From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from xry111.site (xry111.site [89.208.246.23]) by sourceware.org (Postfix) with ESMTPS id 761253858D37 for ; Wed, 14 Sep 2022 11:15:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 761253858D37 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=xry111.site Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=xry111.site DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xry111.site; s=default; t=1663154146; bh=FLlwHoMftA+fC47Pge1bxsnDrqik6ubV/NGvUVl60UU=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=NyUxW5uOfzrJEw8sy80SGLlYABfZm3alMg/AhD+pAFAHK/dY5gDpSK2yoZiE0bcbu X73ZLnsV37Nb8JL9UcxUSjqDnr0BWSNvEZ+bZOvCOvNG0dChPctoeyWWTCmSAkClna GhMsVO5HKvIqAmO0Cb7jr9sgOnwFs02NjsphOgek= Received: from localhost.localdomain (xry111.site [IPv6:2001:470:683e::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) (Authenticated sender: xry111@xry111.site) by xry111.site (Postfix) with ESMTPSA id C2D0C65B04; Wed, 14 Sep 2022 07:15:44 -0400 (EDT) Message-ID: <7f2c274b80fa79296005edaf52036745510a83fd.camel@xry111.site> Subject: Re: [PATCH 1/2] LoongArch: Avoid heap-buffer-overflow in loongarch_elf_relocate_section From: Xi Ruoyao To: liuzhensong , binutils@sourceware.org Cc: Chenghua Xu , Lulu Cheng , Wang Xuerui Date: Wed, 14 Sep 2022 19:15:43 +0800 In-Reply-To: References: <20220913154414.554861-1-xry111@xry111.site> <20220913154414.554861-2-xry111@xry111.site> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.45.3 MIME-Version: 1.0 X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FROM_SUSPICIOUS_NTLD,GIT_PATCH_0,LIKELY_SPAM_FROM,PDS_OTHER_BAD_TLD,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Wed, 2022-09-14 at 18:15 +0800, Xi Ruoyao via Binutils wrote: > > Shouldn't write to got table when using hidden ifunc. >=20 > Perhaps it's true, using RELA to resolve a GOT entry should not depend > on any "initial" value of the entry... How about this? We don't need to write into the GOT if R_LARCH_RELATIVE or R_LARCH_IRELATIVE will be used: diff --git a/bfd/elfnn-loongarch.c b/bfd/elfnn-loongarch.c index a9bb66a1e04..1e8ecb2b8e2 100644 --- a/bfd/elfnn-loongarch.c +++ b/bfd/elfnn-loongarch.c @@ -3129,6 +3129,7 @@ loongarch_elf_relocate_section (bfd *output_bfd, stru= ct bfd_link_info *info, BFD_ASSERT (rel->r_addend =3D=3D 0); =20 bfd_vma got_off =3D 0; + bool fill_got_entry =3D true; if (h !=3D NULL) { /* GOT ref or ifunc. */ @@ -3141,6 +3142,10 @@ loongarch_elf_relocate_section (bfd *output_bfd, str= uct bfd_link_info *info, if (h->got.offset =3D=3D MINUS_ONE && h->type =3D=3D STT_GNU_IFUNC) { bfd_vma idx; + + /* An IFUNC is always resolved at runtime. */ + fill_got_entry =3D false; + if (htab->elf.splt !=3D NULL) { idx =3D (h->plt.offset - PLT_HEADER_SIZE) @@ -3177,6 +3182,7 @@ loongarch_elf_relocate_section (bfd *output_bfd, stru= ct bfd_link_info *info, rela.r_addend =3D relocation; loongarch_elf_append_rela (output_bfd, htab->elf.srelgot, &rela); + fill_got_entry =3D false; } h->got.offset |=3D 1; } @@ -3197,12 +3203,14 @@ loongarch_elf_relocate_section (bfd *output_bfd, st= ruct bfd_link_info *info, rela.r_addend =3D relocation; loongarch_elf_append_rela (output_bfd, htab->elf.srelgot, &rela); + fill_got_entry =3D false; } local_got_offsets[r_symndx] |=3D 1; } } =20 - bfd_put_NN (output_bfd, relocation, got->contents + got_off); + if (fill_got_entry) + bfd_put_NN (output_bfd, relocation, got->contents + got_off); =20 relocation =3D got_off + sec_addr (got); } --=20 Xi Ruoyao School of Aerospace Science and Technology, Xidian University