public inbox for binutils-cvs@sourceware.org
help / color / mirror / Atom feed
From: H.J. Lu <hjl@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb/binutils-2_39-branch] x86: Disallow invalid relocations against protected symbols
Date: Mon, 25 Jul 2022 17:24:24 +0000 (GMT)	[thread overview]
Message-ID: <20220725172424.241A23877020@sourceware.org> (raw)

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fc69c7e989d531c95c686ce2bed3d3f89c33c142

commit fc69c7e989d531c95c686ce2bed3d3f89c33c142
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Mon Jul 18 18:24:26 2022 -0700

    x86: Disallow invalid relocations against protected symbols
    
    Since glibc 2.36 will issue warnings for copy relocation against
    protected symbols and non-canonical reference to canonical protected
    functions, change the linker to always disallow such relocations.
    
    bfd/
    
            * elf32-i386.c (elf_i386_scan_relocs): Remove check for
            elf_has_indirect_extern_access.
            * elf64-x86-64.c (elf_x86_64_scan_relocs): Likewise.
            (elf_x86_64_relocate_section): Remove check for
            elf_has_no_copy_on_protected.
            * elfxx-x86.c (elf_x86_allocate_dynrelocs): Check for building
            executable instead of elf_has_no_copy_on_protected.
            (_bfd_x86_elf_adjust_dynamic_symbol): Disallow copy relocation
            against non-copyable protected symbol.
            * elfxx-x86.h (SYMBOL_NO_COPYRELOC): Remove check for
            elf_has_no_copy_on_protected.
    
    ld/
    
            * testsuite/ld-i386/i386.exp: Expect linker error for PR ld/17709
            test.
            * testsuite/ld-i386/pr17709.rd: Removed.
            * testsuite/ld-i386/pr17709.err: New file.
            * testsuite/ld-x86-64/pr17709.rd: Removed.
            * testsuite/ld-x86-64/pr17709.err: New file.
            * testsuite/ld-x86-64/pr28875-func.err: Updated.
            * testsuite/ld-x86-64/x86-64.exp: Expect linker error for PR
            ld/17709 test.  Add tests for function pointer against protected
            function.
    
    (cherry picked from commit f638657759f5b9b4eb31a1aa6b9fe6e6fb01f4a0)

Diff:
---
 bfd/elf32-i386.c                        |  3 +--
 bfd/elf64-x86-64.c                      | 10 +++-------
 bfd/elfxx-x86.c                         | 21 +++++++++++++++++++--
 bfd/elfxx-x86.h                         |  3 +--
 ld/testsuite/ld-i386/i386.exp           |  2 +-
 ld/testsuite/ld-i386/pr17709.err        |  2 ++
 ld/testsuite/ld-i386/pr17709.rd         |  4 ----
 ld/testsuite/ld-x86-64/pr17709.err      |  2 ++
 ld/testsuite/ld-x86-64/pr17709.rd       |  4 ----
 ld/testsuite/ld-x86-64/pr28875-func.err |  2 +-
 ld/testsuite/ld-x86-64/x86-64.exp       | 18 +++++++++++++++++-
 11 files changed, 47 insertions(+), 24 deletions(-)

diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index 4bcb06b0030..52b1db44546 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -1812,8 +1812,7 @@ elf_i386_scan_relocs (bfd *abfd,
 		      && h->type == STT_FUNC
 		      && eh->def_protected
 		      && !SYMBOL_DEFINED_NON_SHARED_P (h)
-		      && h->def_dynamic
-		      && elf_has_indirect_extern_access (h->root.u.def.section->owner))
+		      && h->def_dynamic)
 		    {
 		      /* Disallow non-canonical reference to canonical
 			 protected function.  */
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index 3abc68a4127..62a9a22317a 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -2255,8 +2255,7 @@ elf_x86_64_scan_relocs (bfd *abfd, struct bfd_link_info *info,
 		      && h->type == STT_FUNC
 		      && eh->def_protected
 		      && !SYMBOL_DEFINED_NON_SHARED_P (h)
-		      && h->def_dynamic
-		      && elf_has_indirect_extern_access (h->root.u.def.section->owner))
+		      && h->def_dynamic)
 		    {
 		      /* Disallow non-canonical reference to canonical
 			 protected function.  */
@@ -3156,8 +3155,7 @@ elf_x86_64_relocate_section (bfd *output_bfd,
 	       || (h != NULL
 		   && !h->root.linker_def
 		   && !h->root.ldscript_def
-		   && eh->def_protected
-		   && elf_has_no_copy_on_protected (h->root.u.def.section->owner)));
+		   && eh->def_protected));
 
 	  if ((input_section->flags & SEC_ALLOC) != 0
 	      && (input_section->flags & SEC_READONLY) != 0
@@ -4097,9 +4095,7 @@ elf_x86_64_relocate_section (bfd *output_bfd,
 	    {
 	    case R_X86_64_32S:
 	      sec = h->root.u.def.section;
-	      if ((info->nocopyreloc
-		   || (eh->def_protected
-		       && elf_has_no_copy_on_protected (h->root.u.def.section->owner)))
+	      if ((info->nocopyreloc || eh->def_protected)
 		  && !(h->root.u.def.section->flags & SEC_CODE))
 		return elf_x86_64_need_pic (info, input_bfd, input_section,
 					    h, NULL, NULL, howto);
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index 18f3d335458..7fb972752b3 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -524,8 +524,7 @@ elf_x86_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf)
     {
       asection *sreloc;
 
-      if (eh->def_protected
-	  && elf_has_no_copy_on_protected (h->root.u.def.section->owner))
+      if (eh->def_protected && bfd_link_executable (info))
 	{
 	  /* Disallow copy relocation against non-copyable protected
 	     symbol.  */
@@ -3041,6 +3040,24 @@ _bfd_x86_elf_adjust_dynamic_symbol (struct bfd_link_info *info,
     }
   if ((h->root.u.def.section->flags & SEC_ALLOC) != 0 && h->size != 0)
     {
+      if (eh->def_protected && bfd_link_executable (info))
+	for (p = h->dyn_relocs; p != NULL; p = p->next)
+	  {
+	    /* Disallow copy relocation against non-copyable protected
+	       symbol.  */
+	    s = p->sec->output_section;
+	    if (s != NULL && (s->flags & SEC_READONLY) != 0)
+	      {
+		info->callbacks->einfo
+		  /* xgettext:c-format */
+		  (_("%F%P: %pB: copy relocation against non-copyable "
+		     "protected symbol `%s' in %pB\n"),
+		   p->sec->owner, h->root.root.string,
+		   h->root.u.def.section->owner);
+		return false;
+	      }
+	  }
+
       srel->size += htab->sizeof_reloc;
       h->needs_copy = 1;
     }
diff --git a/bfd/elfxx-x86.h b/bfd/elfxx-x86.h
index 77fb1ad72bc..7d23893938c 100644
--- a/bfd/elfxx-x86.h
+++ b/bfd/elfxx-x86.h
@@ -135,12 +135,11 @@
 
 /* Should copy relocation be generated for a symbol.  Don't generate
    copy relocation against a protected symbol defined in a shared
-   object with GNU_PROPERTY_NO_COPY_ON_PROTECTED.  */
+   object.  */
 #define SYMBOL_NO_COPYRELOC(INFO, EH) \
   ((EH)->def_protected \
    && ((EH)->elf.root.type == bfd_link_hash_defined \
        || (EH)->elf.root.type == bfd_link_hash_defweak) \
-   && elf_has_no_copy_on_protected ((EH)->elf.root.u.def.section->owner) \
    && ((EH)->elf.root.u.def.section->owner->flags & DYNAMIC) != 0 \
    && ((EH)->elf.root.u.def.section->flags & SEC_CODE) == 0)
 
diff --git a/ld/testsuite/ld-i386/i386.exp b/ld/testsuite/ld-i386/i386.exp
index b4f7de49fd5..0ab9c001336 100644
--- a/ld/testsuite/ld-i386/i386.exp
+++ b/ld/testsuite/ld-i386/i386.exp
@@ -224,7 +224,7 @@ set i386tests {
      "--32 -mx86-used-note=yes" {pr17709a.s} {} "libpr17709.so"}
     {"PR ld/17709 (2)" "-melf_i386 tmpdir/libpr17709.so" ""
      "--32 -mx86-used-note=yes"
-     {pr17709b.s} {{readelf -r pr17709.rd}} "pr17709"}
+     {pr17709b.s} {{ld "pr17709.err"}} "pr17709"}
     {"Build pr19827a.o" "" ""
      "--32 -mx86-used-note=yes" { pr19827a.S }}
     {"Build pr19827b.so" "-melf_i386 -shared" ""
diff --git a/ld/testsuite/ld-i386/pr17709.err b/ld/testsuite/ld-i386/pr17709.err
new file mode 100644
index 00000000000..fa6a4bacce3
--- /dev/null
+++ b/ld/testsuite/ld-i386/pr17709.err
@@ -0,0 +1,2 @@
+.*: tmpdir/pr17709b.o: copy relocation against non-copyable protected symbol `foo' in tmpdir/libpr17709.so
+#...
diff --git a/ld/testsuite/ld-i386/pr17709.rd b/ld/testsuite/ld-i386/pr17709.rd
deleted file mode 100644
index 8414784b736..00000000000
--- a/ld/testsuite/ld-i386/pr17709.rd
+++ /dev/null
@@ -1,4 +0,0 @@
-
-Relocation section '.rel\..*' at offset .* contains 1 entry:
- Offset     Info    Type            Sym\.Value  Sym\. Name
-[0-9a-f ]+R_386_COPY +[0-9a-f]+ +foo
diff --git a/ld/testsuite/ld-x86-64/pr17709.err b/ld/testsuite/ld-x86-64/pr17709.err
new file mode 100644
index 00000000000..fa6a4bacce3
--- /dev/null
+++ b/ld/testsuite/ld-x86-64/pr17709.err
@@ -0,0 +1,2 @@
+.*: tmpdir/pr17709b.o: copy relocation against non-copyable protected symbol `foo' in tmpdir/libpr17709.so
+#...
diff --git a/ld/testsuite/ld-x86-64/pr17709.rd b/ld/testsuite/ld-x86-64/pr17709.rd
deleted file mode 100644
index beffd3cb34c..00000000000
--- a/ld/testsuite/ld-x86-64/pr17709.rd
+++ /dev/null
@@ -1,4 +0,0 @@
-
-Relocation section '.rela\..*' at offset .* contains 1 entry:
- +Offset +Info +Type +Symbol's Value +Symbol's Name \+ Addend
-[0-9a-f ]+R_X86_64_COPY+[0-9a-f ]+ +foo \+ 0
diff --git a/ld/testsuite/ld-x86-64/pr28875-func.err b/ld/testsuite/ld-x86-64/pr28875-func.err
index 64e961cb3d4..f6f4658deaf 100644
--- a/ld/testsuite/ld-x86-64/pr28875-func.err
+++ b/ld/testsuite/ld-x86-64/pr28875-func.err
@@ -1,2 +1,2 @@
-.*: tmpdir/protected-func-1b.o: non-canonical reference to canonical protected function `protected_func_1a' in tmpdir/libprotected-func-2b.so
+.*: tmpdir/protected-func-1b.o: non-canonical reference to canonical protected function `protected_func_1a' in tmpdir/libprotected-func-2..so
 #...
diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp
index a096c0b9d0f..e6a834a2a61 100644
--- a/ld/testsuite/ld-x86-64/x86-64.exp
+++ b/ld/testsuite/ld-x86-64/x86-64.exp
@@ -177,7 +177,7 @@ set x86_64tests {
     {"PR ld/17709 (1)" "-melf_x86_64 -shared" ""
      "--64" {pr17709a.s} {} "libpr17709.so"}
     {"PR ld/17709 (2)" "-melf_x86_64 tmpdir/libpr17709.so" ""
-     "--64" {pr17709b.s} {{readelf -rW pr17709.rd}} "pr17709"}
+     "--64" {pr17709b.s} {{ld "pr17709.err"}} "pr17709"}
     {"Build pr19827a.o" "" ""
      "--64" { pr19827a.S }}
     {"Build pr19827b.so" "-melf_x86_64 -shared" ""
@@ -1383,6 +1383,22 @@ if { [isnative] && [check_compiler_available] } {
 	    {{error_output "pr28875-func.err"}} \
 	    "protected-func-2" \
 	] \
+	[list \
+	    "Build libprotected-func-2c.so" \
+	    "-shared" \
+	    "-fPIC -Wa,-mx86-used-note=yes" \
+	    { protected-func-2c.c } \
+	    {}  \
+	    "libprotected-func-2c.so" \
+	] \
+	[list \
+	    "Build protected-func-2a without PIE" \
+	    "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-func-2c.so" \
+	    "$NOPIE_CFLAGS -Wa,-mx86-used-note=yes" \
+	    { protected-func-1b.c } \
+	    {{error_output "pr28875-func.err"}} \
+	    "protected-func-2a" \
+	] \
 	[list \
 	    "Build libprotected-data-1a.so" \
 	    "-shared -z noindirect-extern-access" \


                 reply	other threads:[~2022-07-25 17:24 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220725172424.241A23877020@sourceware.org \
    --to=hjl@sourceware.org \
    --cc=bfd-cvs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).