1 /* Force .data aligned to 4K, so .got very likely gets at 0x102190 2 (0x60 bytes .tdata and 0x130 bytes .dynamic) */ 3 .data 4 .balign 4096 5 .section ".tdata", "awT", @progbits 6 .globl sg1, sg2, sg3, sg4, sg5, sg6, sg7, sg8 7 .globl sh1, sh2, sh3, sh4, sh5, sh6, sh7, sh8 8 .hidden sh1, sh2, sh3, sh4, sh5, sh6, sh7, sh8 9sg1: .long 17 10sg2: .long 18 11sg3: .long 19 12sg4: .long 20 13sg5: .long 21 14sg6: .long 22 15sg7: .long 23 16sg8: .long 24 17sl1: .long 65 18sl2: .long 66 19sl3: .long 67 20sl4: .long 68 21sl5: .long 69 22sl6: .long 70 23sl7: .long 71 24sl8: .long 72 25sh1: .long 257 26sh2: .long 258 27sh3: .long 259 28sh4: .long 260 29sh5: .long 261 30sh6: .long 262 31sh7: .long 263 32sh8: .long 264 33 /* Force .text aligned to 4K, so it very likely gets at 0x1000. */ 34 .text 35 .balign 4096 36 .globl fn1 37 .type fn1,@function 38fn1: 39 pushq %rbp 40 movq %rsp, %rbp 41 nop;nop;nop;nop 42 43 /* GD */ 44 .byte 0x66 45 leaq sg1@tlsgd(%rip), %rdi 46 .word 0x6666 47 rex64 48 call __tls_get_addr@plt 49 nop;nop;nop;nop 50 51 /* GD -> IE because variable is referenced through IE too */ 52 .byte 0x66 53 leaq sg2@tlsgd(%rip), %rdi 54 .word 0x6666 55 rex64 56 call __tls_get_addr@plt 57 nop;nop;nop;nop 58 59 /* GD against local variable */ 60 .byte 0x66 61 leaq sl1@tlsgd(%rip), %rdi 62 .word 0x6666 63 rex64 64 call __tls_get_addr@plt 65 nop;nop;nop;nop 66 67 /* GD -> IE against local variable referenced through IE too */ 68 .byte 0x66 69 leaq sl2@tlsgd(%rip), %rdi 70 .word 0x6666 71 rex64 72 call __tls_get_addr@plt 73 nop;nop;nop;nop 74 75 /* GD against hidden and local variable */ 76 .byte 0x66 77 leaq sh1@tlsgd(%rip), %rdi 78 .word 0x6666 79 rex64 80 call __tls_get_addr@plt 81 nop;nop;nop;nop 82 83 /* GD -> IE against hidden and local variable referenced through 84 IE too */ 85 .byte 0x66 86 leaq sh2@tlsgd(%rip), %rdi 87 .word 0x6666 88 rex64 89 call __tls_get_addr@plt 90 nop;nop;nop;nop 91 92 /* GD against hidden but not local variable */ 93 .byte 0x66 94 leaq sH1@tlsgd(%rip), %rdi 95 .word 0x6666 96 rex64 97 call __tls_get_addr@plt 98 nop;nop;nop;nop 99 100 /* GD -> IE against hidden but not local variable referenced through 101 IE too */ 102 .byte 0x66 103 leaq sH2@tlsgd(%rip), %rdi 104 .word 0x6666 105 rex64 106 call __tls_get_addr@plt 107 nop;nop;nop;nop 108 109 /* LD */ 110 leaq sl1@tlsld(%rip), %rdi 111 call __tls_get_addr@plt 112 nop;nop 113 leaq sl1@dtpoff(%rax), %rdx 114 nop;nop 115 leaq 2+sl2@dtpoff(%rax), %r9 116 nop;nop;nop;nop 117 118 /* LD against hidden and local variables */ 119 leaq sh1@tlsld(%rip), %rdi 120 call __tls_get_addr@plt 121 nop;nop 122 leaq sh1@dtpoff(%rax), %rdx 123 nop;nop 124 leaq sh2@dtpoff+3(%rax), %rcx 125 nop;nop;nop;nop 126 127 /* LD against hidden but not local variables */ 128 leaq sH1@tlsld(%rip), %rdi 129 call __tls_get_addr@plt 130 nop;nop 131 leaq sH1@dtpoff(%rax), %r12 132 nop;nop 133 leaq sH2@dtpoff+1(%rax), %rcx 134 nop;nop 135 136 /* IE against global var */ 137 movq %fs:0, %rcx 138 nop;nop 139 addq sg2@gottpoff(%rip), %rcx 140 nop;nop;nop;nop 141 142 /* IE against local var */ 143 movq %fs:0, %r14 144 nop;nop 145 addq sl2@gottpoff(%rip), %r14 146 nop;nop;nop;nop 147 148 /* IE against hidden and local var */ 149 movq %fs:0, %rcx 150 nop;nop 151 addq sh2@gottpoff(%rip), %rcx 152 nop;nop;nop;nop 153 154 /* IE against hidden but not local var */ 155 movq %fs:0, %rcx 156 nop;nop 157 addq sH2@gottpoff(%rip), %rcx 158 nop;nop;nop;nop 159 160 /* Direct access through %fs */ 161 162 /* IE against global var */ 163 movq sg5@gottpoff(%rip), %rcx 164 nop;nop 165 movq %fs:(%rcx), %rdx 166 nop;nop;nop;nop 167 168 /* IE against local var */ 169 movq sl5@gottpoff(%rip), %r10 170 nop;nop 171 movq %fs:(%r10), %r12 172 nop;nop;nop;nop 173 174 /* IE against hidden and local var */ 175 movq sh5@gottpoff(%rip), %rdx 176 nop;nop 177 movq %fs:(%rdx), %rdx 178 nop;nop;nop;nop 179 180 /* IE against hidden but not local var */ 181 movq sH5@gottpoff(%rip), %rcx 182 nop;nop 183 movq %fs:(%rcx), %rdx 184 nop;nop;nop;nop 185 1861: movabsq $_GLOBAL_OFFSET_TABLE_-1b, %r11 187 pushq %rbx 188 pushq %rbx 189 leaq 1b(%rip), %rbx 190 addq %r11, %rbx 191 nop;nop;nop;nop 192 193 /* -mcmodel=large sequences */ 194 195 /* -mcmodel=large GD */ 196 leaq sg1@tlsgd(%rip), %rdi 197 movabsq $__tls_get_addr@pltoff, %rax 198 addq %rbx, %rax 199 call *%rax 200 nop;nop;nop;nop 201 202 /* -mcmodel=large GD -> IE because variable is referenced through IE too */ 203 leaq sg2@tlsgd(%rip), %rdi 204 movabsq $__tls_get_addr@pltoff, %rax 205 addq %rbx, %rax 206 call *%rax 207 nop;nop;nop;nop 208 209 /* -mcmodel=large GD against local variable */ 210 leaq sl1@tlsgd(%rip), %rdi 211 movabsq $__tls_get_addr@pltoff, %rax 212 addq %rbx, %rax 213 call *%rax 214 nop;nop;nop;nop 215 216 /* -mcmodel=large GD -> IE against local variable referenced through IE too */ 217 leaq sl2@tlsgd(%rip), %rdi 218 movabsq $__tls_get_addr@pltoff, %rax 219 addq %rbx, %rax 220 call *%rax 221 nop;nop;nop;nop 222 223 /* -mcmodel=large GD against hidden and local variable */ 224 leaq sh1@tlsgd(%rip), %rdi 225 movabsq $__tls_get_addr@pltoff, %rax 226 addq %rbx, %rax 227 call *%rax 228 nop;nop;nop;nop 229 230 /* -mcmodel=large GD -> IE against hidden and local variable referenced through 231 IE too */ 232 leaq sh2@tlsgd(%rip), %rdi 233 movabsq $__tls_get_addr@pltoff, %rax 234 addq %rbx, %rax 235 call *%rax 236 nop;nop;nop;nop 237 238 /* -mcmodel=large GD against hidden but not local variable */ 239 leaq sH1@tlsgd(%rip), %rdi 240 movabsq $__tls_get_addr@pltoff, %rax 241 addq %rbx, %rax 242 call *%rax 243 nop;nop;nop;nop 244 245 /* -mcmodel=large GD -> IE against hidden but not local variable referenced through 246 IE too */ 247 leaq sH2@tlsgd(%rip), %rdi 248 movabsq $__tls_get_addr@pltoff, %rax 249 addq %rbx, %rax 250 call *%rax 251 nop;nop;nop;nop 252 253 /* -mcmodel=large LD */ 254 leaq sl1@tlsld(%rip), %rdi 255 movabsq $__tls_get_addr@pltoff, %rax 256 addq %rbx, %rax 257 call *%rax 258 nop;nop 259 leaq sl1@dtpoff(%rax), %rdx 260 nop;nop 261 leaq 2+sl2@dtpoff(%rax), %r9 262 nop;nop;nop;nop 263 264 /* -mcmodel=large LD against hidden and local variables */ 265 leaq sh1@tlsld(%rip), %rdi 266 movabsq $__tls_get_addr@pltoff, %rax 267 addq %rbx, %rax 268 call *%rax 269 nop;nop 270 leaq sh1@dtpoff(%rax), %rdx 271 nop;nop 272 leaq sh2@dtpoff+3(%rax), %rcx 273 nop;nop;nop;nop 274 275 /* -mcmodel=large LD against hidden but not local variables */ 276 leaq sH1@tlsld(%rip), %rdi 277 movabsq $__tls_get_addr@pltoff, %rax 278 addq %rbx, %rax 279 call *%rax 280 nop;nop 281 leaq sH1@dtpoff(%rax), %r12 282 nop;nop 283 leaq sH2@dtpoff+1(%rax), %rcx 284 nop;nop;nop;nop 285 286 popq %rbx 287 popq %rbx 288 289 leave 290 ret 291