From: Fangrui Song <i@maskray.me>
To: binutils@sourceware.org,
Adhemerval Zanella <adhemerval.zanella@linaro.org>,
Szabolcs Nagy <szabolcs.nagy@arm.com>
Subject: [PATCH] aarch64: Disallow copy relocations on protected data
Date: Mon, 23 May 2022 22:10:17 -0700 [thread overview]
Message-ID: <20220524051017.2244288-1-i@maskray.me> (raw)
The behavior matches ld.lld which has been used on many aarch64 OSes.
Rationale: copy relocations indicate that the executable and the shared object
would access different copies, if the shared object does not reference the
variable with GLOB_DAT.
Note: x86 requires GNU_PROPERTY_NO_COPY_ON_PROTECTED to have the error.
This is to largely due to GCC 5's
"x86-64: Optimize access to globals in PIE with copy reloc" which started to use
direct access relocations for external data symbols in -fpie mode.
GCC's aarch64 port does not have the change. Nowadays with most builds switching
to -fpie/-fpic, aarch64 mostly doesn't need to worry about copy relocations. So
for aarch64 we simply don't check GNU_PROPERTY_NO_COPY_ON_PROTECTED.
---
bfd/elfnn-aarch64.c | 28 ++++++++++++++++++-
ld/testsuite/ld-aarch64/aarch64-elf.exp | 9 ++++++
.../ld-aarch64/copy-reloc-protected.d | 2 ++
ld/testsuite/ld-aarch64/protected.s | 8 ++++++
4 files changed, 46 insertions(+), 1 deletion(-)
create mode 100644 ld/testsuite/ld-aarch64/copy-reloc-protected.d
create mode 100644 ld/testsuite/ld-aarch64/protected.s
diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c
index 4926bab9cf2..8896b0f78dd 100644
--- a/bfd/elfnn-aarch64.c
+++ b/bfd/elfnn-aarch64.c
@@ -2579,6 +2579,9 @@ struct elf_aarch64_link_hash_entry
this symbol. */
unsigned int got_type;
+ /* TRUE if symbol is defined as a protected symbol. */
+ unsigned int def_protected : 1;
+
/* A pointer to the most recently used stub hash entry against this
symbol. */
struct elf_aarch64_stub_hash_entry *stub_cache;
@@ -2855,9 +2858,16 @@ elfNN_aarch64_copy_indirect_symbol (struct bfd_link_info *info,
static void
elfNN_aarch64_merge_symbol_attribute (struct elf_link_hash_entry *h,
unsigned int st_other,
- bool definition ATTRIBUTE_UNUSED,
+ bool definition,
bool dynamic ATTRIBUTE_UNUSED)
{
+ if (definition)
+ {
+ struct elf_aarch64_link_hash_entry *eh
+ = (struct elf_aarch64_link_hash_entry *) h;
+ eh->def_protected = ELF_ST_VISIBILITY (st_other) == STV_PROTECTED;
+ }
+
unsigned int isym_sto = st_other & ~ELF_ST_VISIBILITY (-1);
unsigned int h_sto = h->other & ~ELF_ST_VISIBILITY (-1);
@@ -8701,6 +8711,22 @@ elfNN_aarch64_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf)
if (h->dyn_relocs == NULL)
return true;
+ for (p = h->dyn_relocs; p != NULL; p = p->next)
+ if (eh->def_protected)
+ {
+ /* Disallow copy relocations against protected symbol. */
+ asection *s = p->sec->output_section;
+ if (s != NULL && (s->flags & SEC_READONLY) != 0)
+ {
+ info->callbacks->einfo
+ /* xgettext:c-format */
+ (_ ("%F%P: %pB: copy relocation against non-copyable "
+ "protected symbol `%s'\n"),
+ p->sec->owner, h->root.root.string);
+ return false;
+ }
+ }
+
/* In the shared -Bsymbolic case, discard space allocated for
dynamic pc-relative relocs against symbols which turn out to be
defined in regular objects. For the normal shared case, discard
diff --git a/ld/testsuite/ld-aarch64/aarch64-elf.exp b/ld/testsuite/ld-aarch64/aarch64-elf.exp
index 64476f111e0..31162277bd9 100644
--- a/ld/testsuite/ld-aarch64/aarch64-elf.exp
+++ b/ld/testsuite/ld-aarch64/aarch64-elf.exp
@@ -407,6 +407,8 @@ set aarch64elflinktests {
{copy-reloc-exe-2.s} {{objdump -R copy-reloc-2.d}} "copy-reloc-2"}
{"ld-aarch64/exe with copy relocation elimination" "-e0 tmpdir/copy-reloc-so.so" "" ""
{copy-reloc-exe-eliminate.s} {{objdump -R copy-reloc-eliminate.d}} "copy-reloc-elimination"}
+ {"Build .so with protected data" "-shared" "" "" {protected.s}
+ {} "protected.so"}
{"ld-aarch64/so with global func" "-shared" "" "" {func-in-so.s}
{} "func-in-so.so"}
{"ld-aarch64/func sym hash opt for exe"
@@ -416,8 +418,15 @@ set aarch64elflinktests {
{} "libbti-plt-so.so"}
}
+set aarch64elfcclinktests [list \
+ [list "copy relocation on protected data" \
+ "-no-pie tmpdir/copy-reloc-exe.o tmpdir/protected.so" "" \
+ {} {{error_output copy-reloc-protected.d}} "copy-reloc-protected"]
+]
+
if [check_shared_lib_support] {
run_ld_link_tests $aarch64elflinktests
+ run_cc_link_tests $aarch64elfcclinktests
}
run_dump_test "bti-plt-3"
diff --git a/ld/testsuite/ld-aarch64/copy-reloc-protected.d b/ld/testsuite/ld-aarch64/copy-reloc-protected.d
new file mode 100644
index 00000000000..99a356a3df6
--- /dev/null
+++ b/ld/testsuite/ld-aarch64/copy-reloc-protected.d
@@ -0,0 +1,2 @@
+.*: tmpdir/copy-reloc-exe.o: copy relocation against non-copyable protected symbol `global_a'
+#...
diff --git a/ld/testsuite/ld-aarch64/protected.s b/ld/testsuite/ld-aarch64/protected.s
new file mode 100644
index 00000000000..eb3fb402dc4
--- /dev/null
+++ b/ld/testsuite/ld-aarch64/protected.s
@@ -0,0 +1,8 @@
+.global global_a
+.protected global_a
+.type global_a, %object
+.size global_a, 4
+
+.data
+global_a:
+.word 0xcafedead
--
2.36
next reply other threads:[~2022-05-24 5:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-24 5:10 Fangrui Song [this message]
2022-05-27 22:43 ` Fangrui Song
[not found] ` <CAN30aBHDJM4KJAJJ_=4=vKgJL-yow2roUEUa7LFaAFaivkVswg@mail.gmail.com>
2022-06-01 5:53 ` PING: " Fangrui Song
[not found] ` <CAN30aBH68jT8ArEPEx_X-zVzuOmN3u_KV5HKc-Vgc2tVohJADw@mail.gmail.com>
2022-06-15 22:28 ` Fangrui Song
2022-06-21 19:27 ` Fangrui Song
[not found] ` <DS7PR12MB57658D646BB4944D4BECAF84CBB39@DS7PR12MB5765.namprd12.prod.outlook.com>
2022-06-22 10:55 ` Nick Clifton
2022-06-22 11:15 ` Szabolcs Nagy
2022-07-01 11:16 ` Matthias Klose
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220524051017.2244288-1-i@maskray.me \
--to=i@maskray.me \
--cc=adhemerval.zanella@linaro.org \
--cc=binutils@sourceware.org \
--cc=szabolcs.nagy@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).