From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) by sourceware.org (Postfix) with ESMTPS id A4A7F384BC11 for ; Wed, 7 Oct 2020 03:48:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A4A7F384BC11 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nelson.chu@sifive.com Received: by mail-pg1-x532.google.com with SMTP id 22so529945pgv.6 for ; Tue, 06 Oct 2020 20:48:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=RiKzn5UD6tEFRoSOwmwYcxn8LUVisFYxoeFbfSLVUrI=; b=h2hYAWDXZSmDOgjxxs34LvtwIs8WXY8fTpEYqDgFtZacYjL1Qx7JgSvUqYvGmQk9Rl PQhqM/Ot+EVDNbCfkKG/ixJA/PfGg6ssS/ypWYNqX/N8iTdy3DHYrYTYwAK38ZoXUfkM 8iwJUc5VmKtK1SqFtxOHuhghpV45IESrqs46DTnkPn63J6bcP+h1ddZu/Qv2M4jvKYpt Zq+wkkmnFTG51FaIUY9m+OKu9rHVihkc8o+RrEJTwBYLeFNcVr1YtfoGJYVRpl3BPDl4 9dbcYZCo1Q/ifgR1XHdJwyOCge2PluhGQggxNUStlsATCRdrzI4ysyyoynQ8MTGO0tiv 2wug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=RiKzn5UD6tEFRoSOwmwYcxn8LUVisFYxoeFbfSLVUrI=; b=UKKQoF6O69wcqDNx43yBm8Bn26Fx9ULhuOSoYE2i757fMlwxlPSUcbX7Iyn+dhtwTO J1lM4l0Ob9p6sg/3UvAyJhY7ywv6FZgtZZeBfNfgQFxW31m5LZO2wjpKHPTL21Dm6695 FqERP71jF7+Pli9f3j3dhm4whvy491pkpj+lX023klDD0FC10tUSUclmv5q2w0pi/vDz l1RbHYjLmNsXa9+wzXQ20jZaQoYHL0gkHVU6wmoS3YETHoCDJD5krZ5rXLbP2Kv1U3Pd kdzifZaFPnAwkc8GCrQIop4SoJnm/MMth/r613ILHVmHXJxGfTa2KwSIOFyh83oNGmOS 7j7Q== X-Gm-Message-State: AOAM531zBkflbo4t7Tcca1wiEig+2uzvcAGdxEjlJrAA9AXXvAJgUCAO qEg9kF0IFwed53ONUXqbBt/B2S7Asfl107h9 X-Google-Smtp-Source: ABdhPJxSYIKZGf8+wIeVJJ4y1/mEu9oy0w5hlyo+5QAwRHk4mBzc/GMcFzmnrD0Xl0t2w6jP9zEKOg== X-Received: by 2002:aa7:9009:0:b029:154:f822:27c9 with SMTP id m9-20020aa790090000b0290154f82227c9mr1232808pfo.48.1602042508364; Tue, 06 Oct 2020 20:48:28 -0700 (PDT) Received: from gamma05.internal.sifive.com ([64.62.193.194]) by smtp.gmail.com with ESMTPSA id m4sm734054pgv.87.2020.10.06.20.48.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Oct 2020 20:48:27 -0700 (PDT) From: Nelson Chu To: binutils@sourceware.org, jimw@sifive.com, palmer@dabbelt.com, andrew@sifive.com, i@maskray.me Cc: vincent.chen@sifive.com, kito.cheng@sifive.com, nelson.chu@sifive.com Subject: [PATCH v3 2/2] RISC-V: Fix that IRELATIVE relocs may be inserted to the wrong place. Date: Tue, 6 Oct 2020 20:48:23 -0700 Message-Id: <1602042503-11702-3-git-send-email-nelson.chu@sifive.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1602042503-11702-1-git-send-email-nelson.chu@sifive.com> References: <1602042503-11702-1-git-send-email-nelson.chu@sifive.com> X-Spam-Status: No, score=-10.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_STOCKGEN, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2020 03:48:31 -0000 For the ifunc symbol, which is referenced by GOT rather than PLT relocs, we should add the dynamic reloc (usually IRELATIVE) into the .rel.iplt when generating the static executable. But if we use riscv_elf_append_rela to add the dynamic relocs into .rela.iplt, this may cause the overwrite problem. The reason is that we don't handle the `reloc_index` of .rela.iplt, but the riscv_elf_append_rela adds the relocs to the place that are calculated from the reloc_index (in seqential). Therefore, we may overwrite the dynamic relocs when the `reloc_index` of .rela.iplt isn't handled correctly. One solution is that we can add these dynamic relocs (GOT ifunc) from the last of .rela.iplt section. But I'm not sure if it is the best way. bfd/ * elfnn-riscv.c (riscv_elf_link_hash_table): Add last_iplt_index. (riscv_elf_size_dynamic_sections): Initialize the last_iplt_index. (riscv_elf_relocate_section): Use riscv_elf_append_rela. (riscv_elf_finish_dynamic_symbol): If the use_elf_append_rela is false, then we should add the dynamic relocs from the last of the .rela.iplt, and don't use the riscv_elf_append_rela to add. ld/ * testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.s: New testcase. * testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.d: Likewise. * testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-exe.rd: Likewise. * testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pic.rd: Likewise. * testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pie.rd: Likewise. * testsuite/ld-riscv-elf/ld-riscv-elf.exp: Updated. --- bfd/elfnn-riscv.c | 46 ++++++++++++++++++---- .../ld-riscv-elf/ifunc-plt-got-overwrite-exe.rd | 4 ++ .../ld-riscv-elf/ifunc-plt-got-overwrite-pic.rd | 8 ++++ .../ld-riscv-elf/ifunc-plt-got-overwrite-pie.rd | 7 ++++ .../ld-riscv-elf/ifunc-plt-got-overwrite.d | 19 +++++++++ .../ld-riscv-elf/ifunc-plt-got-overwrite.s | 38 ++++++++++++++++++ ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp | 7 ++++ 7 files changed, 122 insertions(+), 7 deletions(-) create mode 100644 ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-exe.rd create mode 100644 ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pic.rd create mode 100644 ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pie.rd create mode 100644 ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.d create mode 100644 ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.s diff --git a/bfd/elfnn-riscv.c b/bfd/elfnn-riscv.c index a26cd3f..c854957 100644 --- a/bfd/elfnn-riscv.c +++ b/bfd/elfnn-riscv.c @@ -120,6 +120,9 @@ struct riscv_elf_link_hash_table /* Used by local STT_GNU_IFUNC symbols. */ htab_t loc_hash_table; void * loc_hash_memory; + + /* The index of the last unused .rel.iplt solt. */ + bfd_vma last_iplt_index; }; @@ -1424,6 +1427,11 @@ riscv_elf_size_dynamic_sections (bfd *output_bfd, struct bfd_link_info *info) local ifunc symbols. */ htab_traverse (htab->loc_hash_table, allocate_local_ifunc_dynrelocs, info); + /* Used to resolve the dynamic relocs overwite problems when + generating static executable. */ + if (htab->elf.irelplt) + htab->last_iplt_index = htab->elf.irelplt->reloc_count - 1; + if (htab->elf.sgotplt) { struct elf_link_hash_entry *got; @@ -2904,6 +2912,7 @@ riscv_elf_finish_dynamic_symbol (bfd *output_bfd, asection *sgot; asection *srela; Elf_Internal_Rela rela; + bfd_boolean use_elf_append_rela = TRUE; /* This symbol has an entry in the GOT. Set it up. */ @@ -2920,12 +2929,18 @@ riscv_elf_finish_dynamic_symbol (bfd *output_bfd, if (h->plt.offset == (bfd_vma) -1) { /* STT_GNU_IFUNC is referenced without PLT. */ + if (htab->elf.splt == NULL) { - /* use .rel[a].iplt section to store .got relocations + /* Use .rela.iplt section to store .got relocations in static executable. */ srela = htab->elf.irelplt; + + /* Do not use riscv_elf_append_rela to add dynamic + relocs. */ + use_elf_append_rela = FALSE; } + if (SYMBOL_REFERENCES_LOCAL (info, h)) { info->callbacks->minfo (_("Local IFUNC function `%s' in %pB\n"), @@ -2973,14 +2988,14 @@ riscv_elf_finish_dynamic_symbol (bfd *output_bfd, return TRUE; } } - /* If this is a local symbol reference, we just want to emit a RELATIVE - reloc. This can happen if it is a -Bsymbolic link, or a pie link, or - the symbol was forced to be local because of a version file. - The entry in the global offset table will already have been - initialized in the relocate_section function. */ else if (bfd_link_pic (info) && SYMBOL_REFERENCES_LOCAL (info, h)) { + /* If this is a local symbol reference, we just want to emit + a RELATIVE reloc. This can happen if it is a -Bsymbolic link, + or a pie link, or the symbol was forced to be local because + of a version file. The entry in the global offset table will + already have been initialized in the relocate_section function. */ BFD_ASSERT((h->got.offset & 1) != 0); asection *sec = h->root.u.def.section; rela.r_info = ELFNN_R_INFO (0, R_RISCV_RELATIVE); @@ -2998,7 +3013,24 @@ riscv_elf_finish_dynamic_symbol (bfd *output_bfd, bfd_put_NN (output_bfd, 0, sgot->contents + (h->got.offset & ~(bfd_vma) 1)); - riscv_elf_append_rela (output_bfd, srela, &rela); + + if (use_elf_append_rela) + riscv_elf_append_rela (output_bfd, srela, &rela); + else + { + /* Use riscv_elf_append_rela to add the dynamic relocs into + .rela.iplt may cause the overwrite problems. Since we insert + the relocs for PLT didn't handle the reloc_index of .rela.iplt, + but the riscv_elf_append_rela adds the relocs to the place + that are calculated from the reloc_index (in seqential). + + One solution is that add these dynamic relocs (GOT IFUNC) + from the last of .rela.iplt section. */ + bfd_vma iplt_idx = htab->last_iplt_index--; + bfd_byte *loc = srela->contents + + iplt_idx * sizeof (ElfNN_External_Rela); + bed->s->swap_reloca_out (output_bfd, &rela, loc); + } } if (h->needs_copy) diff --git a/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-exe.rd b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-exe.rd new file mode 100644 index 0000000..0de47a4 --- /dev/null +++ b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-exe.rd @@ -0,0 +1,4 @@ +Relocation section '.rela.plt' at .* +[ ]+Offset[ ]+Info[ ]+Type[ ]+.* +[0-9a-f]+[ ]+[0-9a-f]+[ ]+R_RISCV_IRELATIVE[ ]+[0-9a-f]* +[0-9a-f]+[ ]+[0-9a-f]+[ ]+R_RISCV_IRELATIVE[ ]+[0-9a-f]* diff --git a/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pic.rd b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pic.rd new file mode 100644 index 0000000..f65d789 --- /dev/null +++ b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pic.rd @@ -0,0 +1,8 @@ +Relocation section '.rela.got' at .* +[ ]+Offset[ ]+Info[ ]+Type[ ]+.* +[0-9a-f]+[ ]+[0-9a-f]+[ ]+R_RISCV_(32|64)[ ]+foo2\(\)[ ]+foo2 \+ 0 +[0-9a-f]+[ ]+[0-9a-f]+[ ]+R_RISCV_(32|64)[ ]+foo1\(\)[ ]+foo1 \+ 0 +#... +Relocation section '.rela.plt' at .* +[ ]+Offset[ ]+Info[ ]+Type[ ]+.* +[0-9a-f]+[ ]+[0-9a-f]+[ ]+R_RISCV_JUMP_SLOT[ ]+foo1\(\)[ ]+foo1 \+ 0 diff --git a/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pie.rd b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pie.rd new file mode 100644 index 0000000..32e66f0 --- /dev/null +++ b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite-pie.rd @@ -0,0 +1,7 @@ +Relocation section '.rela.got' at .* +[ ]+Offset[ ]+Info[ ]+Type[ ]+.* +[0-9a-f]+[ ]+[0-9a-f]+[ ]+R_RISCV_IRELATIVE[ ]+[0-9a-f]* + +Relocation section '.rela.plt' at .* +[ ]+Offset[ ]+Info[ ]+Type[ ]+.* +[0-9a-f]+[ ]+[0-9a-f]+[ ]+R_RISCV_IRELATIVE[ ]+[0-9a-f]* diff --git a/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.d b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.d new file mode 100644 index 0000000..333dea3 --- /dev/null +++ b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.d @@ -0,0 +1,19 @@ +#... +Disassembly of section .plt: +#... +0+[0-9a-f]+ <(\*ABS\*\+0x[0-9a-f]+@plt|foo@plt|.plt)>: +#... +Disassembly of section .text: +#... +0+[0-9a-f]+ : +#... +0+[0-9a-f]+ : +.*:[ ]+[0-9a-f]+[ ]+auipc[ ]+.* +.*:[ ]+[0-9a-f]+[ ]+(lw|ld)[ ]+.*<(_GLOBAL_OFFSET_TABLE_.*|.*)> +.*:[ ]+[0-9a-f]+[ ]+auipc[ ]+.* +.*:[ ]+[0-9a-f]+[ ]+jalr[ ]+.*<(.*plt.*)> +.*:[ ]+[0-9a-f]+[ ]+auipc[ ]+.* +.*:[ ]+[0-9a-f]+[ ]+jalr[ ]+.*<(.*plt.*)> +.*:[ ]+[0-9a-f]+[ ]+auipc[ ]+.* +.*:[ ]+[0-9a-f]+[ ]+(lw|ld)[ ]+.*<(_GLOBAL_OFFSET_TABLE_.*|.*)> +#... diff --git a/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.s b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.s new file mode 100644 index 0000000..6c2f8e8 --- /dev/null +++ b/ld/testsuite/ld-riscv-elf/ifunc-plt-got-overwrite.s @@ -0,0 +1,38 @@ + .text + + .type foo_resolver, @function +foo_resolver: + ret + .size foo_resolver, .-foo_resolver + + .globl foo1 + .type foo1, %gnu_indirect_function + .set foo1, foo_resolver + + .globl foo2 + .type foo2, %gnu_indirect_function + .set foo2, foo_resolver + + .globl bar + .type bar, @function +bar: +.L1: + auipc x1, %got_pcrel_hi (foo1) +.ifdef __64_bit__ + ld x1, %pcrel_lo (.L1) (x1) +.else + lw x1, %pcrel_lo (.L1) (x1) +.endif + + call foo1 + call foo1@plt + +.L2: + auipc x2, %got_pcrel_hi (foo2) +.ifdef __64_bit__ + ld x2, %pcrel_lo (.L2) (x2) +.else + lw x2, %pcrel_lo (.L2) (x2) +.endif + ret + .size bar, .-bar diff --git a/ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp b/ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp index b82e092..9834041 100644 --- a/ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp +++ b/ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp @@ -175,6 +175,13 @@ if [istarget "riscv*-*-*"] { run_dump_test_ifunc "ifunc-plt-02" rv64 exe run_dump_test_ifunc "ifunc-plt-02" rv64 pie run_dump_test_ifunc "ifunc-plt-02" rv64 pic + # Check the .rela.iplt overwrite issue. + run_dump_test_ifunc "ifunc-plt-got-overwrite" rv32 exe + run_dump_test_ifunc "ifunc-plt-got-overwrite" rv32 pie + run_dump_test_ifunc "ifunc-plt-got-overwrite" rv32 pic + run_dump_test_ifunc "ifunc-plt-got-overwrite" rv64 exe + run_dump_test_ifunc "ifunc-plt-got-overwrite" rv64 pie + run_dump_test_ifunc "ifunc-plt-got-overwrite" rv64 pic # Setup shared libraries. run_ld_link_tests { -- 2.7.4