           compress debug sections by default]
   --enable-new-dtags      set DT_RUNPATH instead of DT_RPATH by default]
   --enable-relro          enable -z relro in ELF linker by default
+  --enable-separate-code  enable -z separate-code in ELF linker by default
   --enable-default-hash-style={sysv,gnu,both}
                           use this default hash style
   --enable-werror         treat compile warnings as errors
@@ -11725,7 +11727,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11728 "configure"
+#line 11730 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11831,7 +11833,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11834 "configure"
+#line 11836 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -15567,6 +15569,17 @@ if test "${enable_relro+set}" = set; then :
 esac
 fi
 
+# Decide if -z separate-code should be enabled in ELF linker by default.
+ac_default_ld_z_separate_code=unset
+# Check whether --enable-separate-code was given.
+if test "${enable_separate_code+set}" = set; then :
+  enableval=$enable_separate_code; case "${enableval}" in
+  yes) ac_default_ld_z_separate_code=1 ;;
+  no) ac_default_ld_z_separate_code=0 ;;
+esac
+fi
+
+
 # Decide which "--hash-style" to use by default
 # Provide a configure time option to override our default.
 # Check whether --enable-default-hash-style was given.
@@ -17258,6 +17271,15 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+if test "${ac_default_ld_z_separate_code}" = unset; then
+  ac_default_ld_z_separate_code=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define DEFAULT_LD_Z_SEPARATE_CODE $ac_default_ld_z_separate_code
+_ACEOF
+
+
 
 cat >>confdefs.h <<_ACEOF
 #define DEFAULT_EMIT_SYSV_HASH $ac_default_emit_sysv_hash

ld/configure.ac

@@ -177,6 +177,16 @@ AC_ARG_ENABLE(relro,
   no)  ac_default_ld_z_relro=0 ;;
 esac])dnl
 
+# Decide if -z separate-code should be enabled in ELF linker by default.
+ac_default_ld_z_separate_code=unset
+AC_ARG_ENABLE(separate-code,
+	      AS_HELP_STRING([--enable-separate-code],
+	      [enable -z separate-code in ELF linker by default]),
+[case "${enableval}" in
+  yes) ac_default_ld_z_separate_code=1 ;;
+  no) ac_default_ld_z_separate_code=0 ;;
+esac])
+
 # Decide which "--hash-style" to use by default
 # Provide a configure time option to override our default.
 AC_ARG_ENABLE([default-hash-style],
@@ -434,6 +444,13 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_RELRO,
   $ac_default_ld_z_relro,
   [Define to 1 if you want to enable -z relro in ELF linker by default.])
 
+if test "${ac_default_ld_z_separate_code}" = unset; then
+  ac_default_ld_z_separate_code=0
+fi
+AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_SEPARATE_CODE,
+  $ac_default_ld_z_separate_code,
+  [Define to 1 if you want to enable -z separate-code in ELF linker by default.])
+
 AC_DEFINE_UNQUOTED([DEFAULT_EMIT_SYSV_HASH],
   [$ac_default_emit_sysv_hash],
   [Define to 1 if you want to emit sysv hash in the ELF linker by default.])

ld/configure.tgt

@@ -968,3 +968,12 @@ frv-*-* | hppa*-*-* | ia64-*-* | mips*-*-*)
   fi
   ;;
 esac
+
+# Enable -z separate-code by default for Linux/x86.
+case "${target}" in
+i[3-7]86-*-linux-* | x86_64-*-linux-*)
+  if test ${ac_default_ld_z_separate_code} = unset; then
+    ac_default_ld_z_separate_code=1
+  fi
+  ;;
+esac

ld/emultempl/elf32.em

@@ -106,6 +106,7 @@ gld${EMULATION_NAME}_before_parse (void)
   `if test -n "$CALL_NOP_BYTE" ; then echo link_info.call_nop_byte = $CALL_NOP_BYTE; fi`;
   link_info.check_relocs_after_open_input = TRUE;
   link_info.relro = DEFAULT_LD_Z_RELRO;
+  link_info.separate_code = DEFAULT_LD_Z_SEPARATE_CODE;
 }
 
 EOF