From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11olkn2074.outbound.protection.outlook.com [40.92.20.74]) by sourceware.org (Postfix) with ESMTPS id 167DC3851C21 for ; Fri, 27 May 2022 22:51:28 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 167DC3851C21 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=maskray.me Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=maskray.me ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TdhYpmMHqWcdpUsmIivseqjCCC5a7IOCZ4d9xGq/BB4q3oKv0JTo1gATzMHE2swW45wjkkmNgwx2/vpwI7xamKghHr61VsbsDPlE/2kAbSfyN+D+xZDI4TFL9G9AH5SQ1EbnE+Z9dhsnH5TiaZhyeTwGuczPOWyxGPotIY7C/ZQeUMRci9vt02dWpBMf/yZ1Gm60SDt0reyQ2IZh2GpH6CmCwb9gurdgnxFK+LBCrHIR5hOQKPYzHS8Q/bfF6RYy6tBoljU4zKULPNsU0lpKBzlpcR1t5FmB8MlcCqrjjg1ZfTtl1/74Q/tu5CvuThKIOUDngY6wWRKZFJ7XQha2bQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iUetJ5p38lqGeVXlne1TKYK5Kc+aZOV4ydHa3zjupQ0=; b=DzevC7ERV4Uulf8t5PWDKFPVztcE/8TDpuA2Yh6MLTRQ+s7Rr+jJZantv/gDIHnTuT5BRCA1eHQOTsZWof9jfheF0NAWjQiQwpGiga5LBzNz6SGgUjsOerFfW8GGxXyznqYt1u52FL37I2tGQrWcNaBzUc16l+FrPSLEO99InoQSaDSX3VfSWqG5nhFcrbMqVHMMjKTU8lof+HY5McNACD2EdMdrIBGUfDwggriKE5Uc4w5ry2Wcg3tcP2UQKw4x6JOBUebTkC81KdQXaeFn7XuQmoR986DUtmf9+oWSb0m71Ihb2I3nionXiogk2p2+o5fYL256K5ha1aJvGMyvow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from DS7PR12MB5765.namprd12.prod.outlook.com (2603:10b6:8:74::19) by BN8PR12MB3155.namprd12.prod.outlook.com (2603:10b6:408:97::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.15; Fri, 27 May 2022 22:51:26 +0000 Received: from DS7PR12MB5765.namprd12.prod.outlook.com ([fe80::f87b:a8ba:6ccb:9924]) by DS7PR12MB5765.namprd12.prod.outlook.com ([fe80::f87b:a8ba:6ccb:9924%4]) with mapi id 15.20.5273.023; Fri, 27 May 2022 22:51:26 +0000 X-Gm-Message-State: AOAM531IArbx2Q5ndf8zs2Mdq29fnMg6ZrlAuSUWijDve5eEgzG/yIMp 4sQcsqm+enS+iQABHAvdBzWqGAEF89YPcGdtDEo= X-Google-Smtp-Source: ABdhPJySiFduNC6a+rnKPu0iT/nna8MsAQr+mWfttcrxH7Q3jOF2IRxSDvyR0o5CyLnY9qHUR5HB0NczCTr80wxo2gk= X-Received: by 2002:a67:d488:0:b0:337:ad51:776a with SMTP id g8-20020a67d488000000b00337ad51776amr13211722vsj.80.1653691437405; Fri, 27 May 2022 15:43:57 -0700 (PDT) References: <20220524051017.2244288-1-i@maskray.me> In-Reply-To: <20220524051017.2244288-1-i@maskray.me> From: Fangrui Song Date: Fri, 27 May 2022 15:43:46 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] aarch64: Disallow copy relocations on protected data To: binutils@sourceware.org, Adhemerval Zanella , Szabolcs Nagy , Nick Clifton Content-Type: text/plain; charset="UTF-8" X-TMN: [ZXRJCClEB/QZBxfIVoTOmRo2sbfswN4C] X-ClientProxiedBy: BN9PR03CA0705.namprd03.prod.outlook.com (2603:10b6:408:ef::20) To DS7PR12MB5765.namprd12.prod.outlook.com (2603:10b6:8:74::19) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0c1f5ec7-949d-44a1-a515-08da40336e1e X-MS-TrafficTypeDiagnostic: BN8PR12MB3155:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9m647XtQ5oFySDyNo1vyaAsrimbXd1I3de/4UGC5v5UV5XfP4mT5RrRzUjJ4f8g5LwLu4lcCwRwtMqBj/5rF0kkWmqmKaF/GBUokDwbO1O0vQFENpv0fJSimvR8tt67hdnROLi8zexJ/jQE69FD6yULNv9KNusMih4KVyPoz7OlYHS0XIlfxvFv1O780jwFh/EI+QpOHow8hqDFOebkoYtVHZVltVKoTMyNhEChCQxShWJINtIKpitl5viMFZPp+sPrEcaCjesb2qmU3r075D9/2K/OSittyK0HgSyeY1ufJfO3jeqskyhLG2o8+Bg74PZP/LVdcOP4rKIJCIrotGXZYsBClzbdbrMWQua6iMA9vAnAzOTqDskVU/tGnL0EnfdJZH2F8PC2DM2q58SE0e7C4C3tPQjUZTMymtcJ3vDWvZY4I/OAeURubEaTdpYpeqXOKyqHPxmXCkOr/pJPZSu99mUJzRiK/aoQ2cNb510gaMwSIxnQxb8b9dW4gCl6B09CYITeVKiitNPENPQZGGj8JqmKwNNf2MwZDrkGccUtaN7FTgsKRiYxQB0Ft8BIyyuZw8GUT+bFSkxxcqSLwxvHVsN5b+udgUeSLdgQjGKSkknd3zjcJjbGHrAQpBaNd X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?R0dtL0hyOURUaTRmNm9BYms3TmF5a0U5aEpiTldYcmtIclVtOFA1bmk1anhU?= =?utf-8?B?eTlwdVJpT05SeW83UEhzN1V2b2hwVWp3K0dFR0FFaVZCYWtBUElWNVExdm5t?= =?utf-8?B?ZklCTGdqdHdYc01BZ0ozWGFxcEJvMnN2UHdpaWJ1S3hhckxFY1VYTXozQ1ZI?= =?utf-8?B?OUg1QzlSWTg3NTl2eGgrS3Y1M2ROY2RzS2FSMFhJNUljWTQvbEJHR3NGR1N2?= =?utf-8?B?aWkvc0lCSC9rYkE1MzdBZEk4YXBFR1BDNXhCblBFczRKMFYvam9hUG1NWXdO?= =?utf-8?B?V1NHYzgwOG94VG5SVnpiakxXTnVNM1psa3JYYldybDhkZzlrd2lNRVNEM0dr?= =?utf-8?B?cDZyaGlhYU5YZ1AzMXN1TmlNdnBoN0FjaU9Jd2FjS1B1WXhmMEtjY0dpR2M4?= =?utf-8?B?V2hNdW0yRFhDNDRpdWtyekYzUHE2OWN3aGRtUEFyTmJad2tGUFFtSm5zd29D?= =?utf-8?B?NEswLzg4aTErNGp2WnNaZ0w1QjA5Q1JXN3g3M1AxK1RwYTI0Zm5RRm84S2RC?= =?utf-8?B?a3BIOVhDQlNmcXNUWFEvaVJFUExEeExaUzdGUnU1ZzZxWGFDbmlZUGJHMS9T?= =?utf-8?B?ck84ano5MlppbjhHekc5WmFtWk9sQStWVXhXOStRczl6cFdZb3ZHb0NNU3BL?= =?utf-8?B?QU8zd01sSmd5blVVVHpzdkJlcllIKzArcEwzM25jSmVoTkdLUjZpMWQ2SUhZ?= =?utf-8?B?aSt6M2JnbG9DVXhjbTg1OVkyeW1RQStNNGlLa21ERHpScjJ4aUZzYkJndFpK?= =?utf-8?B?TUVVM2FxSlNEVHl5TlVQMlBlY3hBN1BKTXJvSDJjTHNEeXpPU0ZQZHJRSGty?= =?utf-8?B?RHJyMk9QOFFQOVFad0ZDQWYvQzdXcUo2M1lwQVJzSnpUQ1NXcEhCVldjTEcx?= =?utf-8?B?bmVNMHpkYkxBcGR2TW4wT01nN3FpYlNyQWU2dkZJZFUxSjk2S0pQbjBKaU5k?= =?utf-8?B?QU9qUnp3bitRYmUvVlVndGQ1SEhwUnpaWTJPelZaWGxsakF2WHFoc1UrM21t?= =?utf-8?B?bXQvNk5OOFQzWGphN0tqK2NNd1JPQ21MeHorZVY1dHA3Z0I1S2VXT1o4WjBY?= =?utf-8?B?d1o1WVZpZ0g3RHZzMGpQNUk3L1Jlb1BqRi8vZE9qS0l1VGpDVm1RMEdxN2g5?= =?utf-8?B?clJ6ZDh3Tll4bFBNNmdJcSt0OWVPcjZ2azBjdC9qa1kxZk5NN0xuR0ZKaVgw?= =?utf-8?B?dmQzZjE1T0JPbFUwVlBmck9nd3Z3YTFpMDBXZkJhQVBJYWpHVHBvWXczSE55?= =?utf-8?B?cThSakdTYmsxSWhKNEJtbjI1Wmh4R0VQOGVSeEc0MXZsczIxYUxTNjJ4UEhK?= =?utf-8?B?eXk3empsOGJZVy9zejRESlB1SnNUdFdOTEFzdDVWTndScWRjMnpaWUZoaXAx?= =?utf-8?B?VkNwTDM0N1JuTm4wSGJWOHlQVXBremExQWx3WEpvVzFEckRsbXdaU2dUTU94?= =?utf-8?B?a0FWUk5uVnZaR2R0VFVNTUNOclF6Z09lWTlqMm52eDltTUdHS0trOHBVNGVS?= =?utf-8?B?ZGpIZGNmSktnYjRidVNFY1dwRldUTmQ5RFZ4WGlJelFyRnE1QW4wb1Q4R2tF?= =?utf-8?B?bGFFVWZCdlJabXU2bUIyd1BzajJ2QnJrL2lra040VGRtWEZBa0dsM3FWUFlU?= =?utf-8?B?WXh5SnRWd0trQkcyZ2tZdlRWOTJGMVJrZE0yM2UyWlY3RGZ6aXE2MFM2S3Jw?= =?utf-8?B?WFkyMGQzOWdHNzFTMitLZUVZZy84a3l1b09DeTFuTm13d0dZVURjaWVweTQr?= =?utf-8?B?bmx0TlRwaHo5TjFidmxLMks1MEhLMDNiR0ZCdmlScUtYajhOc3U4K2ZzVGxE?= =?utf-8?B?enJ3V2t6MlBjOVRlUGpUWGl0dU1jTytReTJJSk5vN2UyWng4Z29LT1ZMZmp2?= =?utf-8?B?NVBvZ09NNUJsZDNqTFpuNVR6NVpOLzVGeTBrMDVsVFB4N3c9PQ==?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-71ea3.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 0c1f5ec7-949d-44a1-a515-08da40336e1e X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB5765.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 May 2022 22:51:26.3233 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR12MB3155 X-Spam-Status: No, score=-8.4 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, KAM_INFOUSMEBIZ, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2022 22:51:30 -0000 On Mon, May 23, 2022 at 10:10 PM Fangrui Song wrote: > > The behavior matches ld.lld which has been used on many aarch64 OSes. > > Rationale: copy relocations indicate that the executable and the shared object > would access different copies, if the shared object does not reference the > variable with GLOB_DAT. > > Note: x86 requires GNU_PROPERTY_NO_COPY_ON_PROTECTED to have the error. > This is to largely due to GCC 5's > "x86-64: Optimize access to globals in PIE with copy reloc" which started to use > direct access relocations for external data symbols in -fpie mode. > > GCC's aarch64 port does not have the change. Nowadays with most builds switching > to -fpie/-fpic, aarch64 mostly doesn't need to worry about copy relocations. So > for aarch64 we simply don't check GNU_PROPERTY_NO_COPY_ON_PROTECTED. The diagnostic is requested on https://sourceware.org/pipermail/libc-alpha/2022-May/139014.html > --- > bfd/elfnn-aarch64.c | 28 ++++++++++++++++++- > ld/testsuite/ld-aarch64/aarch64-elf.exp | 9 ++++++ > .../ld-aarch64/copy-reloc-protected.d | 2 ++ > ld/testsuite/ld-aarch64/protected.s | 8 ++++++ > 4 files changed, 46 insertions(+), 1 deletion(-) > create mode 100644 ld/testsuite/ld-aarch64/copy-reloc-protected.d > create mode 100644 ld/testsuite/ld-aarch64/protected.s > > diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c > index 4926bab9cf2..8896b0f78dd 100644 > --- a/bfd/elfnn-aarch64.c > +++ b/bfd/elfnn-aarch64.c > @@ -2579,6 +2579,9 @@ struct elf_aarch64_link_hash_entry > this symbol. */ > unsigned int got_type; > > + /* TRUE if symbol is defined as a protected symbol. */ > + unsigned int def_protected : 1; > + > /* A pointer to the most recently used stub hash entry against this > symbol. */ > struct elf_aarch64_stub_hash_entry *stub_cache; > @@ -2855,9 +2858,16 @@ elfNN_aarch64_copy_indirect_symbol (struct bfd_link_info *info, > static void > elfNN_aarch64_merge_symbol_attribute (struct elf_link_hash_entry *h, > unsigned int st_other, > - bool definition ATTRIBUTE_UNUSED, > + bool definition, > bool dynamic ATTRIBUTE_UNUSED) > { > + if (definition) > + { > + struct elf_aarch64_link_hash_entry *eh > + = (struct elf_aarch64_link_hash_entry *) h; > + eh->def_protected = ELF_ST_VISIBILITY (st_other) == STV_PROTECTED; > + } > + > unsigned int isym_sto = st_other & ~ELF_ST_VISIBILITY (-1); > unsigned int h_sto = h->other & ~ELF_ST_VISIBILITY (-1); > > @@ -8701,6 +8711,22 @@ elfNN_aarch64_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf) > if (h->dyn_relocs == NULL) > return true; > > + for (p = h->dyn_relocs; p != NULL; p = p->next) > + if (eh->def_protected) > + { > + /* Disallow copy relocations against protected symbol. */ > + asection *s = p->sec->output_section; > + if (s != NULL && (s->flags & SEC_READONLY) != 0) > + { > + info->callbacks->einfo > + /* xgettext:c-format */ > + (_ ("%F%P: %pB: copy relocation against non-copyable " > + "protected symbol `%s'\n"), > + p->sec->owner, h->root.root.string); > + return false; > + } > + } > + > /* In the shared -Bsymbolic case, discard space allocated for > dynamic pc-relative relocs against symbols which turn out to be > defined in regular objects. For the normal shared case, discard > diff --git a/ld/testsuite/ld-aarch64/aarch64-elf.exp b/ld/testsuite/ld-aarch64/aarch64-elf.exp > index 64476f111e0..31162277bd9 100644 > --- a/ld/testsuite/ld-aarch64/aarch64-elf.exp > +++ b/ld/testsuite/ld-aarch64/aarch64-elf.exp > @@ -407,6 +407,8 @@ set aarch64elflinktests { > {copy-reloc-exe-2.s} {{objdump -R copy-reloc-2.d}} "copy-reloc-2"} > {"ld-aarch64/exe with copy relocation elimination" "-e0 tmpdir/copy-reloc-so.so" "" "" > {copy-reloc-exe-eliminate.s} {{objdump -R copy-reloc-eliminate.d}} "copy-reloc-elimination"} > + {"Build .so with protected data" "-shared" "" "" {protected.s} > + {} "protected.so"} > {"ld-aarch64/so with global func" "-shared" "" "" {func-in-so.s} > {} "func-in-so.so"} > {"ld-aarch64/func sym hash opt for exe" > @@ -416,8 +418,15 @@ set aarch64elflinktests { > {} "libbti-plt-so.so"} > } > > +set aarch64elfcclinktests [list \ > + [list "copy relocation on protected data" \ > + "-no-pie tmpdir/copy-reloc-exe.o tmpdir/protected.so" "" \ > + {} {{error_output copy-reloc-protected.d}} "copy-reloc-protected"] > +] > + > if [check_shared_lib_support] { > run_ld_link_tests $aarch64elflinktests > + run_cc_link_tests $aarch64elfcclinktests > } > > run_dump_test "bti-plt-3" > diff --git a/ld/testsuite/ld-aarch64/copy-reloc-protected.d b/ld/testsuite/ld-aarch64/copy-reloc-protected.d > new file mode 100644 > index 00000000000..99a356a3df6 > --- /dev/null > +++ b/ld/testsuite/ld-aarch64/copy-reloc-protected.d > @@ -0,0 +1,2 @@ > +.*: tmpdir/copy-reloc-exe.o: copy relocation against non-copyable protected symbol `global_a' > +#... > diff --git a/ld/testsuite/ld-aarch64/protected.s b/ld/testsuite/ld-aarch64/protected.s > new file mode 100644 > index 00000000000..eb3fb402dc4 > --- /dev/null > +++ b/ld/testsuite/ld-aarch64/protected.s > @@ -0,0 +1,8 @@ > +.global global_a > +.protected global_a > +.type global_a, %object > +.size global_a, 4 > + > +.data > +global_a: > +.word 0xcafedead > -- > 2.36 >