From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x1042.google.com (mail-pj1-x1042.google.com [IPv6:2607:f8b0:4864:20::1042]) by sourceware.org (Postfix) with ESMTPS id DD5D3385B835 for ; Tue, 31 Mar 2020 04:43:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org DD5D3385B835 Received: by mail-pj1-x1042.google.com with SMTP id nu11so559239pjb.1 for ; Mon, 30 Mar 2020 21:43:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=NbrIqT0Ah9h4RD0LJSH4uc77nc2DymjcBVIYvmYaKSE=; b=TUobqF3pn9iZFvpVAj5AeVXgnoi1BuyjjPfJ/Yu35K+bwrE9Z2KHMewNgNRYsp1hzs S83adC9cigoJfNH1WTgVHImeAIsfGOV2FK4al74PtkouDA34SlKWz43AzaMf7EL7rUiz W2bSPlj4EbFZ3S1OBgAFcYMLufn73hpjWpFNa19hLwGDKt8Afl+nnR2fqkFjn2jQtYdl /42xESHI6Low8hwVXqxO8fRwv+rwbpfllfbARn2Axmz/vbk8ZVWKBj2t11c79pBrBiNV YGZY/mPz6IxOSz1PaYSqKVan0VwlAPPasZEANW11q8bvVEUvrjcwJt/OHpmBZm6CtdIX oJRQ== X-Gm-Message-State: ANhLgQ3p+qFHIve6/rFHaHpOY3Rj4ec2J6XV2ZG+iK9qPmPUnrk7ByTK c1gHSvZrQgR/wWtYDYENAh3VG5xx X-Google-Smtp-Source: ADFU+vtAlDp5eBlgUm8VkqCWJqDJ3wxj2ru5ZrOSy83d9sA+HBkeZmtcdReLnNe3SwoU9QHh/YUt8A== X-Received: by 2002:a17:902:a701:: with SMTP id w1mr14384075plq.165.1585629832132; Mon, 30 Mar 2020 21:43:52 -0700 (PDT) Received: from gnu-cfl-2.localdomain (c-69-181-90-243.hsd1.ca.comcast.net. [69.181.90.243]) by smtp.gmail.com with ESMTPSA id c207sm11427046pfb.47.2020.03.30.21.43.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2020 21:43:51 -0700 (PDT) Received: from gnu-cfl-2.localdomain (localhost [IPv6:::1]) by gnu-cfl-2.localdomain (Postfix) with ESMTP id 82BFBC013F for ; Mon, 30 Mar 2020 21:43:50 -0700 (PDT) From: "H.J. Lu" To: binutils@sourceware.org Subject: [PATCH] x86: Only allow S - A relocations against absolute symbol Date: Mon, 30 Mar 2020 21:43:50 -0700 Message-Id: <20200331044350.808132-1-hjl.tools@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-25.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_STOCKGEN, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2020 04:43:56 -0000 Since value of non-preemptible absolute symbol (SHN_ABS) won't change, only S - A relocations against non-preemptible absolute symbol are allowed in PIE and shared library. bfd/ PR ld/25749 * elf32-i386.c )elf_i386_relocate_section): Call _bfd_elf_x86_valid_reloc_p. Pass sec to GENERATE_DYNAMIC_RELOCATION_P. * elf64-x86-64.c (elf_x86_64_relocate_section): Likewise. * elfxx-x86.c (_bfd_elf_x86_valid_reloc_p): New function. * elfxx-x86.h (GENERATE_DYNAMIC_RELOCATION_P): Add an SEC argument. Don't generate dynamic relocation for relocation against SHN_ABS symbol. (_bfd_elf_x86_valid_reloc_p): New. ld/ PR ld/25749 * testsuite/ld-elf/linux-x86.exp: Run ld/25749 tests. * testsuite/ld-elf/pr25749-1.c: New file. * testsuite/ld-elf/pr25749-1a.c: Likewise. * testsuite/ld-elf/pr25749-1b.c: Likewise. * testsuite/ld-elf/pr25749-1b.err: Likewise. * testsuite/ld-elf/pr25749-1c.c: Likewise. * testsuite/ld-elf/pr25749-2.c: Likewise. * testsuite/ld-elf/pr25749-2a.s: Likewise. * testsuite/ld-elf/pr25749-2b.s: Likewise. --- bfd/elf32-i386.c | 6 +- bfd/elf64-x86-64.c | 6 +- bfd/elfxx-x86.c | 53 +++++++++++ bfd/elfxx-x86.h | 8 +- ld/testsuite/ld-elf/linux-x86.exp | 135 +++++++++++++++++++++++++++++ ld/testsuite/ld-elf/pr25749-1.c | 12 +++ ld/testsuite/ld-elf/pr25749-1a.c | 11 +++ ld/testsuite/ld-elf/pr25749-1b.c | 9 ++ ld/testsuite/ld-elf/pr25749-1b.err | 3 + ld/testsuite/ld-elf/pr25749-1c.c | 9 ++ ld/testsuite/ld-elf/pr25749-2.c | 12 +++ ld/testsuite/ld-elf/pr25749-2a.s | 6 ++ ld/testsuite/ld-elf/pr25749-2b.s | 7 ++ 13 files changed, 274 insertions(+), 3 deletions(-) create mode 100644 ld/testsuite/ld-elf/pr25749-1.c create mode 100644 ld/testsuite/ld-elf/pr25749-1a.c create mode 100644 ld/testsuite/ld-elf/pr25749-1b.c create mode 100644 ld/testsuite/ld-elf/pr25749-1b.err create mode 100644 ld/testsuite/ld-elf/pr25749-1c.c create mode 100644 ld/testsuite/ld-elf/pr25749-2.c create mode 100644 ld/testsuite/ld-elf/pr25749-2a.s create mode 100644 ld/testsuite/ld-elf/pr25749-2b.s diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c index eb7e1f8b34..c0998d3212 100644 --- a/bfd/elf32-i386.c +++ b/bfd/elf32-i386.c @@ -2212,6 +2212,10 @@ elf_i386_relocate_section (bfd *output_bfd, continue; } + if (!_bfd_elf_x86_valid_reloc_p (input_section, info, rel, sec, + h, sym, symtab_hdr, howto)) + return FALSE; + eh = (struct elf_x86_link_hash_entry *) h; /* Since STT_GNU_IFUNC symbol must go through PLT, we handle @@ -2704,7 +2708,7 @@ elf_i386_relocate_section (bfd *output_bfd, || is_vxworks_tls) break; - if (GENERATE_DYNAMIC_RELOCATION_P (info, eh, r_type, + if (GENERATE_DYNAMIC_RELOCATION_P (info, eh, r_type, sec, FALSE, resolved_to_zero, (r_type == R_386_PC32))) { diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c index 90e2702334..e3e6378741 100644 --- a/bfd/elf64-x86-64.c +++ b/bfd/elf64-x86-64.c @@ -2530,6 +2530,10 @@ elf_x86_64_relocate_section (bfd *output_bfd, continue; } + if (!_bfd_elf_x86_valid_reloc_p (input_section, info, rel, sec, + h, sym, symtab_hdr, howto)) + return FALSE; + if (rel->r_addend == 0 && !ABI_64_P (output_bfd)) { if (r_type == R_X86_64_64) @@ -3175,7 +3179,7 @@ elf_x86_64_relocate_section (bfd *output_bfd, && (X86_PCREL_TYPE_P (r_type) || X86_SIZE_TYPE_P (r_type))); - if (GENERATE_DYNAMIC_RELOCATION_P (info, eh, r_type, + if (GENERATE_DYNAMIC_RELOCATION_P (info, eh, r_type, sec, need_copy_reloc_in_pie, resolved_to_zero, FALSE)) { diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c index 108e04a158..64e8170244 100644 --- a/bfd/elfxx-x86.c +++ b/bfd/elfxx-x86.c @@ -952,6 +952,59 @@ _bfd_x86_elf_link_check_relocs (bfd *abfd, struct bfd_link_info *info) return _bfd_elf_link_check_relocs (abfd, info); } +bfd_boolean +_bfd_elf_x86_valid_reloc_p (asection *input_section, + struct bfd_link_info *info, + const Elf_Internal_Rela *rel, + asection *sec, + struct elf_link_hash_entry *h, + Elf_Internal_Sym *sym, + Elf_Internal_Shdr *symtab_hdr, + const reloc_howto_type *howto) +{ + bfd_boolean valid_p = TRUE; + + /* Check If relocation against absolute symbol is valid in PIC. */ + if (bfd_link_pic (info) + && bfd_is_abs_section (sec) + && (h == NULL || SYMBOL_REFERENCES_LOCAL_P (info, h))) + { + const struct elf_backend_data *bed + = get_elf_backend_data (input_section->owner); + unsigned int r_type = ELF32_R_TYPE (rel->r_info); + + /* Only allow S - A relocations against absolute symbol. */ + if (bed->target_id == X86_64_ELF_DATA) + valid_p = (r_type == R_X86_64_64 + || r_type == R_X86_64_32 + || r_type == R_X86_64_16 + || r_type == R_X86_64_8); + else + valid_p = (r_type == R_386_32 + || r_type == R_386_16 + || r_type == R_386_8); + + if (!valid_p) + { + const char *name; + if (h) + name = h->root.root.string; + else + name = bfd_elf_sym_name (input_section->owner, symtab_hdr, + sym, NULL); + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: in relocation %s against absolute symbol `%s' " + "at %#" PRIx64 " in section `%pA' is disallowed"), + input_section->owner, howto->name, name, + (uint64_t) rel->r_offset, input_section); + bfd_set_error (bfd_error_bad_value); + } + } + + return valid_p; +} + /* Set the sizes of the dynamic sections. */ bfd_boolean diff --git a/bfd/elfxx-x86.h b/bfd/elfxx-x86.h index bef17dc2ba..8a2731a194 100644 --- a/bfd/elfxx-x86.h +++ b/bfd/elfxx-x86.h @@ -120,10 +120,11 @@ relocations against resolved undefined weak symbols in PIE, except when PC32_RELOC is TRUE. Undefined weak symbol is bound locally when PIC is false. */ -#define GENERATE_DYNAMIC_RELOCATION_P(INFO, EH, R_TYPE, \ +#define GENERATE_DYNAMIC_RELOCATION_P(INFO, EH, R_TYPE, SEC, \ NEED_COPY_RELOC_IN_PIE, \ RESOLVED_TO_ZERO, PC32_RELOC) \ ((bfd_link_pic (INFO) \ + && !bfd_is_abs_section (SEC) \ && !(NEED_COPY_RELOC_IN_PIE) \ && ((EH) == NULL \ || ((ELF_ST_VISIBILITY ((EH)->elf.other) == STV_DEFAULT \ @@ -652,6 +653,11 @@ extern int _bfd_x86_elf_compare_relocs extern bfd_boolean _bfd_x86_elf_link_check_relocs (bfd *, struct bfd_link_info *); +extern bfd_boolean _bfd_elf_x86_valid_reloc_p + (asection *, struct bfd_link_info *, const Elf_Internal_Rela *, + asection *, struct elf_link_hash_entry *, Elf_Internal_Sym *, + Elf_Internal_Shdr *, const reloc_howto_type *); + extern bfd_boolean _bfd_x86_elf_size_dynamic_sections (bfd *, struct bfd_link_info *); diff --git a/ld/testsuite/ld-elf/linux-x86.exp b/ld/testsuite/ld-elf/linux-x86.exp index 63a321b966..f34158d0b5 100644 --- a/ld/testsuite/ld-elf/linux-x86.exp +++ b/ld/testsuite/ld-elf/linux-x86.exp @@ -115,3 +115,138 @@ elfedit_test "--disable-x86-feature shstk" x86-feature-1 x86-feature-1c elfedit_test "--disable-x86-feature ibt" x86-feature-1 x86-feature-1d elfedit_test "--enable-x86-feature ibt --enable-x86-feature shstk" \ x86-feature-1 x86-feature-1e + +proc check_pr25749a {testname srcfilea srcfileb cflags ldflags lderror} { + global objcopy + global srcdir + global subdir + + if { [istarget "i?86-*-linux*"] } { + set output_arch "i386:i386" + set output_target "elf32-i386" + } else { + set output_arch "i386:x86-64" + if {[istarget "x86_64-*-linux*-gnux32"]} { + set output_target "elf32-x86-64" + } else { + set output_target "elf64-x86-64" + } + } + + exec cp $srcdir/$subdir/$srcfilea $srcfilea + set pr25749_bin "$objcopy -B $output_arch -I binary -O $output_target $srcfilea tmpdir/pr25749-bin.o" + send_log "$pr25749_bin\n" + set got [remote_exec host "$pr25749_bin"] + if { [lindex $got 0] != 0 || ![string match "" [lindex $got 1]] } then { + send_log "$got\n" + fail "Convert $srcfilea to $output_target" + return + } + + if {"$lderror" == ""} { + run_ld_link_exec_tests [list \ + [list \ + "Run ${testname}a ($ldflags $cflags)" \ + "$ldflags tmpdir/pr25749-bin.o" \ + "" \ + [list $srcfilea $srcfileb]\ + "${testname}a" \ + "pass.out" \ + "$cflags" \ + ] \ + ] + } else { + run_cc_link_tests [list \ + [list \ + "Build $testname ($ldflags $cflags)" \ + "$ldflags tmpdir/pr25749-bin.o" \ + "$cflags" \ + [list $srcfilea $srcfileb]\ + [list [list error_output $lderror]] \ + "$testname" \ + ] \ + ] + } +} + +check_pr25749a "pr25749-1a" "pr25749-1.c" "pr25749-1a.c" "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" "" +check_pr25749a "pr25749-1a" "pr25749-1.c" "pr25749-1a.c" "-fPIE" "-pie" "" +check_pr25749a "pr25749-1b" "pr25749-1.c" "pr25749-1b.c" "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" "" +check_pr25749a "pr25749-1b" "pr25749-1.c" "pr25749-1b.c" "-fPIE" "-pie" "pr25749-1b.err" +check_pr25749a "pr25749-1c" "pr25749-1.c" "pr25749-1c.c" "-fPIC" "-shared" "pr25749-1b.err" +check_pr25749a "pr25749-2a" "pr25749-2.c" "pr25749-2a.s" "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" "" +check_pr25749a "pr25749-2a" "pr25749-2.c" "pr25749-2a.s" "-fPIE" "-pie" "" +check_pr25749a "pr25749-2b" "pr25749-2.c" "pr25749-2b.s" "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" "" +check_pr25749a "pr25749-2b" "pr25749-2.c" "pr25749-2b.s" "-fPIE" "-pie" "" + +proc check_pr25749b {testname srcfilea srcfileb cflags ldflags lderror} { + global objcopy + global srcdir + global subdir + + if { [istarget "i?86-*-linux*"] } { + set output_arch "i386:i386" + set output_target "elf32-i386" + } else { + set output_arch "i386:x86-64" + if {[istarget "x86_64-*-linux*-gnux32"]} { + set output_target "elf32-x86-64" + } else { + set output_target "elf64-x86-64" + } + } + + exec cp $srcdir/$subdir/$srcfilea $srcfilea + set pr25749_bin "$objcopy -B $output_arch -I binary -O $output_target $srcfilea tmpdir/pr25749-bin.o" + send_log "$pr25749_bin\n" + set got [remote_exec host "$pr25749_bin"] + if { [lindex $got 0] != 0 || ![string match "" [lindex $got 1]] } then { + send_log "$got\n" + fail "Convert $srcfilea to $output_target" + return + } + + if {"$lderror" == ""} { + run_cc_link_tests [list \ + [list \ + "Build lib${testname}.so ($ldflags $cflags)" \ + "-shared tmpdir/pr25749-bin.o" \ + "-fPIC" \ + [list $srcfileb] \ + "" \ + "lib${testname}.so" \ + ] \ + ] + run_ld_link_exec_tests [list \ + [list \ + "Run ${testname}b ($ldflags $cflags)" \ + "$ldflags -Wl,--no-as-needed tmpdir/lib${testname}.so" \ + "" \ + [list $srcfilea]\ + "${testname}b" \ + "pass.out" \ + "$cflags" \ + ] \ + ] + } else { + run_cc_link_tests [list \ + [list \ + "Build $testname ($ldflags $cflags)" \ + "$ldflags tmpdir/pr25749-bin.o" \ + "$cflags" \ + [list $srcfilea $srcfileb]\ + [list [list error_output $lderror]] \ + "$testname" \ + ] \ + ] + } +} + +check_pr25749b "pr25749-1a" "pr25749-1.c" "pr25749-1a.c" "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" "" +check_pr25749b "pr25749-1a" "pr25749-1.c" "pr25749-1a.c" "-fPIE" "-pie" "" +check_pr25749b "pr25749-1b" "pr25749-1.c" "pr25749-1b.c" "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" "" +check_pr25749b "pr25749-1b" "pr25749-1.c" "pr25749-1b.c" "-fPIE" "-pie" "" +check_pr25749b "pr25749-2a" "pr25749-2.c" "pr25749-2a.s" "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" "" +check_pr25749b "pr25749-2a" "pr25749-2.c" "pr25749-2a.s" "-fPIE" "-pie" "" +check_pr25749b "pr25749-2b" "pr25749-2.c" "pr25749-2b.s" "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" "" +check_pr25749b "pr25749-2b" "pr25749-2.c" "pr25749-2b.s" "-fPIE" "-pie" "" diff --git a/ld/testsuite/ld-elf/pr25749-1.c b/ld/testsuite/ld-elf/pr25749-1.c new file mode 100644 index 0000000000..5b37af08c6 --- /dev/null +++ b/ld/testsuite/ld-elf/pr25749-1.c @@ -0,0 +1,12 @@ +#include +#include + +extern intptr_t size (void); + +int +main () +{ + if (size () == 147) + printf ("PASS\n"); + return 0; +} diff --git a/ld/testsuite/ld-elf/pr25749-1a.c b/ld/testsuite/ld-elf/pr25749-1a.c new file mode 100644 index 0000000000..775623b8c9 --- /dev/null +++ b/ld/testsuite/ld-elf/pr25749-1a.c @@ -0,0 +1,11 @@ +#include + +extern void *_binary_pr25749_1_c_start; +extern void *_binary_pr25749_1_c_end; + +intptr_t +size (void) +{ + return ((intptr_t) &_binary_pr25749_1_c_end + - (intptr_t) &_binary_pr25749_1_c_start); +} diff --git a/ld/testsuite/ld-elf/pr25749-1b.c b/ld/testsuite/ld-elf/pr25749-1b.c new file mode 100644 index 0000000000..f02a408700 --- /dev/null +++ b/ld/testsuite/ld-elf/pr25749-1b.c @@ -0,0 +1,9 @@ +#include + +extern void *_binary_pr25749_1_c_size; + +intptr_t +size (void) +{ + return (intptr_t) &_binary_pr25749_1_c_size; +} diff --git a/ld/testsuite/ld-elf/pr25749-1b.err b/ld/testsuite/ld-elf/pr25749-1b.err new file mode 100644 index 0000000000..bb389172f1 --- /dev/null +++ b/ld/testsuite/ld-elf/pr25749-1b.err @@ -0,0 +1,3 @@ +#... +.*: .* against absolute symbol `_binary_pr25749_1_c_size' .* is disallowed +#pass diff --git a/ld/testsuite/ld-elf/pr25749-1c.c b/ld/testsuite/ld-elf/pr25749-1c.c new file mode 100644 index 0000000000..f2847d7f62 --- /dev/null +++ b/ld/testsuite/ld-elf/pr25749-1c.c @@ -0,0 +1,9 @@ +#include + +extern void *_binary_pr25749_1_c_size __attribute__ ((visibility("hidden"))); + +intptr_t +size (void) +{ + return (intptr_t) &_binary_pr25749_1_c_size; +} diff --git a/ld/testsuite/ld-elf/pr25749-2.c b/ld/testsuite/ld-elf/pr25749-2.c new file mode 100644 index 0000000000..820bebc167 --- /dev/null +++ b/ld/testsuite/ld-elf/pr25749-2.c @@ -0,0 +1,12 @@ +#include +#include + +extern intptr_t size; + +int +main () +{ + if (size == 137) + printf ("PASS\n"); + return 0; +} diff --git a/ld/testsuite/ld-elf/pr25749-2a.s b/ld/testsuite/ld-elf/pr25749-2a.s new file mode 100644 index 0000000000..df486fe329 --- /dev/null +++ b/ld/testsuite/ld-elf/pr25749-2a.s @@ -0,0 +1,6 @@ + .data + .globl size + .type size, %object +size: + .dc.a _binary_pr25749_2_c_size + .size size, .-size diff --git a/ld/testsuite/ld-elf/pr25749-2b.s b/ld/testsuite/ld-elf/pr25749-2b.s new file mode 100644 index 0000000000..ba82c450bc --- /dev/null +++ b/ld/testsuite/ld-elf/pr25749-2b.s @@ -0,0 +1,7 @@ + .data + .hidden _binary_pr25749_2_c_size + .globl size + .type size, %object +size: + .dc.a _binary_pr25749_2_c_size + .size size, .-size -- 2.25.1