commit a7664973b2
Author: Jan Beulich <jbeulich@suse.com>
Date: Mon Apr 26 10:41:35 2021 +0200
x86: correct overflow checking for 16-bit PC-relative relocs
caused linker failure when building 16-bit program in a 32-bit ELF
container. Update GNU_PROPERTY_X86_FEATURE_2_USED with
#define GNU_PROPERTY_X86_FEATURE_2_CODE16 (1U << 12)
to indicate that 16-bit mode instructions are used in the input object:
https://groups.google.com/g/x86-64-abi/c/UvvXWeHIGMA
to indicate that 16-bit mode instructions are used in the object to
allow linker to properly perform relocation overflow check for 16-bit
PC-relative relocations in 16-bit mode instructions.
1. Update x86 assembler to always generate the GNU property note with
GNU_PROPERTY_X86_FEATURE_2_CODE16 for .code16 in ELF object.
2. Update i386 and x86-64 linkers to use 16-bit PC16 relocations if
input object is marked with GNU_PROPERTY_X86_FEATURE_2_CODE16.
bfd/
PR ld/27905
* elf32-i386.c: Include "libiberty.h".
(elf_howto_table): Add 16-bit R_386_PC16 entry.
(elf_i386_rtype_to_howto): Add a BFD argument. Use 16-bit
R_386_PC16 if input has 16-bit mode instructions.
(elf_i386_info_to_howto_rel): Update elf_i386_rtype_to_howto
call.
(elf_i386_tls_transition): Likewise.
(elf_i386_relocate_section): Likewise.
* elf64-x86-64.c (x86_64_elf_howto_table): Add 16-bit
R_X86_64_PC16 entry.
(elf_x86_64_rtype_to_howto): Use 16-bit R_X86_64_PC16 if input
has 16-bit mode instructions.
* elfxx-x86.c (_bfd_x86_elf_parse_gnu_properties): Set
elf_x86_has_code16 if relocatable input is marked with
GNU_PROPERTY_X86_FEATURE_2_CODE16.
* elfxx-x86.h (elf_x86_obj_tdata): Add has_code16.
(elf_x86_has_code16): New.
binutils/
PR ld/27905
* readelf.c (decode_x86_feature_2): Support
GNU_PROPERTY_X86_FEATURE_2_CODE16.
gas/
PR ld/27905
* config/tc-i386.c (set_code_flag): Update x86_feature_2_used
with GNU_PROPERTY_X86_FEATURE_2_CODE16 for .code16 in ELF
object.
(set_16bit_gcc_code_flag): Likewise.
(x86_cleanup): Always generate the GNU property note if
x86_feature_2_used isn't 0.
* testsuite/gas/i386/code16-2.d: New file.
* testsuite/gas/i386/code16-2.s: Likewise.
* testsuite/gas/i386/x86-64-code16-2.d: Likewise.
* testsuite/gas/i386/i386.exp: Run code16-2 and x86-64-code16-2.
include/
PR ld/27905
* elf/common.h (GNU_PROPERTY_X86_FEATURE_2_CODE16): New.
ld/
PR ld/27905
* testsuite/ld-i386/code16.d: New file.
* testsuite/ld-i386/code16.t: Likewise.
* testsuite/ld-x86-64/code16.d: Likewise.
* testsuite/ld-x86-64/code16.t: Likewise.
* testsuite/ld-i386/i386.exp: Run code16.
* testsuite/ld-x86-64/x86-64.exp: Likewise.
The official name for Loongson Architecture is LoongArch, it is better
to use LoongArch instead of Loongson Loongarch for EM_LOONGARCH to avoid
confusion and keep consistent with the various of software in the future.
The official documentation in Chinese:
http://www.loongson.cn/uploadfile/cpu/LoongArch.pdf
The translated version in English:
https://loongson.github.io/LoongArch-Documentation/
binutils/
* readelf.c (get_machine_name): Change Loongson Loongarch to
LoongArch.
include/
* elf/common.h (EM_LOONGARCH): Change Loongson Loongarch to
LoongArch.
PR 27884
* dwarf.c (get_type_abbrev_from_form): Replace cu_offset_return
param with map_return, and return map for DW_FORM_ref_addr.
(get_type_signedness): Adjust calls to get_type_abbrev_from_form.
Pass returned cu map start and end to recursive call.
(read_and_display_attr_value): Similarly.
* dwarf.c (display_debug_names): Complain when header length is
too small. Avoid pointer UB. Sanity check augmentation string,
CU table, TU table and foreign TU table sizes.
* dwarf.c (display_debug_frames): Delete initial_length_size.
Avoid pointer UB. Constrain data reads to length given in header.
Sanity check cie header length. Only skip up to next FDE on
finding augmentation data too long.
* dwarf.c (display_debug_ranges): Delete initial_length_size.
Correct fallback size calculated on finding a reloc. Constrain
data reads to length given in header. Avoid pointer UB.
* dwarf.c (get_line_filename_and_dirname): Delete initial_length_size.
Simplify length sanity check, and check for too small lengths.
Constrain data reads to header length. Avoid pointer UB.
The existing code went to the bother of using strnlen for scanning but
went wild when printing, and possibly incremented curr past end.
* dwarf.c (display_debug_macinfo): Print strings that might not
be zero terminated with %*s. Don't bump curr if unterminated.
The directory_table strnlen used the negative of the proper size. After
fixing that I realised we don't need strnlen here.
* dwarf.c (display_debug_lines_decoded): Don't use strnlen when
we have already checked for NUL termination.
This patch also better constrains the data read, and removes pointer UB.
* dwarf.c (read_debug_line_header): Delete initial_length_size.
Avoid pointer UB. Keep within length specified by header.
Delete dead code.
This patch constrains process_debug_info to stay within the data
specified by the CU length rather than allowing access up to the end
of the section.
* dwarf.c (process_debug_info): Always do the first CU length
scan for sanity checks. Remove initial_length_size var and
instead calculate end_cu. Use end_cu to limit data reads.
Delete now dead code checking length.
A sufficiently mad compiler optimiser can take undefined behaviour
according to the C standard as an opportunity to remove code. Since
"data + size" might be seen to be past the end of an array,
calculating such an expression is UB.
_mul_overflow is infrastructure for later patches.
* bucomm.h (_mul_overflow): Define.
* dwarf.c (get_encoded_value): Avoid pointer UB.
Well it didn't take long for the SAFE_BYTE_GET assert to trigger.
PR 27860
* dwarf.c (display_debug_frames): Sanity check cie_off before
attempting to read cie.
* dwarf.c (process_extended_line_op): Don't bump data pointer past
end when strnlen doesn't find string terminator.
(decode_location_expression): Remove dead code.
(skip_attr_bytes): Remove const from end param. Ensure data
pointer doesn't pass end.
(get_type_signedness): Remove const from end param.
(read_and_display_attr_value): Ensure data pointer doesn't pass end.
(display_debug_lines_raw, display_debug_lines_decoded): Likewise.
(display_debug_pubnames_worker): Likewise.
(display_debug_pubnames_worker): Use SAFE_BYTE_GET_AND INC rather
than blindly incrementing data pointer.
(display_debug_addr, display_debug_str_offsets): Likewise. Don't
compare pointers, compare lengths.
This rearranges SAFE_BYTE_GET* macros, eliminating some duplication,
and making sure that the _INC variants never increment their PTR arg
past END. I've added an assertion that should show us places where we
use them improperly with user derived PTR args, which I'm sure the
fuzzers will find for us.
* dwarf.c (SAFE_BYTE_GET_INTERNAL): Define.
(SAFE_BYTE_GET, SAFE_BYTE_GET_AND_INC): Define using the above.
(SAFE_SIGNED_BYTE_GET, SAFE_SIGNED_BYTE_GET_AND_INC): Likewise.
(display_discr_list): Use SAFE_BYTE_GET_AND_INC rather than
SAFE_BYTE_GET followed by increment.
(process_debug_info): Likewise, and test bytes remaining before
incrementing section_begin rather than using pointer comparison.
(display_debug_names): Pass lvalue as SAFE_BYTE_GET PTR.
(process_cu_tu_index): Likewise for SAFE_BYTE_GET_AND_INC.
Not quite infinite but much longer than it need be. The problem is
triggered by read_and_display_attr_value incrementing "data" past
"end". read_and_display_attr_value shouldn't do that, but be
defensive.
PR 27853
* dwarf.c (display_formatted_table): Test for data >= end rather
than data == end.
(process_extended_line_op): Likewise.
(display_debug_lines_raw): Likewise.
(display_debug_lines_decoded): Likewise.
Building as ILP32 shows:
gcc -m32 -DHAVE_CONFIG_H -I. -I/checkout/binutils -I. -I/checkout/binutils -I../bfd -I/checkout/binutils/../bfd -I/checkout/binutils/../include -DLOCALEDIR="\"/usr/local/share/locale\"" -Dbin_dummy_emulation=bin_vanilla_emulation -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wstack-usage=262144 -Werror -I/checkout/binutils/../zlib -g -O2 -MT dwarf.o -MD -MP -MF $depbase.Tpo -c -o dwarf.o /checkout/binutils/dwarf.c &&\
mv -f $depbase.Tpo $depbase.Po
In file included from /checkout/binutils/sysdep.h:101:0,
from /checkout/binutils/dwarf.c:21:
/checkout/binutils/dwarf.c: In function 'process_abbrev_set':
/checkout/binutils/dwarf.c:1072:15: error: format '%lx' expects argument of type 'long unsigned int', but argument 2 has type 'dwarf_vma {aka long long unsigned int}' [-Werror=format=]
warn (_("Debug info is corrupted, abbrev size (%lx) is larger than "
^
/checkout/binutils/dwarf.c:1072:13: note: in expansion of macro '_'
warn (_("Debug info is corrupted, abbrev size (%lx) is larger than "
^
cc1: all warnings being treated as errors
Makefile:1101: recipe for target 'dwarf.o' failed
The recent commit, casting one of the terms, has an obvious
typo. To wit, the (non-cast) term abbrev_size is a
dwarf_vma and causes the whole expression to (still) be 64
bits.
binutils:
* dwarf.c (process_abbrev_set): Properly parenthesize before
casting to unsigned long.
PR 27845
* dwarf.c (process_abbrev_set): Replace start and end parameters
with section, abbrev_base, abbrev_size, abbrev_offset. Update
all callers. Sanity check parameters correctly and emit warnings
here rather than..
(process_debug_info): ..here.
PR 4356
PR 26865
PR 27594
* windres.c (quot): Revert previous delta. Do not use double
quotes when spaces are detected in options.
* doc/binutils.texi (windres): Remove suggestion that the
--preprocessor option can take arguments.
PTR supplied to these macros can be read from user input, END is an
end of buffer pointer. It's safer to do arithmetic on END than on PTR.
* dwarf.c (SAFE_BYTE_GET): Check bounds by subtracting amount from
END rather than adding amount to PTR.
(SAFE_SIGNED_BYTE_GET, SAFE_BYTE_GET64): Likewise.
A quick check says this is the only place in all of bfd, opcodes,
binutils, gas, ld, gprof that duplicates the new libiberty
htab_eq_string.
* objcopy.c (eq_string): Delete.
(create_symbol_htab): Use htab_eq_string.
Use the pattern from other projects where we generate the html pages
in a dir named the same as the project. So now we have:
gas/doc/gas.html - single html page
gas/doc/gas/ - multiple html pages
This works for projects that have a doc/ subdir already, but gprof &
ld require a little tweaking since they generate their docs in their
respective toplevels.
This better matches other GNU projects like autoconf/automake where
the html manual is the single page form. We'll support the multi-page
form in a follow up change.
