Adds two new external authors to etc/update-copyright.py to cover
bfd/ax_tls.m4, and adds gprofng to dirs handled automatically, then
updates copyright messages as follows:
1) Update cgen/utils.scm emitted copyrights.
2) Run "etc/update-copyright.py --this-year" with an extra external
author I haven't committed, 'Kalray SA.', to cover gas testsuite
files (which should have their copyright message removed).
3) Build with --enable-maintainer-mode --enable-cgen-maint=yes.
4) Check out */po/*.pot which we don't update frequently.
For
add name@gottpoff(%rip), %reg
mov name@gottpoff(%rip), %reg
add
# define R_X86_64_CODE_4_GOTTPOFF 44
and for
lea name@tlsdesc(%rip), %reg
add
# define R_X86_64_CODE_4_GOTPC32_TLSDESC 45
if the instruction starts at 4 bytes before the relocation offset.
They are similar to R_X86_64_GOTTPOFF and R_X86_64_GOTPC32_TLSDESC,
respectively. Linker can covert GOTTPOFF to
add $name@tpoff, %reg
mov $name@tpoff, %reg
and GOTPC32_TLSDESC to
mov $name@tpoff, %reg
mov name@gottpoff(%rip), %reg
if the instruction is encoded with the REX2 prefix when possible.
bfd/
* elf64-x86-64.c (x86_64_elf_howto_table): Add
R_X86_64_CODE_4_GOTTPOFF and R_X86_64_CODE_4_GOTPC32_TLSDESC.
(R_X86_64_standard): Updated.
(x86_64_reloc_map): Add BFD_RELOC_X86_64_CODE_4_GOTTPOFF
and BFD_RELOC_X86_64_CODE_4_GOTPC32_TLSDESC.
(elf_x86_64_check_tls_transition): Handle R_X86_64_CODE_4_GOTTPOFF
and R_X86_64_CODE_4_GOTPC32_TLSDESC.
(elf_x86_64_tls_transition): Likewise.
(elf_x86_64_scan_relocs): Likewise.
(elf_x86_64_relocate_section): Likewise.
* reloc.c (bfd_reloc_code_real): Add
BFD_RELOC_X86_64_CODE_4_GOTTPOFF and
BFD_RELOC_X86_64_CODE_4_GOTPC32_TLSDESC.
* bfd-in2.h: Regenerated.
* libbfd.h: Likewise.
gas/
* config/tc-i386.c (tc_i386_fix_adjustable): Handle
BFD_RELOC_X86_64_CODE_4_GOTTPOFF and
BFD_RELOC_X86_64_CODE_4_GOTPC32_TLSDESC.
(md_assemble): Handle BFD_RELOC_X86_64_CODE_4_GOTTPOFF.
(output_insn): Don't add empty REX prefix with REX2 prefix.
(output_disp): Handle BFD_RELOC_X86_64_CODE_4_GOTTPOFF and
BFD_RELOC_X86_64_CODE_4_GOTPC32_TLSDESC.
(md_apply_fix): Likewise.
(i386_validate_fix): Generate BFD_RELOC_X86_64_CODE_4_GOTTPOFF or
BFD_RELOC_X86_64_CODE_4_GOTPC32_TLSDESC if ixp->fx_tcbit3 is set.
(tc_gen_reloc): Handle BFD_RELOC_X86_64_CODE_4_GOTTPOFF and
BFD_RELOC_X86_64_CODE_4_GOTPC32_TLSDESC.
* testsuite/gas/i386/x86-64-gottpoff.d: New file.
* testsuite/gas/i386/x86-64-gottpoff.s: Likewise.
* testsuite/gas/i386/x86-64-tlsdesc.d: Likewise.
* testsuite/gas/i386/x86-64-tlsdesc.s: Likewise.
include/
* elf/x86-64.h (elf_x86_64_reloc_type): Add
R_X86_64_CODE_4_GOTTPOFF and R_X86_64_CODE_4_GOTPC32_TLSDESC
ld/
* testsuite/ld-x86-64/tlsbindesc.d: Updated.
* testsuite/ld-x86-64/tlsbindesc.rd: Likewise.
* testsuite/ld-x86-64/tlsbindesc.s: Add R_X86_64_CODE_4_GOTTPOFF
and R_X86_64_CODE_4_GOTPC32_TLSDESC tests.
The PLT entry in executables and shared libraries contains an indirect
branch, like
jmp *foo@GOTPCREL(%rip)
push $index_foo
jmp .PLT0
or
endbr64
jmp *foo@GOTPCREL(%rip)
NOP padding
which is used to branch to the function, foo, defined in another object.
Each R_X86_64_JUMP_SLOT relocation has a corresponding PLT entry.
The dynamic tags have been added to the x86-64 psABI to mark such PLT
entries:
6d824a52a4
Add an x86-64 linker option, -z mark-plt, to mark PLT entries with
#define DT_X86_64_PLT (DT_LOPROC + 0)
#define DT_X86_64_PLTSZ (DT_LOPROC + 1)
#define DT_X86_64_PLTENT (DT_LOPROC + 3)
1. DT_X86_64_PLT: The address of the procedure linkage table.
2. DT_X86_64_PLTSZ: The total size, in bytes, of the procedure linkage
table.
3. DT_X86_64_PLTENT: The size, in bytes, of a procedure linkage table
entry.
and set the r_addend field of the R_X86_64_JUMP_SLOT relocation to the
memory offset of the indirect branch instruction. The dynamic linker
can use these tags to update the PLT section to direct branch.
bfd/
* elf-linker-x86.h (elf_linker_x86_params): Add mark_plt.
* elf64-x86-64.c (elf_x86_64_finish_dynamic_symbol): Set the
r_addend of R_X86_64_JUMP_SLOT to the indirect branch offset
in PLT entry for -z mark-plt.
* elfxx-x86.c (_bfd_x86_elf_size_dynamic_sections): Add
DT_X86_64_PLT, DT_X86_64_PLTSZ and DT_X86_64_PLTENT for
-z mark-plt.
(_bfd_x86_elf_finish_dynamic_sections): Set DT_X86_64_PLT,
DT_X86_64_PLTSZ and DT_X86_64_PLTENT.
(_bfd_x86_elf_get_synthetic_symtab): Ignore addend for
JUMP_SLOT relocation.
(_bfd_x86_elf_link_setup_gnu_properties): Set
plt_indirect_branch_offset.
* elfxx-x86.h (elf_x86_plt_layout): Add plt_indirect_branch_offset.
binutils/
* readelf.c (get_x86_64_dynamic_type): New function.
(get_dynamic_type): Call get_x86_64_dynamic_type.
include/
* elf/x86-64.h (DT_X86_64_PLT): New.
(DT_X86_64_PLTSZ): Likewise.
(DT_X86_64_PLTENT): Likewise.
ld/
* ld.texi: Document -z mark-plt and -z nomark-plt.
* emulparams/elf32_x86_64.sh: Source x86-64-plt.sh.
* emulparams/elf_x86_64.sh: Likewise.
* emulparams/x86-64-plt.sh: New file.
* testsuite/ld-x86-64/mark-plt-1.s: Likewise.
* testsuite/ld-x86-64/mark-plt-1a-x32.d: Likewise.
* testsuite/ld-x86-64/mark-plt-1a.d: Likewise.
* testsuite/ld-x86-64/mark-plt-1b-x32.d: Likewise.
* testsuite/ld-x86-64/mark-plt-1b.d: Likewise.
* testsuite/ld-x86-64/mark-plt-1c-x32.d: Likewise.
* testsuite/ld-x86-64/mark-plt-1c.d: Likewise.
* testsuite/ld-x86-64/mark-plt-1d-x32.d: Likewise.
* testsuite/ld-x86-64/mark-plt-1d.d: Likewise.
* testsuite/ld-x86-64/x86-64.exp: Run -z mark-plt tests.
For example, objcopy --set-section-flags .data=alloc,large will add
SHF_X86_64_LARGE to the .data section. Omitting "large" will drop the
SHF_X86_64_LARGE flag.
The bfd_section flag is named generically, SEC_ELF_LARGE, in case other
processors want to follow SHF_X86_64_LARGE. SEC_ELF_LARGE has the same
value as SEC_TIC54X_BLOCK used by coff.
bfd/
* section.c: Define SEC_ELF_LARGE.
* bfd-in2.h: Regenerate.
* elf64-x86-64.c (elf_x86_64_section_flags, elf_x86_64_fake_sections,
elf_x86_64_copy_private_section_data): New.
binutils/
* NEWS: Mention the new feature for objcopy.
* doc/binutils.texi: Mention "large".
* objcopy.c (parse_flags): Parse "large".
(check_new_section_flags): Error if "large" is used with a
non-x86-64 ELF target.
* testsuite/binutils-all/x86-64/large-sections.d: New.
* testsuite/binutils-all/x86-64/large-sections.s: New.
* testsuite/binutils-all/x86-64/large-sections-i386.d: New.
* testsuite/binutils-all/x86-64/large-sections-2.d: New.
* testsuite/binutils-all/x86-64/large-sections-2-x32.d: New.
_Thread_local int a;
int main() { return a; }
% gcc -fno-plt -fpic a.c -fuse-ld=bfd -Wa,-mrelax-relocations=no
/usr/bin/ld.bfd: /tmp/ccSSBgrg.o: TLS transition from R_X86_64_TLSGD to R_X86_64_GOTTPOFF against `a' at 0xd in section `.text' failed
/usr/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
This commit fixes the issue.
There is an argument that the -fno-plt TLS sequence was added after
R_X86_64_GOTPCRELX was required for call, so R_X86_64_GOTPCREL was
intended to be unsupported.
Unfortunately this standpoint has caused interop difficulty: some
projects specify -mrelax-relocations=no to build relocatable object
files compatible with older linkers (e.g.
https://github.com/IHaskell/IHaskell/issues/636) or do so by accident
(e.g. https://github.com/rust-lang/rust/pull/106511 not addressed as of
today). Many uses have not been cleaned up in practice, and compiling
with -fno-plt will lead to the `TLS transition from R_X86_64_TLSGD ...`
error which is hard to reason about.
There is another argument which may be weaker but relevant to the
necessity of -mrelax-relocations=no: HWAddressSanitizer x86-64 will
likely need some assembler support to disable relaxation. Without the
support and if the compiler needs to support many gas version, the
simplest solution would be to use -Wa,-mrelax-relocations=no.
PR ld/24784
* bfd/elf64-x86-64.c (elf_x86_64_check_tls_transition): Allow
R_X86_64_GOTPCREL.
SFrame format is meant for generating stack traces only.
bfd/
* elf-bfd.h: Replace the use of "unwind" with "stack trace".
* elf-sframe.c: Likewise.
* elf64-x86-64.c: Likewise.
* elfxx-x86.c: Likewise.
include/
* elf/common.h: Likewise.
The newer update-copyright.py fixes file encoding too, removing cr/lf
on binutils/bfdtest2.c and ld/testsuite/ld-cygwin/exe-export.exp, and
embedded cr in binutils/testsuite/binutils-all/ar.exp string match.
There are two places where unaligned loads were seen on aarch64:
- #1. access to the SFrame FRE stack offsets in the in-memory
representation/abstraction provided by libsframe.
- #2. access to the SFrame FRE start address in the on-disk representation
of the frame row entry.
For #1, we can fix this by reordering the struct members of
sframe_frame_row_entry in libsframe/sframe-api.h.
For #2, we need to default to using memcpy instead, and copy out the bytes
to a location for output.
SFrame format is an unaligned on-disk format. As such, there are other blobs
of memory in the on-disk SFrame FRE that are on not on their natural
boundaries. But that does not pose further problems yet, because the users
are provided access to the on-disk SFrame FRE data via libsframe's
sframe_frame_row_entry, the latter has its' struct members aligned on their
respective natural boundaries (and initialized using memcpy).
PR 29856 libsframe asan: load misaligned at sframe.c:516
ChangeLog:
PR libsframe/29856
* bfd/elf64-x86-64.c: Adjust as the struct members have been
reordered.
* libsframe/sframe.c (sframe_decode_fre_start_address): Use
memcpy to perform 16-bit/32-bit reads.
* libsframe/testsuite/libsframe.encode/encode-1.c: Adjust as the
struct members have been reordered.
include/ChangeLog:
PR libsframe/29856
* sframe-api.h: Reorder fre_offsets for natural alignment.
The linker merges all the input .sframe sections. When merging, the
linker verifies that all the input .sframe sections have the same
abi/arch.
The linker uses libsframe library to perform key actions on the
.sframe sections - decode, read, and create output data. This
implies buildsystem changes to make and install libsframe before
libbfd.
The linker places the output .sframe section in a new segment of its
own: PT_GNU_SFRAME. A new segment is not added, however, if the
generated .sframe section is empty.
When a section is discarded from the final link, the corresponding
entries in the .sframe section for those functions are also deleted.
The linker sorts the SFrame FDEs on start address by default and sets
the SFRAME_F_FDE_SORTED flag in the .sframe section.
This patch also adds support for generation of SFrame unwind
information for the .plt* sections on x86_64. SFrame unwind info is
generated for IBT enabled PLT, lazy/non-lazy PLT.
The existing linker option --no-ld-generated-unwind-info has been
adapted to include the control of whether .sframe unwind information
will be generated for the linker generated sections like PLT.
Changes to the linker script have been made as necessary.
ChangeLog:
* Makefile.def: Add install dependency on libsframe for libbfd.
* Makefile.in: Regenerated.
* bfd/Makefile.am: Add elf-sframe.c
* bfd/Makefile.in: Regenerated.
* bfd/bfd-in2.h (SEC_INFO_TYPE_SFRAME): Regenerated.
* bfd/configure: Regenerate.
* bfd/configure.ac: Add elf-sframe.lo.
* bfd/elf-bfd.h (struct sframe_func_bfdinfo): New struct.
(struct sframe_dec_info): Likewise.
(struct sframe_enc_info): Likewise.
(struct elf_link_hash_table): New member for encoded .sframe
object.
(struct output_elf_obj_tdata): New member.
(elf_sframe): New access macro.
(_bfd_elf_set_section_sframe): New declaration.
* bfd/elf.c (get_segment_type): Handle new segment
PT_GNU_SFRAME.
(bfd_section_from_phdr): Likewise.
(get_program_header_size): Likewise.
(_bfd_elf_map_sections_to_segments): Likewise.
* bfd/elf64-x86-64.c (elf_x86_64_link_setup_gnu_properties): Add
contents to the .sframe sections or .plt* entries.
* bfd/elflink.c (elf_section_ignore_discarded_relocs): Handle
SEC_INFO_TYPE_SFRAME.
(_bfd_elf_default_action_discarded): Handle .sframe section.
(elf_link_input_bfd): Merge .sframe section.
(bfd_elf_final_link): Write the output .sframe section.
(bfd_elf_discard_info): Handle discarding .sframe section.
* bfd/elfxx-x86.c (_bfd_x86_elf_size_dynamic_sections): Create
.sframe section for .plt and .plt.sec.
(_bfd_x86_elf_finish_dynamic_sections): Handle .sframe from
.plt* sections.
* bfd/elfxx-x86.h (PLT_SFRAME_FDE_START_OFFSET): New
definition.
(SFRAME_PLT0_MAX_NUM_FRES): Likewise.
(SFRAME_PLTN_MAX_NUM_FRES): Likewise.
(struct elf_x86_sframe_plt): New structure.
(struct elf_x86_link_hash_table): New member.
(struct elf_x86_init_table): New members for .sframe
creation.
* bfd/section.c: Add new definition SEC_INFO_TYPE_SFRAME.
* binutils/readelf.c (get_segment_type): Handle new segment
PT_GNU_SFRAME.
* ld/ld.texi: Update documentation for
--no-ld-generated-unwind-info.
* ld/scripttempl/elf.sc: Support .sframe sections.
* ld/Makefile.am (TESTSFRAMELIB): Use it.
(check-DEJAGNU): Likewise.
* ld/Makefile.in: Regenerated.
* ld/configure.ac (TESTSFRAMELIB): Set to the .so or .a like TESTBFDLIB.
* ld/configure: Regenerated.
* bfd/elf-sframe.c: New file.
include/ChangeLog:
* elf/common.h (PT_GNU_SFRAME): New definition.
* elf/internal.h (struct elf_segment_map): Handle new segment
type PT_GNU_SFRAME.
ld/testsuite/ChangeLog:
* ld/testsuite/ld-bootstrap/bootstrap.exp: Add SFRAMELIB.
* ld/testsuite/ld-aarch64/aarch64-elf.exp: Add new test
sframe-simple-1.
* ld/testsuite/ld-aarch64/sframe-bar.s: New file.
* ld/testsuite/ld-aarch64/sframe-foo.s: Likewise.
* ld/testsuite/ld-aarch64/sframe-simple-1.d: Likewise.
* ld/testsuite/ld-sframe/sframe-empty.d: New test.
* ld/testsuite/ld-sframe/sframe-empty.s: New file.
* ld/testsuite/ld-sframe/sframe.exp: New testsuite.
* ld/testsuite/ld-x86-64/sframe-bar.s: New file.
* ld/testsuite/ld-x86-64/sframe-foo.s: Likewise.
* ld/testsuite/ld-x86-64/sframe-simple-1.d: Likewise.
* ld/testsuite/ld-x86-64/sframe-plt-1.d: Likewise.
* ld/testsuite/ld-x86-64/sframe-simple-1.d: Likewise.
* ld/testsuite/ld-x86-64/x86-64.exp: Add new tests -
sframe-simple-1, sframe-plt-1.
* ld/testsuite/lib/ld-lib.exp: Add new proc to check if
assembler supports SFrame section.
* ld/testsuite/ld-sframe/discard.d: New file.
* ld/testsuite/ld-sframe/discard.ld: Likewise.
* ld/testsuite/ld-sframe/discard.s: Likewise.
On x86-64 the default ELF_MAXPAGESIZE depends on a configure
option (--disable-separate-code). Since 9833b775
("PR28824, relro security issues") we use max-page-size for relro
alignment (with a short interval, from 31b4d3a ("PR28824, relro
security issues, x86 keep COMMONPAGESIZE relro") to its revert
a1faa5ea, where x86-64 only used COMMONPAGESIZE as relro alignment
target).
But that means that a linker configured with --disable-separate-code
behaves different from one configured with --enable-separate-code
(the default), _even if using "-z {no,}separate-code" option to use
the non-configured behaviour_ . In particular it means that when
configuring with --disable-separate-code the linker will produce
binaries aligned to 2MB pages on disk, and hence generate 2MB
executables for a hello world (and even 6MB when linked with
"-z separate-code").
Generally we can't have constants that ultimately land in static
variables be depending on configure options if those only influence
behaviour that is overridable by command line options.
So, do away with that, make the default MAXPAGESIZE be 4k (as is default
for most x86-64 configs anyway, as most people won't configure with
--disable-separate-code). If people need more they can use the
"-z max-page-size" (with would have been required right now for a
default configure binutils).
bfd/
* elf64-x86-64.c (ELF_MAXPAGESIZE): Don't depend on
DEFAULT_LD_Z_SEPARATE_CODE.
On x86, the PLT entry in executable may be used as function address for
functions in shared libraries. If functions are protected, the function
address used in executable can be different from the function address
used in shared library. This will lead to incorrect run-time behavior
if function pointer equality is needed. By default, x86 linker issues
an error in this case.
On Solaris, linker issued an error for
struct tm *tb = (kind == CPP_time_kind::FIXED ? gmtime : localtime) (&tt);
where gmtime is a protected function in libc.so. Use gmtime's PLT entry
in executable as function address is safe since function pointer equality
isn't needed. Ignore protected visibility in shared libraries on Solaris
to disable linker error. If function pointer equality is needed, linker
will silently generate executable with incorrect run-time behavior on
Solaris.
PR ld/29512
* elf32-i386.c (elf_i386_scan_relocs): Ignore protected
visibility in shared libraries on Solaris.
* elf64-x86-64.c (elf_x86_64_scan_relocs): Likewise.
Since glibc 2.36 will issue warnings for copy relocation against
protected symbols and non-canonical reference to canonical protected
functions, change the linker to always disallow such relocations.
bfd/
* elf32-i386.c (elf_i386_scan_relocs): Remove check for
elf_has_indirect_extern_access.
* elf64-x86-64.c (elf_x86_64_scan_relocs): Likewise.
(elf_x86_64_relocate_section): Remove check for
elf_has_no_copy_on_protected.
* elfxx-x86.c (elf_x86_allocate_dynrelocs): Check for building
executable instead of elf_has_no_copy_on_protected.
(_bfd_x86_elf_adjust_dynamic_symbol): Disallow copy relocation
against non-copyable protected symbol.
* elfxx-x86.h (SYMBOL_NO_COPYRELOC): Remove check for
elf_has_no_copy_on_protected.
ld/
* testsuite/ld-i386/i386.exp: Expect linker error for PR ld/17709
test.
* testsuite/ld-i386/pr17709.rd: Removed.
* testsuite/ld-i386/pr17709.err: New file.
* testsuite/ld-x86-64/pr17709.rd: Removed.
* testsuite/ld-x86-64/pr17709.err: New file.
* testsuite/ld-x86-64/pr28875-func.err: Updated.
* testsuite/ld-x86-64/x86-64.exp: Expect linker error for PR
ld/17709 test. Add tests for function pointer against protected
function.
Call _bfd_elf_symbol_refs_local_p with local_protected==true. This has
2 noticeable effects for -shared:
* GOT-generating relocations referencing a protected data symbol no
longer lead to a GLOB_DAT (similar to a hidden symbol).
* Direct access relocations (e.g. R_X86_64_PC32) no longer has the
confusing diagnostic below.
__attribute__((visibility("protected"))) void *foo() {
return (void *)foo;
}
// gcc -fpic -shared -fuse-ld=bfd
relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object
The new behavior matches arm, aarch64 (commit
83c325007c), and powerpc ports, and other
linkers: gold and ld.lld.
Note: if some code tries to use direct access relocations to take the
address of foo, the pointer equality will break, but the error should be
reported on the executable link, not on the innocent shared object link.
glibc 2.36 will give a warning at relocation resolving time.
With this change, `#define elf_backend_extern_protected_data 1` is no
longer effective. Just remove it.
Remove the test "Run protected-func-1 without PIE" since -fno-pic
address taken operation in the executable doesn't work with protected
symbol in a shared object by default. Similarly, remove
protected-data-1a and protected-data-1b. protected-data-1b can be made
working by removing HAVE_LD_PIE_COPYRELOC from GCC
(https://sourceware.org/pipermail/gcc-patches/2022-June/596678.html).
Only check invalid relocation against protected symbol defined in shared
object.
bfd/
PR ld/29377
* elf32-i386.c (elf_i386_scan_relocs): Only check invalid
relocation against protected symbol defined in shared object.
* elf64-x86-64.c (elf_x86_64_scan_relocs): Likewise.
ld/
PR ld/29377
* testsuite/ld-elf/linux-x86.exp: Run PR ld/29377 tests.
* testsuite/ld-elf/pr29377a.c: New file.
* testsuite/ld-elf/pr29377b.c: Likewise.
Update
commit 68c4956b14
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Apr 26 09:08:54 2022 -0700
x86: Properly handle function pointer reference
to properly handle IFUNC function pointer reference. Since IFUNC symbol
value is only known at run-time, set pointer_equality_needed for IFUNC
function pointer reference in PDE so that it will be resolved to its PLT
entry directly.
bfd/
PR ld/29216
* elf32-i386.c (elf_i386_scan_relocs): Set pointer_equality_needed
for IFUNC function pointer reference in PDE.
* elf64-x86-64.c (elf_x86_64_scan_relocs): Likewise.
ld/
PR ld/29216
* testsuite/ld-ifunc/ifunc.exp: Run PR ld/29216 test.
* testsuite/ld-ifunc/pr29216.c: New file.
Update
commit ebb191adac
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Feb 9 15:51:22 2022 -0800
x86: Disallow invalid relocation against protected symbol
to allow function pointer reference and make sure that PLT entry isn't
used for function reference due to function pointer reference.
bfd/
PR ld/29087
* elf32-i386.c (elf_i386_scan_relocs): Don't set
pointer_equality_needed nor check non-canonical reference for
function pointer reference.
* elf64-x86-64.c (elf_x86_64_scan_relocs): Likewise.
ld/
PR ld/29087
* testsuite/ld-x86-64/x86-64.exp: Run PR ld/29087 tests.
* testsuite/ld-x86-64/protected-func-3.c: New file.
I am checking this into master and will backport it to 2.38 branch.
H.J
----
On x86, GCC 12 supports -mno-direct-extern-access to enable canonical
reference to protected function and disable copy relocation. With
-mno-direct-extern-access, the canonical protected function symbols must
be accessed via canonical reference and the protected data symbols in
shared libraries are non-copyable. Under glibc 2.35, non-canonical
reference to the canonical protected function will get the run-time error:
./y: internal_f: ./libfoo.so: non-canonical reference to canonical protected function
and copy relocations against the non-copyable protected symbols will get
the run-time error:
./x: internal_i: ./libfoo.so: copy relocation against non-copyable protected symbol
Update x86 linker to disallow non-canonical reference to the canonical
protected function:
ld: plt.o: non-canonical reference to canonical protected function `internal_f' in libfoo.so
ld: failed to set dynamic section sizes: bad value
and copy relocation against the non-copyable protected symbol:
ld: main.o: copy relocation against non-copyable protected symbol `internal_i' in libfoo.so
at link-time.
bfd/
PR ld/28875
* elf-properties.c (_bfd_elf_parse_gnu_properties): Don't skip
shared libraries for GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS.
* elf32-i386.c (elf_i386_scan_relocs): Disallow non-canonical
reference to canonical protected function.
* elf64-x86-64.c (elf_x86_64_scan_relocs): Likewise.
* elfxx-x86.c (elf_x86_allocate_dynrelocs): Don't allow copy
relocation against non-copyable protected symbol.
ld/
PR ld/28875
* testsuite/ld-i386/i386.exp: Check non-canonical reference to
canonical protected function and check copy relocation against
non-copyable protected symbol.
* testsuite/ld-i386/pr21997-1.err: New file.
* testsuite/ld-i386/pr28875.err: Likewise.
* testsuite/ld-i386/pr28875a.c: Likewise.
* testsuite/ld-i386/pr28875b.c: Likewise.
* testsuite/ld-x86-64/pr21997-1a.err: Updated.
* testsuite/ld-x86-64/pr21997-1b.err: Likewise.
* testsuite/ld-x86-64/pr28875-data.err: New file.
* testsuite/ld-x86-64/pr28875-func.err: Likewise.
* testsuite/ld-x86-64/x86-64.exp: Check non-canonical reference
to canonical protected function and check copy relocation against
non-copyable protected symbol.
DT_RELR is implemented with linker relaxation:
1. During linker relaxation, we scan input relocations with the same
logic in relocate_section to determine if a relative relocation should
be generated and save the relative relocation candidate information for
sizing the DT_RELR section later after all symbols addresses can be
determined. For these relative relocations which can't be placed in
the DT_RELR section, they will be placed in the rela.dyn/rel.dyn
section.
2. When DT_RELR is enabled, _bfd_elf_map_sections_to_segments calls a
backend function to size the DT_RELR section which will compute the
DT_RELR section size and tell ldelf_map_segments to layout sections
again when the DT_RELR section size has been increased.
3. After regular symbol processing is finished, bfd_elf_final_link calls
a backend function to finish the DT_RELR section.
* elf32-i386.c (elf_i386_relocate_section): Don't generate
relative relocation when DT_RELR is enabled.
(elf_i386_finish_dynamic_symbol): Likewise.
* elf64-x86-64.c (elf_x86_64_relocate_section): Don't generate
relative relocation when DT_RELR is enabled.
(elf_x86_64_finish_dynamic_symbol): Likewise.
* elfxx-x86.c (_bfd_x86_elf_link_hash_table_create): Initialize
relative_r_type, relative_r_name, elf_append_reloc,
elf_write_addend and elf_write_addend_in_got.
(elf_x86_relative_reloc_record_add): New function.
(_bfd_x86_elf_link_relax_section): Likewise.
(elf64_dt_relr_bitmap_add): Likewise.
(elf32_dt_relr_bitmap_add): Likewise.
(_bfd_elf32_write_addend): Likewise.
(_bfd_elf64_write_addend): Likewise.
(elf_x86_size_or_finish_relative_reloc): Likewise.
(elf_x86_compute_dl_relr_bitmap): Likewise.
(elf_x86_write_dl_relr_bitmap): Likewise.
(elf_x86_relative_reloc_compare ): Likewise.
(_bfd_elf_x86_size_relative_relocs): Likewise.
(_bfd_elf_x86_finish_relative_relocs): Likewise.
(_bfd_x86_elf_size_dynamic_sections): Skip the .relr.dyn section.
(_bfd_x86_elf_finish_dynamic_sections): Convert 3 spare dynamic
tags to DT_RELR, DT_RELRSZ and for compact relative relocation.
* elfxx-x86.h (X86_64_GOT_TYPE_P): New.
(I386_GOT_TYPE_P): Likewise.
(X86_GOT_TYPE_P): Likewise.
(X86_64_RELATIVE_RELOC_TYPE_P): Likewise.
(I386_RELATIVE_RELOC_TYPE_P): Likewise.
(X86_RELATIVE_RELOC_TYPE_P): Likewise.
(X86_LOCAL_GOT_RELATIVE_RELOC_P): Likewise.
(I386_PCREL_TYPE_P): Likewise.
(X86_64_PCREL_TYPE_P): Likewise.
(X86_64_NEED_DYNAMIC_RELOC_TYPE_P): Rewrite.
(I386_NEED_DYNAMIC_RELOC_TYPE_P): Likewise.
(GENERATE_DYNAMIC_RELOCATION_P): Also check rel_from_abs.
(elf_x86_link_hash_entry): Add got_relative_reloc_done.
(elf_x86_relative_reloc_record): New.
(elf_x86_relative_reloc_data): Likewise.
(elf_dt_relr_bitmap): Likewise.
(elf_x86_link_hash_table): Add dt_relr_bitmap, relative_reloc,
unaligned_relative_reloc, relative_r_type, relative_r_name,
elf_append_reloc, elf_write_addend, elf_write_addend_in_got and
relative_reloc_done.
(elf_x86_relative_reloc_done): New.
(relative_reloc_packed): Likewise.
(_bfd_x86_elf_link_relax_section): Likewise.
(_bfd_elf_x86_size_relative_relocs): Likewise.
(_bfd_elf_x86_finish_relative_relocs): Likewise.
(_bfd_elf32_write_addend): Likewise.
(_bfd_elf64_write_addend): Likewise.
(bfd_elf32_bfd_relax_section): Likewise.
(bfd_elf64_bfd_relax_section): Likewise.
(elf_backend_size_relative_relocs): Likewise.
(elf_backend_finish_relative_relocs): Likewise.
(elf_x86_allocate_local_got_info): Also allocate
relative_reloc_done.
DT_RELR encodes consecutive R_*_RELATIVE relocations in GOT (the global
offset table) and data sections in a compact format:
https://groups.google.com/g/generic-abi/c/bX460iggiKg
On some targets, R_*_RELATIVE relocations are counted and the GOT offsets
are allocated when setting the dynamic section sizes after seeing all
relocations. R_*_RELATIVE relocations are generated while relocating
sections after section layout has been finalized.
To prepare for DT_RELR implementation on these targets, extract
_bfd_elf_link_iterate_on_relocs from _bfd_elf_link_check_relocs so
that a backend can scan relocations in elf_backend_always_size_sections
For x86 targets, the old check_relocs is renamed to scan_relocs and a
new check_relocs is added to chek input sections and create dynamic
relocation sections so that they will be mapped to output sections.
scan_relocs is now called from elf_backend_always_size_sections.
Since relocations are scanned after __start, __stop, .startof. and
.sizeof. symbols have been finalized on x86, __[start|stop]_SECNAME for
--gc-sections -z start-stop-gc are now zero when all SECNAME sections
been garbage collected. This is no need for elf_x86_start_stop_gc_p.
bfd/
* elf-bfd.h (_bfd_elf_link_iterate_on_relocs): New.
* elf32-i386.c (elf_i386_convert_load_reloc): Don't call
elf_x86_start_stop_gc_p.
(elf_i386_check_relocs): Renamed to ...
(elf_i386_scan_relocs): This. Don't call
_bfd_elf_make_dynamic_reloc_section.
(elf_i386_always_size_sections): New.
(elf_backend_check_relocs): Removed.
(elf_backend_always_size_sections): New.
* elf64-x86-64.c (elf_x86_64_convert_load_reloc): Don't call
elf_x86_start_stop_gc_p.
(elf_x86_64_check_relocs): Renamed to ...
(elf_x86_64_scan_relocs): This. Don't call
_bfd_elf_make_dynamic_reloc_section.
(elf_x86_64_always_size_sections): New.
(elf_backend_check_relocs): Removed.
(elf_backend_always_size_sections): New.
* elflink.c (elf_link_check_or_scan_relocs):
New. Extracted from _bfd_elf_link_check_relocs.
(_bfd_elf_link_check_relocs): Call elf_link_check_or_scan_relocs.
* elfxx-x86.c (_bfd_x86_elf_check_relocs): New.
* elfxx-x86.h (X86_64_NEED_DYNAMIC_RELOC_TYPE_P): New.
(I386_NEED_DYNAMIC_RELOC_TYPE_P): Likewise.
(X86_NEED_DYNAMIC_RELOC_TYPE_P): Likewise.
(_bfd_x86_elf_check_relocs): Likewise.
(elf_backend_check_relocs): Likewise.
(elf_backend_always_size_sections): Removed.
(elf_x86_start_stop_gc_p): Likewise.
ld/
* testsuite/ld-i386/pr27491-1a.d: Updated.
* testsuite/ld-x86-64/pr27491-1a.d: Likewise.
Add elf_x86_allocate_local_got_info to allocate x86 GOT info for local
symbols.
* elf32-i386.c (elf_i386_check_relocs): Call
elf_x86_allocate_local_got_info.
* elf64-x86-64.c (elf_x86_64_check_relocs): Likewise.
* elfxx-x86.h (elf_x86_allocate_local_got_info): New.
The result of running etc/update-copyright.py --this-year, fixing all
the files whose mode is changed by the script, plus a build with
--enable-maintainer-mode --enable-cgen-maint=yes, then checking
out */po/*.pot which we don't update frequently.
The copy of cgen was with commit d1dd5fcc38ead reverted as that commit
breaks building of bfp opcodes files.
The idea of this patch is to make it easy to see which targets (just
sparc) have ELF_MINPAGESIZE != ELF_COMMONPAGESIZE.
* elf32-arm.c (ELF_MINPAGESIZE): Don't define.
* elf32-metag.c: Likewise.
* elfnn-aarch64.c: Likewise.
* elf64-x86-64.c: Likewise. Also don't redefine a bunch of other
macros for l1om elf64-target.h use that are unchanged from default.
If GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS is set on any input
relocatable files:
1. Don't generate copy relocations.
2. Turn off extern_protected_data since it implies
GNU_PROPERTY_NO_COPY_ON_PROTECTED.
3. Treate reference to protected symbols with indirect external access
as local.
4. Set GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS on output.
5. When generating executable, clear this bit when there are non-GOT or
non-PLT relocations in input relocatable files without the bit set.
6. Add -z [no]indirect-extern-access to control indirect external access.
bfd/
* elf-bfd (elf_obj_tdata): Add has_indirect_extern_access.
(elf_has_indirect_extern_access): New.
* elf-properties.c (_bfd_elf_parse_gnu_properties): Set
elf_has_indirect_extern_access and elf_has_no_copy_on_protected
when seeing GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS.
(elf_write_gnu_propertie): Add an argument to pass link_info.
Set needed_1_p for GNU_PROPERTY_1_NEEDED in memory.
(_bfd_elf_link_setup_gnu_properties): Handle
GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS for
-z indirect-extern-access. Set nocopyreloc to true and
extern_protected_data to false for indirect external access.
(_bfd_elf_convert_gnu_properties): Updated.
* elf32-i386.c (elf_i386_check_relocs): Set
non_got_ref_without_indirect_extern_access on legacy non-GOT or
non-PLT references.
* elf64-x86-64.c (elf_x86_64_check_relocs): Likewise.
* elflink.c (_bfd_elf_symbol_refs_local_p): Return true for
STV_PROTECTED symbols with indirect external access.
* elfxx-x86.c (_bfd_x86_elf_adjust_dynamic_symbol): Clear
indirect_extern_access for legacy non-GOT/non-PLT references.
* elfxx-x86.h (elf_x86_link_hash_entry): Add
non_got_ref_without_indirect_extern_access.
include/
* bfdlink.h (bfd_link_info): Add indirect_extern_access and
needed_1_p. Change nocopyreloc to int.
ld/
* NEWS: Mention -z [no]indirect-extern-access
* ld.texi: Document -z [no]indirect-extern-access
* ldmain.c (main): Initialize link_info.indirect_extern_access
to -1.
* emulparams/extern_protected_data.sh: Support
-z [no]indirect-extern-access.
* testsuite/ld-elf/indirect-extern-access-1.rd: New file
* testsuite/ld-elf/indirect-extern-access-1a.c: Likewise.
* testsuite/ld-elf/indirect-extern-access-1b.c: Likewise.
* testsuite/ld-elf/indirect-extern-access-2.rd: Likewise.
* testsuite/ld-elf/indirect-extern-access-2a.c: Likewise.
* testsuite/ld-elf/indirect-extern-access-2b.c: Likewise.
* testsuite/ld-elf/indirect-extern-access-3.rd: Likewise.
* testsuite/ld-elf/indirect-extern-access.S: Likewise.
* testsuite/ld-elf/property-1_needed-1b.d: Likewise.
* testsuite/ld-elf/property-1_needed-1c.d: Likewise.
* testsuite/ld-x86-64/indirect-extern-access.rd: Likewise.
* testsuite/ld-x86-64/protected-data-1.h: Likewise.
* testsuite/ld-x86-64/protected-data-1a.c: Likewise.
* testsuite/ld-x86-64/protected-data-1b.c: Likewise.
* testsuite/ld-x86-64/protected-data-2a.S: Likewise.
* testsuite/ld-x86-64/protected-data-2b.S: Likewise.
* testsuite/ld-x86-64/protected-func-2a.S: Likewise.
* testsuite/ld-x86-64/protected-func-2b.S: Likewise.
* testsuite/ld-x86-64/protected-func-2c.c: Likewise.
* testsuite/ld-elf/linux-x86.exp: Run test with
GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS.
* testsuite/ld-x86-64/x86-64.exp: Run tests for protected
function and data with indirect external access.
Disallow PC relocations against weak undefined symbols in PIE since they
can lead to non-zero address at run-time.
bfd/
PR ld/21782
* elf64-x86-64.c (elf_x86_64_relocate_section): Disallow PC
relocations against weak undefined symbols in PIE.
ld/
PR ld/21782
* testsuite/ld-x86-64/pie3.d: Expect linker error.
When link_info.keep_memory is true, linker caches the relocation
information and symbol tables of input files in memory. When there
are many input files with many relocations, we may run out of memory.
Add --max-cache-size=SIZE to set the maximum cache size.
bfd/
PR ld/18028
* bfd.c (bfd): Add alloc_size.
* elf-bfd.h (_bfd_elf_link_info_read_relocs): New.
* elf32-i386.c (elf_i386_check_relocs): Use _bfd_link_keep_memory.
Update cache_size.
* elf64-x86-64.c (elf_x86_64_check_relocs): Likewise.
* elflink.c (_bfd_elf_link_read_relocs): Renamed to ...
(_bfd_elf_link_info_read_relocs): This. Update cache_size.
(_bfd_elf_link_read_relocs): New.
(_bfd_elf_link_check_relocs): Call _bfd_elf_link_info_read_relocs
instead of _bfd_elf_link_read_relocs.
(elf_link_add_object_symbols): Likewise.
(elf_link_input_bfd): Likewise.
(init_reloc_cookie_rels): Likewise.
(init_reloc_cookie): Update cache_size. Call
_bfd_elf_link_info_read_relocs instead of
_bfd_elf_link_read_relocs.
(link_info_ok): New.
(elf_gc_smash_unused_vtentry_relocs): Updated. Call
_bfd_elf_link_info_read_relocs instead of
_bfd_elf_link_read_relocs.
(bfd_elf_gc_sections): Use link_info_ok. Pass &link_info_ok
to elf_gc_smash_unused_vtentry_relocs.
* libbfd-in.h (_bfd_link_keep_memory): New.
* linker.c (_bfd_link_keep_memory): New.
* opncls.c (bfd_alloc): Update alloc_size.
* bfd-in2.h: Regenerated.
* libbfd.h: Likewise.
include/
PR ld/18028
* bfdlink.h (bfd_link_info): Add cache_size and max_cache_size.
ld/
PR ld/18028
* NEWS: Mention --max-cache-size=SIZE.
* ld.texi: Document --max-cache-size=SIZE.
* ldlex.h (option_values): Add OPTION_MAX_CACHE_SIZE.
* ldmain.c: (main): Set link_info.max_cache_size to -1.
* lexsup.c (ld_options): Add --max-cache-size=SIZE.
(parse_args): Support OPTION_MAX_CACHE_SIZE.
* testsuite/ld-bootstrap/bootstrap.exp: Add test for
--max-cache-size=-1.
commit a7664973b2
Author: Jan Beulich <jbeulich@suse.com>
Date: Mon Apr 26 10:41:35 2021 +0200
x86: correct overflow checking for 16-bit PC-relative relocs
caused linker failure when building 16-bit program in a 32-bit ELF
container. Update GNU_PROPERTY_X86_FEATURE_2_USED with
#define GNU_PROPERTY_X86_FEATURE_2_CODE16 (1U << 12)
to indicate that 16-bit mode instructions are used in the input object:
https://groups.google.com/g/x86-64-abi/c/UvvXWeHIGMA
to indicate that 16-bit mode instructions are used in the object to
allow linker to properly perform relocation overflow check for 16-bit
PC-relative relocations in 16-bit mode instructions.
1. Update x86 assembler to always generate the GNU property note with
GNU_PROPERTY_X86_FEATURE_2_CODE16 for .code16 in ELF object.
2. Update i386 and x86-64 linkers to use 16-bit PC16 relocations if
input object is marked with GNU_PROPERTY_X86_FEATURE_2_CODE16.
bfd/
PR ld/27905
* elf32-i386.c: Include "libiberty.h".
(elf_howto_table): Add 16-bit R_386_PC16 entry.
(elf_i386_rtype_to_howto): Add a BFD argument. Use 16-bit
R_386_PC16 if input has 16-bit mode instructions.
(elf_i386_info_to_howto_rel): Update elf_i386_rtype_to_howto
call.
(elf_i386_tls_transition): Likewise.
(elf_i386_relocate_section): Likewise.
* elf64-x86-64.c (x86_64_elf_howto_table): Add 16-bit
R_X86_64_PC16 entry.
(elf_x86_64_rtype_to_howto): Use 16-bit R_X86_64_PC16 if input
has 16-bit mode instructions.
* elfxx-x86.c (_bfd_x86_elf_parse_gnu_properties): Set
elf_x86_has_code16 if relocatable input is marked with
GNU_PROPERTY_X86_FEATURE_2_CODE16.
* elfxx-x86.h (elf_x86_obj_tdata): Add has_code16.
(elf_x86_has_code16): New.
binutils/
PR ld/27905
* readelf.c (decode_x86_feature_2): Support
GNU_PROPERTY_X86_FEATURE_2_CODE16.
gas/
PR ld/27905
* config/tc-i386.c (set_code_flag): Update x86_feature_2_used
with GNU_PROPERTY_X86_FEATURE_2_CODE16 for .code16 in ELF
object.
(set_16bit_gcc_code_flag): Likewise.
(x86_cleanup): Always generate the GNU property note if
x86_feature_2_used isn't 0.
* testsuite/gas/i386/code16-2.d: New file.
* testsuite/gas/i386/code16-2.s: Likewise.
* testsuite/gas/i386/x86-64-code16-2.d: Likewise.
* testsuite/gas/i386/i386.exp: Run code16-2 and x86-64-code16-2.
include/
PR ld/27905
* elf/common.h (GNU_PROPERTY_X86_FEATURE_2_CODE16): New.
ld/
PR ld/27905
* testsuite/ld-i386/code16.d: New file.
* testsuite/ld-i386/code16.t: Likewise.
* testsuite/ld-x86-64/code16.d: Likewise.
* testsuite/ld-x86-64/code16.t: Likewise.
* testsuite/ld-i386/i386.exp: Run code16.
* testsuite/ld-x86-64/x86-64.exp: Likewise.
x86-64 uses rela relocations. The comment next to the field's declaration
says "Non-zero values for ELF USE_RELA targets should be viewed with
suspicion ..." And indeed the fields being non-zero causes section
contents to be accumulated into the final relocated values in addition to
the relocations' addends, which is contrary to the ELF spec.
Relocations with a bitsize matching the architecture's address width
can't usefully use an overflow checking approach other than "dont" or
"signed": All others involve perhaps complex calculations in
_bfd_relocate_contents() (or, not as severe, in bfd_check_overflow())
without ever finding anything to complain about - because of the address
width masking applied. Avoid this unnecessary overhead and switch all
such reloc types to "dont".
Note that "signed" checking with rela relocations (i.e. x86-64 here) is
only going to be useful if the addend actually got passed to
_bfd_relocate_contents() (and maybe others) instead of bogusly adding in
prior section contents (which apparently is assumed to be zero, and
hence again no overflow would ever be detected). See
https://sourceware.org/pipermail/binutils/2021-April/116164.html.
The only insn requiring a truly 16-bit PC-relative relocation outside of
16-bit mode is XBEGIN (with an operand size override). For it, the
relocation generated should behave similar to 8- and (for 64-bit) 32-bit
PC-relatives ones, i.e. be checked for a signed value to fit the field.
This same mode is also correct for 16-bit code. Outside of 16-bit code,
branches with operand size overrides act in a truly PC-relative way only
when living in the low 32k of address space, as they truncate rIP to 16
bits. This can't be expressed by a PC-relative relocation.
Putting in place a new testcase, I'd like to note that the two existing
ones (pcrel16 and pcrel16abs) appear to be pretty pointless: They don't
expect any error despite supposedly checking for overflow, and in fact
there can't possibly be any error for the
- former since gas doesn't emit any relocation in the first place there,
- latter because the way the relocation gets expressed by gas doesn't
allow the linker to notice the overflow; it should be detected by gas
if at all, but see above (an error would be reported here for x86-64
afaict, but this test doesn't get re-used there).
These are marker relocations, so together with their bit size being zero
their byte size should be zero as well. This is expressed by a value of
3, not 0.
