This article describes target-specific things about x86 in ELFlinkers. I will use "x86" to refer to both x86-32 and x86-64.

Global Offset Table

_GLOBAL_OFFSET_TABLE_ is defined at the start of thesection .got.plt. .got.plt has 3 reservedentries.

_GLOBAL_OFFSET_TABLE_[0] stores the link-time address of_DYNAMIC for a legacy reason. It's unused now. See Allabout Global Offset Table.

_GLOBAL_OFFSET_TABLE_[1] and_GLOBAL_OFFSET_TABLE_[2] are for lazy binding PLT.

GOT optimization

See Allabout Global Offset Table#GOT optimization.

Procedure Linkage Table

Retpoline and IndirectBranch Tracking

ld.lld supports -z retpolineplt for Spectre v2mitigation.

See .note.gnu.property below for Indirect BranchTracking.

See All aboutProcedure Linkage Table#x86 for detail.

Thread Local Storage

x86 uses TLS Variant II: the static TLS blocks are placed below thethread pointer.

Beside the traditional general dynamic and local dynamic TLS models,there are TLSDESC ABIs for x86-32 and x86-64.

The linker performs TLS optimization.

See Allabout thread-local storage.

.note.gnu.property

The linker parses input .note.gnu.property sections andrecognize -z force-ibt and -z shstk to computethe output .note.gnu.property (type isSHT_NOTE) section.

The following code (extracted from ld.lld) describes the behavior.Basically, without extra options, the output has theGNU_PROPERTY_X86_FEATURE_1_IBT bit if all input.note.gnu.property sections have the bit (logical AND).-z force-ibt forces setting the bit with a warning.

The output has the GNU_PROPERTY_X86_FEATURE_1_SHSK bitif all input .note.gnu.property sections have the bit(logical AND). -z shstk forces setting the bit without awarning.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

for (ELFFileBase *f : ctx.objectFiles) {
  uint32_t features = f->andFeatures;
  if (!(features & GNU_PROPERTY_X86_FEATURE_1_IBT)) {
    if (config->zCetReport == "error")
      error(toString(f) + ": -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property");
    else if config->zCetReport == "warning")
      warn(toString(f) + ": -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property");
  }
  if (!(features & GNU_PROPERTY_X86_FEATURE_1_SHSTK)) {
    if (config->zCetReport == "error")
      error(toString(f) + ": -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_SHSTK property");
    else if config->zCetReport == "warning")
      warn(toString(f) + ": -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_SHSTK property");
  }

  if (config->zForceIbt && !(features & GNU_PROPERTY_X86_FEATURE_1_IBT)) {
    if (config->zCetReport == "none")
      warn(toString(f) + ": -z force-ibt: file does not have "
                         "GNU_PROPERTY_X86_FEATURE_1_IBT property");
    features |= GNU_PROPERTY_X86_FEATURE_1_IBT;
  }
  ret &= features;
}

// Force enable Shadow Stack.
if (config->zShstk)
  ret |= GNU_PROPERTY_X86_FEATURE_1_SHSTK;

See Control flowintegrity for an overview of Intel CET.

.eh_frame

Clang since rL252300 emits .eh_frame sections of typeSHT_X86_64_UNWIND. It is unfortunate that.eh_frame does not use a dedicated section type butnowadays

The magic symbol prefix .gnu.linkonce was used beforeCOMDAT was introduced into ELF. .gnu.linkonce was veryobsoleted now, but unfortunately.gnu.linkonce.t.__x86.get_pc_thunk.bx remained relevant inglibc x86-32 until glibc 2.32 (2020-08).