From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=TWj0=7R=NelsondeMBP.localdomain=nelsonc@sourceware.org>
Received: from NelsondeMBP.localdomain (114-25-107-156.dynamic-ip.hinet.net [114.25.107.156])
	by sourceware.org (Postfix) with ESMTP id 22D693858CDA
	for <binutils@sourceware.org>; Sat, 25 Mar 2023 00:41:18 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 22D693858CDA
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rivosinc.com
Authentication-Results: sourceware.org; spf=none smtp.mailfrom=NelsondeMBP.localdomain
Received: by NelsondeMBP.localdomain (Postfix, from userid 501)
	id D27E5A59E06; Sat, 25 Mar 2023 08:41:16 +0800 (CST)
From: Nelson Chu <nelson@rivosinc.com>
To: binutils@sourceware.org,
	jim.wilson.gcc@gmail.com,
	palmer@dabbelt.com
Cc: nelson@rivosinc.com,
	Palmer Dabbelt <palmer@rivosinc.com>
Subject: [PATCH 3/3] RISC-V: PR28789, Reject R_RISCV_PCREL relocations with ABS symbol in PIC/PIE.
Date: Sat, 25 Mar 2023 08:41:13 +0800
Message-Id: <20230325004113.22673-3-nelson@rivosinc.com>
X-Mailer: git-send-email 2.37.1 (Apple Git-137.1)
In-Reply-To: <20230325004113.22673-1-nelson@rivosinc.com>
References: <20230325004113.22673-1-nelson@rivosinc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,KAM_STOCKGEN,KHOP_HELO_FCRDNS,NO_DNS_FOR_FROM,PDS_RDNS_DYNAMIC_FP,RCVD_IN_BARRACUDACENTRAL,RCVD_IN_PBL,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>

From: Palmer Dabbelt <palmer@rivosinc.com>

The non-preemptible SHN_ABS symbol with a pc-relative relocation should be
disallowed when generating shared object (pic and pie).  Generally, the
following cases, which refer to pr25749, will cause a symbol be
non-preemptible,

* -pie, or -shared with -symbolic
* STV_HIDDEN, STV_INTERNAL, STV_PROTECTED
* Have dynamic symbol table, but without the symbol
* VER_NDX_LOCAL

However, PCREL_HI20/LO12 relocs are always bind locally when generating
shared object, so not only the non-preemptible absolute symbol need to
be disallowed, all absolute symbol references need but except that they
are defined in linker script.  If we also disallow the absolute symbol
in linker script, then the glibc-linux toolchain build failed, so regard
them as pc-relative symbols, just like what x86 did.

Maybe we should add this check for all pc-relative relocations, rather
than just handle in R_RISCV_PCREL relocs.  Ideally, since the value of
SHN_ABS symbol is a constant, only S - A relocations should be allowed
in the shared object, so only BFD_RELOC_8/16/32/64 are allowed, which
means R_RISCV_32/R_RISCV_64.

bfd/
    PR 28789
    * elfnn-riscv.c (riscv_elf_check_relocs): The absolute symbol cannot be
    referneced with pc-relative relocation when generating shared object.
ld/
    PR 28789
    * ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp: Updated.
    * ld/testsuite/ld-riscv-elf/pcrel-reloc*: New testcases.
---
 bfd/elfnn-riscv.c                             | 41 +++++++++++++++++++
 ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp    |  7 ++++
 .../ld-riscv-elf/pcrel-reloc-abs-nopie.d      | 14 +++++++
 .../ld-riscv-elf/pcrel-reloc-abs-pie.d        |  5 +++
 ld/testsuite/ld-riscv-elf/pcrel-reloc-abs.s   |  2 +
 .../ld-riscv-elf/pcrel-reloc-rel-nopie.d      | 14 +++++++
 .../ld-riscv-elf/pcrel-reloc-rel-pie.d        | 14 +++++++
 ld/testsuite/ld-riscv-elf/pcrel-reloc-rel.s   |  9 ++++
 ld/testsuite/ld-riscv-elf/pcrel-reloc.s       |  5 +++
 9 files changed, 111 insertions(+)
 create mode 100644 ld/testsuite/ld-riscv-elf/pcrel-reloc-abs-nopie.d
 create mode 100644 ld/testsuite/ld-riscv-elf/pcrel-reloc-abs-pie.d
 create mode 100644 ld/testsuite/ld-riscv-elf/pcrel-reloc-abs.s
 create mode 100644 ld/testsuite/ld-riscv-elf/pcrel-reloc-rel-nopie.d
 create mode 100644 ld/testsuite/ld-riscv-elf/pcrel-reloc-rel-pie.d
 create mode 100644 ld/testsuite/ld-riscv-elf/pcrel-reloc-rel.s
 create mode 100644 ld/testsuite/ld-riscv-elf/pcrel-reloc.s

diff --git a/bfd/elfnn-riscv.c b/bfd/elfnn-riscv.c
index 00f034a6751..0dd9b27c8ae 100644
--- a/bfd/elfnn-riscv.c
+++ b/bfd/elfnn-riscv.c
@@ -862,6 +862,47 @@ riscv_elf_check_relocs (bfd *abfd, struct bfd_link_info *info,
 		 ifunc symbol.  */
 	      h->plt.refcount += 1;
 	    }
+
+	  /* The non-preemptible absolute symbol shouldn't be referneced with
+	     pc-relative relocation when generating shared object.  However,
+	     PCREL_HI20/LO12 relocs are always bind locally when generating
+	     shared object, so all absolute symbol referenced need to be
+	     disallowed, except they are defined in linker script.
+
+	     Maybe we should add this check for all pc-relative relocations,
+	     please see pr28789 and pr25749 for details.  */
+	  if (bfd_link_pic (info)
+	      /* (h == NULL || SYMBOL_REFERENCES_LOCAL (info, h))  */
+	      && is_abs_symbol)
+	    {
+	      if (h != NULL && (h)->root.ldscript_def)
+		/* Disallow the absolute symbol defined in linker script here
+		   will cause the glibc-linux toolchain build failed, so regard
+		   them as pc-relative symbols, just like what x86 did.  */
+		;
+	      else
+		{
+		  const char *name;
+		  if (h->root.root.string)
+		    name = h->root.root.string;
+		  else
+		    {
+		      Elf_Internal_Sym *sym;
+		      sym = bfd_sym_from_r_symndx (&htab->elf.sym_cache, abfd,
+						   r_symndx);
+		      name = bfd_elf_sym_name (abfd, symtab_hdr, sym, NULL);
+		    }
+
+		  reloc_howto_type *r_t =
+			riscv_elf_rtype_to_howto (abfd, r_type);
+		  _bfd_error_handler
+		    (_("%pB: relocation %s against absolute symbol `%s' can "
+		       "not be used when making a shared object"),
+		     abfd, r_t ? r_t->name : _("<unknown>"), name);
+		  bfd_set_error (bfd_error_bad_value);
+		  return false;
+		}
+	    }
 	  /* Fall through.  */
 
 	case R_RISCV_JAL:
diff --git a/ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp b/ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp
index 1b2a5ce2cb2..43572c5286b 100644
--- a/ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp
+++ b/ld/testsuite/ld-riscv-elf/ld-riscv-elf.exp
@@ -308,4 +308,11 @@ if [istarget "riscv*-*-*"] {
     run_dump_test "ifunc-seperate-plt-pic"
     run_dump_test "ifunc-seperate-pcrel-pie"
     run_dump_test "ifunc-seperate-pcrel-pic"
+
+    # Tests related to mixing medany code into position-independent targets,
+    # where it's not always possible to generate correct addressing sequences.
+    run_dump_test "pcrel-reloc-rel-nopie"
+    run_dump_test "pcrel-reloc-rel-pie"
+    run_dump_test "pcrel-reloc-abs-nopie"
+    run_dump_test "pcrel-reloc-abs-pie"
 }
diff --git a/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs-nopie.d b/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs-nopie.d
new file mode 100644
index 00000000000..54026388b7a
--- /dev/null
+++ b/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs-nopie.d
@@ -0,0 +1,14 @@
+#source: pcrel-reloc.s
+#source: pcrel-reloc-abs.s
+#as: -march=rv64i -mabi=lp64
+#ld: -melf64lriscv --no-pie --no-relax
+#objdump: -d
+
+.*:[ 	]+file format .*
+
+Disassembly of section \.text:
+
+[0-9a-f]+ <_start>:
+.*auipc.*
+.*lw.*# [0-9a-f]* <sym>
+#pass
diff --git a/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs-pie.d b/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs-pie.d
new file mode 100644
index 00000000000..7f5eaa321f7
--- /dev/null
+++ b/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs-pie.d
@@ -0,0 +1,5 @@
+#source: pcrel-reloc.s
+#source: pcrel-reloc-abs.s
+#as: -march=rv64i -mabi=lp64
+#ld: -melf64lriscv --pie --no-relax
+#error: .*relocation R_RISCV_PCREL_HI20 against absolute symbol `sym' can not be used when making a shared objec.*t
diff --git a/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs.s b/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs.s
new file mode 100644
index 00000000000..1df32a1a3fb
--- /dev/null
+++ b/ld/testsuite/ld-riscv-elf/pcrel-reloc-abs.s
@@ -0,0 +1,2 @@
+.global sym
+.set sym,0x8000
diff --git a/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel-nopie.d b/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel-nopie.d
new file mode 100644
index 00000000000..ab2a3774cdd
--- /dev/null
+++ b/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel-nopie.d
@@ -0,0 +1,14 @@
+#source: pcrel-reloc.s
+#source: pcrel-reloc-rel.s
+#as: -march=rv64i -mabi=lp64
+#ld: -melf64lriscv --no-pie --no-relax
+#objdump: -d
+
+.*:[ 	]+file format .*
+
+Disassembly of section \.text:
+
+[0-9a-f]+ <_start>:
+.*auipc.*
+.*lw.*# [0-9a-f]* <sym>
+#pass
diff --git a/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel-pie.d b/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel-pie.d
new file mode 100644
index 00000000000..aec612d4d2c
--- /dev/null
+++ b/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel-pie.d
@@ -0,0 +1,14 @@
+#source: pcrel-reloc.s
+#source: pcrel-reloc-rel.s
+#as: -march=rv64i -mabi=lp64
+#ld: -melf64lriscv --pie --no-relax
+#objdump: -d
+
+.*:[ 	]+file format .*
+
+Disassembly of section \.text:
+
+[0-9a-f]+ <_start>:
+.*auipc.*
+.*lw.*# [0-9a-f]* <sym>
+#pass
diff --git a/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel.s b/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel.s
new file mode 100644
index 00000000000..fb0e6c09f22
--- /dev/null
+++ b/ld/testsuite/ld-riscv-elf/pcrel-reloc-rel.s
@@ -0,0 +1,9 @@
+.data
+# Makes sure "sym" doesn't end up at the beginning of ".data", as that makes it
+# tough to then later detect it from scripts.
+.global buf
+buf:
+    .fill 8192, 4, 1
+.global sym
+sym:
+    .fill 8192, 4, 2
diff --git a/ld/testsuite/ld-riscv-elf/pcrel-reloc.s b/ld/testsuite/ld-riscv-elf/pcrel-reloc.s
new file mode 100644
index 00000000000..db2103bafd1
--- /dev/null
+++ b/ld/testsuite/ld-riscv-elf/pcrel-reloc.s
@@ -0,0 +1,5 @@
+.text
+.global _start
+_start:
+    auipc t0, %pcrel_hi(sym)
+    lw t0, %pcrel_lo(_start)(t0)
-- 
2.37.1 (Apple Git-137.1)