From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by sourceware.org (Postfix) with ESMTPS id 1FF91385AE7E for ; Sat, 25 Jun 2022 17:44:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 1FF91385AE7E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=maskray.me Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pj1-f43.google.com with SMTP id a11-20020a17090acb8b00b001eca0041455so7379005pju.1 for ; Sat, 25 Jun 2022 10:44:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=k5yqwFUmNKmoclKEis8H7cj/yY3athg8GO/c87zQoYA=; b=Gc6ZtGeCUFM4C7JQWeA6Kcsyh05/7ewoptwERI2nzSyVjnNLPoV+9P1urTQXBRWAsn +eOobpkUEGhVTPBm93Xr/LBxdyk8ZqglZ0rDTA0woeRPfkCTrU3JOuqqUclCXU9bjRcl zoKeIR3hrG0eg6/H1brdtPWPqiB4CnwlAkKj68w3anFSIbTcBtxsO50dV5ocnBgtTEMt yntV70DONIxH3/6ebYizjiVkp/n2wqDjwjTvTdPwgQ80maoa61GWrRy2q5h+TFm5Grd0 98IZboltD/H6lWu6RM26hT7bv4u+F67KUu/kyAuxW0y8mRwDZ+/DF6Zxt3nwIRgwE8X0 9ZrA== X-Gm-Message-State: AJIora+Ylgv/rJSZNGrC61k3GTSPKPDosi14aJxrIwLFCYfazwmRDtt7 od6oPA3kz8DtsTwIQfTrfcOhSFbSbts= X-Google-Smtp-Source: AGRyM1st/ekqm+Pt7oW3xy5iuNXOi/UNQoBtYIrZwf494NtF6mvK3BZ3GVfRRc2LGAiIaoitKkuLbQ== X-Received: by 2002:a17:902:da82:b0:16a:7ca5:36c0 with SMTP id j2-20020a170902da8200b0016a7ca536c0mr2398416plx.27.1656179068825; Sat, 25 Jun 2022 10:44:28 -0700 (PDT) Received: from localhost ([2601:647:6300:b760:a998:a981:4405:1a0a]) by smtp.gmail.com with ESMTPSA id f1-20020a654001000000b0040d22243295sm3838822pgp.79.2022.06.25.10.44.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Jun 2022 10:44:28 -0700 (PDT) From: Fangrui Song To: binutils@sourceware.org, hjl.tools@gmail.com Subject: [PATCH] x86: Make protected symbols local for -shared Date: Sat, 25 Jun 2022 10:44:26 -0700 Message-Id: <20220625174426.1475218-1-i@maskray.me> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-8.0 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM, GIT_PATCH_0, HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, KAM_INFOUSMEBIZ, KAM_STOCKGEN, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jun 2022 17:44:32 -0000 Call _bfd_elf_symbol_refs_local_p with local_protected==true. This has 2 noticeable effects for -shared: * GOT-generating relocations referencing a protected data symbol no longer lead to a GLOB_DAT (similar to a hidden symbol). * Direct access relocations (e.g. R_X86_64_PC32) no longer has the confusing diagnostic below. __attribute__((visibility("protected"))) void *foo() { return (void *)foo; } // gcc -fpic -shared -fuse-ld=bfd relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object The new behavior matches arm, aarch64 (commit 83c325007c5599fa9b60b8d5f7b84842160e1d1b), and powerpc ports, and other linkers: gold and ld.lld. Note: if some code tries to use direct access relocations to take the address of foo, the pointer equality will break, but the error should be reported on the executable link, not on the innocent shared object link. glibc 2.36 will give a warning at relocation resolving time. With this change, `#define elf_backend_extern_protected_data 1` is no longer effective. Just remove it. Remove the test "Run protected-func-1 without PIE" since -fno-pic address taken operation in the executable doesn't work with protected symbol in a shared object by default. Similarly, remove protected-data-1a and protected-data-1b. protected-data-1b can be made working by removing HAVE_LD_PIE_COPYRELOC from GCC (https://sourceware.org/pipermail/gcc-patches/2022-June/596678.html). --- bfd/elf32-i386.c | 1 - bfd/elf64-x86-64.c | 1 - bfd/elfxx-x86.c | 2 +- ld/testsuite/ld-i386/protected1.d | 4 +++- ld/testsuite/ld-i386/protected3.d | 2 +- ld/testsuite/ld-i386/protected6a.d | 4 +++- ld/testsuite/ld-x86-64/pr24151a-x32.d | 4 +++- ld/testsuite/ld-x86-64/pr24151a.d | 4 +++- ld/testsuite/ld-x86-64/protected1.d | 4 +++- ld/testsuite/ld-x86-64/protected3.d | 2 +- ld/testsuite/ld-x86-64/protected6a.d | 4 +++- ld/testsuite/ld-x86-64/protected7a.d | 4 +++- ld/testsuite/ld-x86-64/x86-64.exp | 27 --------------------------- 13 files changed, 24 insertions(+), 39 deletions(-) diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c index e4106d9fd3b..c3c46795731 100644 --- a/bfd/elf32-i386.c +++ b/bfd/elf32-i386.c @@ -4424,7 +4424,6 @@ elf_i386_link_setup_gnu_properties (struct bfd_link_info *info) #define elf_backend_got_header_size 12 #define elf_backend_plt_alignment 4 #define elf_backend_dtrel_excludes_plt 1 -#define elf_backend_extern_protected_data 1 #define elf_backend_caches_rawsize 1 #define elf_backend_want_dynrelro 1 diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c index 6154a70bdd7..aaa5f1496b9 100644 --- a/bfd/elf64-x86-64.c +++ b/bfd/elf64-x86-64.c @@ -5275,7 +5275,6 @@ elf_x86_64_special_sections[]= #define elf_backend_got_header_size (GOT_ENTRY_SIZE*3) #define elf_backend_rela_normal 1 #define elf_backend_plt_alignment 4 -#define elf_backend_extern_protected_data 1 #define elf_backend_caches_rawsize 1 #define elf_backend_dtrel_excludes_plt 1 #define elf_backend_want_dynrelro 1 diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c index acb2cc8528d..18f3d335458 100644 --- a/bfd/elfxx-x86.c +++ b/bfd/elfxx-x86.c @@ -3094,7 +3094,7 @@ _bfd_x86_elf_link_symbol_references_local (struct bfd_link_info *info, 2. When building executable, there is no dynamic linker. Or 3. or "-z nodynamic-undefined-weak" is used. */ - if (SYMBOL_REFERENCES_LOCAL (info, h) + if (_bfd_elf_symbol_refs_local_p (h, info, 1) || (h->root.type == bfd_link_hash_undefweak && (ELF_ST_VISIBILITY (h->other) != STV_DEFAULT || (bfd_link_executable (info) diff --git a/ld/testsuite/ld-i386/protected1.d b/ld/testsuite/ld-i386/protected1.d index a3cb5cef140..531645b8fe8 100644 --- a/ld/testsuite/ld-i386/protected1.d +++ b/ld/testsuite/ld-i386/protected1.d @@ -1,3 +1,5 @@ #as: --32 #ld: -shared -melf_i386 -#error: .*relocation R_386_GOTOFF against protected function `foo' can not be used when making a shared object +#readelf: -rW +#... +There are no relocations in this file. diff --git a/ld/testsuite/ld-i386/protected3.d b/ld/testsuite/ld-i386/protected3.d index c3a6888d900..77367c4738f 100644 --- a/ld/testsuite/ld-i386/protected3.d +++ b/ld/testsuite/ld-i386/protected3.d @@ -8,7 +8,7 @@ Disassembly of section .text: 0+[a-f0-9]+ : -[ ]*[a-f0-9]+: 8b 81 [a-f0-9][a-f0-9] [a-f0-9][a-f0-9] ff ff mov -0x[a-f0-9]+\(%ecx\),%eax +[ ]*[a-f0-9]+: 8d 81 00 00 00 00 lea 0x0\(%ecx\),%eax [ ]*[a-f0-9]+: 8b 00 mov \(%eax\),%eax [ ]*[a-f0-9]+: c3 ret #pass diff --git a/ld/testsuite/ld-i386/protected6a.d b/ld/testsuite/ld-i386/protected6a.d index 7dc350432f4..4d3873239f9 100644 --- a/ld/testsuite/ld-i386/protected6a.d +++ b/ld/testsuite/ld-i386/protected6a.d @@ -1,4 +1,6 @@ #source: protected6.s #as: --32 #ld: -shared -melf_i386 -#error: .*relocation R_386_GOTOFF against protected data `foo' can not be used when making a shared object +#readelf: -rW +#... +There are no relocations in this file. diff --git a/ld/testsuite/ld-x86-64/pr24151a-x32.d b/ld/testsuite/ld-x86-64/pr24151a-x32.d index 130611ddf49..1f49b655f7d 100644 --- a/ld/testsuite/ld-x86-64/pr24151a-x32.d +++ b/ld/testsuite/ld-x86-64/pr24151a-x32.d @@ -1,4 +1,6 @@ #source: pr24151a.s #as: --x32 #ld: -shared -melf32_x86_64 -#error: .*relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object +#readelf: -rW +#... +There are no relocations in this file. diff --git a/ld/testsuite/ld-x86-64/pr24151a.d b/ld/testsuite/ld-x86-64/pr24151a.d index 783b85a1a6f..6c48e383e01 100644 --- a/ld/testsuite/ld-x86-64/pr24151a.d +++ b/ld/testsuite/ld-x86-64/pr24151a.d @@ -1,3 +1,5 @@ #as: --64 #ld: -shared -melf_x86_64 -#error: .*relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object +#readelf: -rW +#... +There are no relocations in this file. diff --git a/ld/testsuite/ld-x86-64/protected1.d b/ld/testsuite/ld-x86-64/protected1.d index 783b85a1a6f..6c48e383e01 100644 --- a/ld/testsuite/ld-x86-64/protected1.d +++ b/ld/testsuite/ld-x86-64/protected1.d @@ -1,3 +1,5 @@ #as: --64 #ld: -shared -melf_x86_64 -#error: .*relocation R_X86_64_PC32 against protected symbol `foo' can not be used when making a shared object +#readelf: -rW +#... +There are no relocations in this file. diff --git a/ld/testsuite/ld-x86-64/protected3.d b/ld/testsuite/ld-x86-64/protected3.d index 57950e4d6b6..ba63991582f 100644 --- a/ld/testsuite/ld-x86-64/protected3.d +++ b/ld/testsuite/ld-x86-64/protected3.d @@ -8,7 +8,7 @@ Disassembly of section .text: 0+[a-f0-9]+ : -[ ]*[a-f0-9]+: 48 8b 05 ([0-9a-f]{2} ){4} * mov 0x[a-f0-9]+\(%rip\),%rax # [a-f0-9]+ <.*> +[ ]*[a-f0-9]+: 48 8d 05 ([0-9a-f]{2} ){4} * lea 0x[a-f0-9]+\(%rip\),%rax # [a-f0-9]+ <.*> [ ]*[a-f0-9]+: 8b 00 mov \(%rax\),%eax [ ]*[a-f0-9]+: c3 ret #pass diff --git a/ld/testsuite/ld-x86-64/protected6a.d b/ld/testsuite/ld-x86-64/protected6a.d index 3a7963ffd2f..50d6430b577 100644 --- a/ld/testsuite/ld-x86-64/protected6a.d +++ b/ld/testsuite/ld-x86-64/protected6a.d @@ -1,4 +1,6 @@ #source: protected6.s #as: --64 #ld: -shared -melf_x86_64 -#error: .*relocation R_X86_64_GOTOFF64 against protected data `foo' can not be used when making a shared object +#readelf: -rW +#... +There are no relocations in this file. diff --git a/ld/testsuite/ld-x86-64/protected7a.d b/ld/testsuite/ld-x86-64/protected7a.d index 3082084a7b8..3974246a2a8 100644 --- a/ld/testsuite/ld-x86-64/protected7a.d +++ b/ld/testsuite/ld-x86-64/protected7a.d @@ -1,4 +1,6 @@ #source: protected7.s #as: --64 #ld: -shared -melf_x86_64 -#error: .*relocation R_X86_64_GOTOFF64 against protected function `foo' can not be used when making a shared object +#readelf: -rW +#... +There are no relocations in this file. diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp index 5e5636bcebe..a096c0b9d0f 100644 --- a/ld/testsuite/ld-x86-64/x86-64.exp +++ b/ld/testsuite/ld-x86-64/x86-64.exp @@ -1832,15 +1832,6 @@ if { [isnative] && [check_compiler_available] } { "pr23997" \ "pass.out" \ ] \ - [list \ - "Run protected-func-1 without PIE" \ - "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-func-1.so" \ - "-Wa,-mx86-used-note=yes" \ - { protected-func-1b.c } \ - "protected-func-1a" \ - "pass.out" \ - "$NOPIE_CFLAGS" \ - ] \ [list \ "Run protected-func-1 with PIE" \ "-Wl,--no-as-needed -pie tmpdir/libprotected-func-1.so" \ @@ -1904,24 +1895,6 @@ if { [isnative] && [check_compiler_available] } { "pass.out" \ "-fPIE" \ ] \ - [list \ - "Run protected-data-1a without PIE" \ - "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-data-1a.so" \ - "-Wa,-mx86-used-note=yes" \ - { protected-data-1b.c } \ - "protected-data-1a" \ - "pass.out" \ - "$NOPIE_CFLAGS" \ - ] \ - [list \ - "Run protected-data-1b with PIE" \ - "-Wl,--no-as-needed -pie tmpdir/libprotected-data-1a.so" \ - "-Wa,-mx86-used-note=yes" \ - { protected-data-1b.c } \ - "protected-data-1b" \ - "pass.out" \ - "-fPIE" \ - ] \ [list \ "Run protected-data-2a without PIE" \ "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-data-2a.so" \ -- 2.37