https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113874
--- Comment #20 from Florian Weimer <fw at gcc dot gnu.org> --- (In reply to H.J. Lu from comment #19) > (In reply to Florian Weimer from comment #9) > > (In reply to H.J. Lu from comment #7) > > > > The __tls_get_addr call with the default approach potentially needs to > > > > solve > > > > the same problem, doesn't it? > > > > > > Isn't __tls_get_addr called via the PLT entry? > > > > I'm not sure if that matters? Even if the lazy binding trampoline is active, > > it won't protect the actual call. > > Non-GNU2 TLS has > > 0000000000004000 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 > __tls_get_addr + 1010 > > which calls _dl_runtime_resolve with lazy binding. _dl_runtime_resolve > preserves all caller-saved registers. The dynamic linker preserves register contents during lazy binding and restores them before calling __tls_get_addr, so it doesn't help with __tls_get_addr register usage itself. And lazy binding happens only once per process and object, while we need to protect the first call on every thread.