191094Sdes	/* Force .got aligned to 4K, so it very likely gets at 0x804a100
292289Sdes	   (0x60 bytes .tdata and 0xa0 bytes .dynamic)  */
391094Sdes	.section ".tdata", "awT", @progbits
491094Sdes	.balign	4096
591094Sdes	.globl sg1, sg2, sg3, sg4, sg5, sg6, sg7, sg8
699158Sdes	.globl sh1, sh2, sh3, sh4, sh5, sh6, sh7, sh8
799158Sdes	.hidden sh1, sh2, sh3, sh4, sh5, sh6, sh7, sh8
899158Sdessg1:	.long 17
991094Sdessg2:	.long 18
1091094Sdessg3:	.long 19
1191094Sdessg4:	.long 20
1291094Sdessg5:	.long 21
1391094Sdessg6:	.long 22
1491094Sdessg7:	.long 23
1591094Sdessg8:	.long 24
1691094Sdessl1:	.long 65
1791094Sdessl2:	.long 66
1891094Sdessl3:	.long 67
1991094Sdessl4:	.long 68
2091094Sdessl5:	.long 69
2191094Sdessl6:	.long 70
2291094Sdessl7:	.long 71
2391094Sdessl8:	.long 72
2491094Sdessh1:	.long 257
2591094Sdessh2:	.long 258
2691094Sdessh3:	.long 259
2791094Sdessh4:	.long 260
2891094Sdessh5:	.long 261
2991094Sdessh6:	.long 262
3091094Sdessh7:	.long 263
3191094Sdessh8:	.long 264
3291094Sdes	/* Force .text aligned to 4K, so it very likely gets at 0x8049000.  */
3391094Sdes	.text
3499158Sdes	.balign	4096
3591094Sdes	.globl	fn2
3691094Sdes	.type	fn2,@function
3791094Sdesfn2:
3891094Sdes	pushl	%ebp
3991094Sdes	movl	%esp, %ebp
4091094Sdes	pushl	%ebx
4191094Sdes	pushl	%eax
4291094Sdes	call	1f
4391094Sdes1:	popl	%ebx
4491094Sdes	addl	$_GLOBAL_OFFSET_TABLE_+[.-1b], %ebx
4591094Sdes	nop;nop;nop;nop
4691094Sdes
4791094Sdes	/* GD -> IE because variable is not defined in executable */
4891094Sdes	leal	sG1@tlsgd(,%ebx,1), %eax
4991094Sdes	call	___tls_get_addr@plt
5091094Sdes	nop;nop;nop;nop
5191094Sdes
5291094Sdes	/* GD -> IE because variable is not defined in executable where
5391094Sdes	   the variable is referenced through @gottpoff too */
5491094Sdes	leal	sG2@tlsgd(,%ebx,1), %eax
5591094Sdes	call	___tls_get_addr@plt
5691094Sdes	nop;nop;nop;nop
5791094Sdes
5891094Sdes	/* GD -> IE because variable is not defined in executable where
5991094Sdes	   the variable is referenced through @gotntpoff too */
6091094Sdes	leal	sG3@tlsgd(,%ebx,1), %eax
6191094Sdes	call	___tls_get_addr@plt
6291094Sdes	nop;nop;nop;nop
6391094Sdes
6491094Sdes	/* GD -> IE because variable is not defined in executable where
6591094Sdes	   the variable is referenced through @gottpoff and @gotntpoff too */
6691094Sdes	leal	sG4@tlsgd(,%ebx,1), %eax
6791094Sdes	call	___tls_get_addr@plt
6891094Sdes	nop;nop;nop;nop
6991094Sdes
7091094Sdes	/* GD -> LE with global variable defined in executable */
7191094Sdes	leal	sg1@tlsgd(,%ebx,1), %eax
7291094Sdes	call	___tls_get_addr@plt
7391094Sdes	nop;nop;nop;nop
7491094Sdes
7591094Sdes	/* GD -> LE with local variable defined in executable */
7693694Sdes	leal	sl1@tlsgd(,%ebx,1), %eax
7793694Sdes	call	___tls_get_addr@plt
7891094Sdes	nop;nop;nop;nop
7991094Sdes
8091094Sdes	/* GD -> LE with hidden variable defined in executable */
8191094Sdes	leal	sh1@tlsgd(,%ebx,1), %eax
8291094Sdes	call	___tls_get_addr@plt
8391094Sdes	nop;nop;nop;nop
8491094Sdes
8591094Sdes	/* LD -> LE */
8691094Sdes	leal	sl1@tlsldm(%ebx), %eax
8791094Sdes	call	___tls_get_addr@PLT
8891094Sdes	nop;nop
8991094Sdes	leal	sl1@dtpoff(%eax), %edx
9091100Sdes	nop;nop
9191100Sdes	leal	sl2@dtpoff(%eax), %ecx
9291100Sdes	nop;nop;nop;nop
9391100Sdes
9491100Sdes	/* LD -> LE against hidden variables */
9591100Sdes	leal	sh1@tlsldm(%ebx), %eax
9691100Sdes	call	___tls_get_addr@PLT
9791100Sdes	nop;nop
9891100Sdes	leal	sh1@dtpoff(%eax), %edx
9991100Sdes	nop;nop
10091100Sdes	leal	sh2@dtpoff(%eax), %ecx
10191100Sdes	nop;nop;nop;nop
10291100Sdes
10391100Sdes	/* @gottpoff IE against global var  */
10491100Sdes	movl	%gs:0, %ecx
10591100Sdes	nop;nop
10691100Sdes	subl	sG2@gottpoff(%ebx), %ecx
107	nop;nop;nop;nop
108
109	/* @gottpoff IE against global var  */
110	movl	%gs:0, %eax
111	nop;nop
112	subl	sG4@gottpoff(%ebx), %eax
113	nop;nop;nop;nop
114
115	/* @gotntpoff IE against global var  */
116	movl	%gs:0, %ecx
117	nop;nop
118	addl	sG3@gotntpoff(%ebx), %ecx
119	nop;nop;nop;nop
120
121	/* @gotntpoff IE against global var  */
122	movl	%gs:0, %eax
123	nop;nop
124	addl	sG4@gotntpoff(%ebx), %eax
125	nop;nop;nop;nop
126
127	/* @gottpoff IE -> LE against global var defined in exec */
128	movl	%gs:0, %ecx
129	nop;nop
130	subl	sg1@gottpoff(%ebx), %ecx
131	nop;nop;nop;nop
132
133	/* @gotntpoff IE -> LE against local var */
134	movl	%gs:0, %ecx
135	nop;nop
136	addl	sl1@gotntpoff(%ebx), %eax
137	nop;nop;nop;nop
138
139	/* @gottpoff IE -> LE against hidden var */
140	movl	%gs:0, %ecx
141	nop;nop
142	subl	sh1@gottpoff(%ebx), %ecx
143	nop;nop;nop;nop
144
145	/* Direct access through %gs  */
146
147	/* @gotntpoff IE against global var  */
148	movl	sG5@gotntpoff(%ebx), %ecx
149	nop;nop
150	movl	%gs:(%ecx), %edx
151	nop;nop;nop;nop
152
153	/* @gotntpoff IE->LE against local var  */
154	movl	sl5@gotntpoff(%ebx), %eax
155	nop;nop
156	movl	%gs:(%eax), %edx
157	nop;nop;nop;nop
158
159	/* @gotntpoff IE->LE against hidden var  */
160	movl	sh5@gotntpoff(%ebx), %edx
161	nop;nop
162	movl	%gs:(%edx), %edx
163	nop;nop;nop;nop
164
165	/* GD -> IE because variable is not defined in executable */
166	leal	sG1@tlsgd(%ebx), %eax
167	call	___tls_get_addr@plt
168	nop;nop;nop;nop;nop
169
170	movl    -4(%ebp), %ebx
171	leave
172	ret
173