1 /* Force .data aligned to 4K, so .got very likely gets at 0x102190 2 (0x60 bytes .tdata and 0x130 bytes .dynamic) */ 3 .data 4 .balign 4096 5 .section ".tdata", "awT", @progbits 6 .globl sg1, sg2, sg3, sg4, sg5, sg6, sg7, sg8 7 .globl sh1, sh2, sh3, sh4, sh5, sh6, sh7, sh8 8 .hidden sh1, sh2, sh3, sh4, sh5, sh6, sh7, sh8 9sg1: .long 17 10sg2: .long 18 11sg3: .long 19 12sg4: .long 20 13sg5: .long 21 14sg6: .long 22 15sg7: .long 23 16sg8: .long 24 17sl1: .long 65 18sl2: .long 66 19sl3: .long 67 20sl4: .long 68 21sl5: .long 69 22sl6: .long 70 23sl7: .long 71 24sl8: .long 72 25sh1: .long 257 26sh2: .long 258 27sh3: .long 259 28sh4: .long 260 29sh5: .long 261 30sh6: .long 262 31sh7: .long 263 32sh8: .long 264 33 /* Force .text aligned to 4K, so it very likely gets at 0x1000. */ 34 .text 35 .balign 4096 36 .globl fn1 37 .type fn1,@function 38fn1: 39 pushq %rbp 40 movq %rsp, %rbp 41 nop;nop;nop;nop 42 43 /* GD */ 44 leaq sg1@tlsdesc(%rip), %rax 45 call *sg1@tlscall(%rax) 46 nop;nop;nop;nop 47 48 /* GD -> IE because variable is referenced through IE too */ 49 leaq sg2@tlsdesc(%rip), %rax 50 call *sg2@tlscall(%rax) 51 nop;nop;nop;nop 52 53 /* GD against local variable */ 54 leaq sl1@tlsdesc(%rip), %rax 55 call *sl1@tlscall(%rax) 56 nop;nop;nop;nop 57 58 /* GD -> IE against local variable referenced through IE too */ 59 leaq sl2@tlsdesc(%rip), %rax 60 call *sl2@tlscall(%rax) 61 nop;nop;nop;nop 62 63 /* GD against hidden and local variable */ 64 leaq sh1@tlsdesc(%rip), %rax 65 call *sh1@tlscall(%rax) 66 nop;nop;nop;nop 67 68 /* GD -> IE against hidden and local variable referenced through 69 IE too */ 70 leaq sh2@tlsdesc(%rip), %rax 71 call *sh2@tlscall(%rax) 72 nop;nop;nop;nop 73 74 /* GD against hidden but not local variable */ 75 leaq sH1@tlsdesc(%rip), %rax 76 call *sH1@tlscall(%rax) 77 nop;nop;nop;nop 78 79 /* GD -> IE against hidden but not local variable referenced through 80 IE too */ 81 leaq sH2@tlsdesc(%rip), %rax 82 call *sH2@tlscall(%rax) 83 nop;nop;nop;nop 84 85 /* LD */ 86 leaq _TLS_MODULE_BASE_@tlsdesc(%rip), %rax 87 call *_TLS_MODULE_BASE_@tlscall(%rax) 88 nop;nop 89 leaq sl1@dtpoff(%rax), %rdx 90 nop;nop 91 leaq 2+sl2@dtpoff(%rax), %r9 92 nop;nop;nop;nop 93 94 /* LD against hidden and local variables */ 95 leaq sh1@dtpoff(%rax), %rdx 96 nop;nop 97 leaq sh2@dtpoff+3(%rax), %rcx 98 nop;nop;nop;nop 99 100 /* LD against hidden but not local variables */ 101 leaq sH1@dtpoff(%rax), %r12 102 nop;nop 103 leaq sH2@dtpoff+1(%rax), %rcx 104 nop;nop 105 106 /* IE against global var */ 107 movq %fs:0, %rcx 108 nop;nop 109 addq sg2@gottpoff(%rip), %rcx 110 nop;nop;nop;nop 111 112 /* IE against local var */ 113 movq %fs:0, %r14 114 nop;nop 115 addq sl2@gottpoff(%rip), %r14 116 nop;nop;nop;nop 117 118 /* IE against hidden and local var */ 119 movq %fs:0, %rcx 120 nop;nop 121 addq sh2@gottpoff(%rip), %rcx 122 nop;nop;nop;nop 123 124 /* IE against hidden but not local var */ 125 movq %fs:0, %rcx 126 nop;nop 127 addq sH2@gottpoff(%rip), %rcx 128 nop;nop;nop;nop 129 130 /* Direct access through %fs */ 131 132 /* IE against global var */ 133 movq sg5@gottpoff(%rip), %rcx 134 nop;nop 135 movq %fs:(%rcx), %rdx 136 nop;nop;nop;nop 137 138 /* IE against local var */ 139 movq sl5@gottpoff(%rip), %r10 140 nop;nop 141 movq %fs:(%r10), %r12 142 nop;nop;nop;nop 143 144 /* IE against hidden and local var */ 145 movq sh5@gottpoff(%rip), %rdx 146 nop;nop 147 movq %fs:(%rdx), %rdx 148 nop;nop;nop;nop 149 150 /* IE against hidden but not local var */ 151 movq sH5@gottpoff(%rip), %rcx 152 nop;nop 153 movq %fs:(%rcx), %rdx 154 nop;nop;nop;nop 155 156 leave 157 ret 158