From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02olkn2091.outbound.protection.outlook.com [40.92.43.91]) by sourceware.org (Postfix) with ESMTPS id C414E38582AC for ; Wed, 1 Jun 2022 06:01:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C414E38582AC Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=maskray.me Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=maskray.me ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xh3d0GZ1LVc2iUMsjB0yDG1DJigPrVq8AOTf/Xdrxtd4tGtxLbKr6bl9RQEjGb6cSQKZ1qGpkcHa5B0en32R959mcXoSXBYtwpA3D15YfU8LnMeqmGlclgtEhSgs2VjaemgGI+UHXMNK7QINVRdOfb5Ki5MCXkYWDpgyryxBfVdaDcuUeUfHDe4zadCtSOgNtwz56uG02n1MEDT2D6r5VWguU8uaoizlej5l3bHiwW0aMnTST9i794JTwlSk1RHcX7kKFGTNlwyfY/L1nU21qNettfdZarLh28HWYmgvgNz47uzt3WWgNbWsyFzkGQeOkW9mj9IrtEDlIkpSeGt2rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b+xpFZlUUwFrn0gXtjmN7Myfaa9tj4nQCSnZeDqmuIQ=; b=RE67TUFXB0n6HGsXASnGxRQbtnp3igH/NRQI79C777o4wkyxDWbeInJGvCH1oqZFMFfBCauLRLrHgplVsiVkSROX3O5FPw29/XFZ90QDlIMOm+tGexP35zp5RJFiMLZNQMFTC/xT9Z0FCPoWuqHrLCp3ODDHAgNCROKY+f9Rim0ejDhuVA206SiqEp88OZy91pKOK+TBz9IY1uhS6korsDmTm5f/RZNJn96TvA7aotMQiGXpv+HlCCC5lK+poIL/nV40qVtV7rH+YVV09bhn0iT/jZI9us+xPoOp3ZVU1t1j6DkwZWgbndTBZzywb7hNf3uqysSYErUwtudEtmufoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from DS7PR12MB5765.namprd12.prod.outlook.com (2603:10b6:8:74::19) by DM4PR12MB5327.namprd12.prod.outlook.com (2603:10b6:5:39e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Wed, 1 Jun 2022 06:01:35 +0000 Received: from DS7PR12MB5765.namprd12.prod.outlook.com ([fe80::f87b:a8ba:6ccb:9924]) by DS7PR12MB5765.namprd12.prod.outlook.com ([fe80::f87b:a8ba:6ccb:9924%5]) with mapi id 15.20.5293.019; Wed, 1 Jun 2022 06:01:34 +0000 X-Gm-Message-State: AOAM530myTmQoJ5d9AnzsXYYmkwPh3lJ52EAjTVxLHozFuKwo2dUIkt2 0ZobEL9WhTlTPyi0yfMHpgzP+EnLNDLHhs7dlfc= X-Google-Smtp-Source: ABdhPJxrdm1NNfz34YktWfa/ydRjOLn1PoRc/tuRvJ1orwfAGSKrK3+14yeseucXZ6XZ6pBiRpJDWKxUqpzbaf28c8A= X-Received: by 2002:a5b:c84:0:b0:650:ace:b007 with SMTP id i4-20020a5b0c84000000b006500aceb007mr41543562ybq.649.1654062792789; Tue, 31 May 2022 22:53:12 -0700 (PDT) References: <20220524051017.2244288-1-i@maskray.me> In-Reply-To: From: Fangrui Song Date: Tue, 31 May 2022 22:53:01 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: PING: [PATCH] aarch64: Disallow copy relocations on protected data To: binutils@sourceware.org, Adhemerval Zanella , Szabolcs Nagy , Nick Clifton Content-Type: text/plain; charset="UTF-8" X-TMN: [cPV0INfnrFT+/sDpOf6Gv7ojgqnWnva2] X-ClientProxiedBy: SA9PR10CA0018.namprd10.prod.outlook.com (2603:10b6:806:a7::23) To DS7PR12MB5765.namprd12.prod.outlook.com (2603:10b6:8:74::19) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8e649866-3edd-43f6-c6bd-08da43942edf X-MS-TrafficTypeDiagnostic: DM4PR12MB5327:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kSiYDivzBEvIKV3KTfixY44Tu94q6WnqWrXHOqgHBVnmRaSCoewE1xEw+JcnBMNuokPz3s5REmE215CT0m7evX8Lu9QgXLRp2vIoV17uZrC5KDAH/vf6g3j9HDJb6s9RW7fEuuETL7eKDgTZ42+0Fs85829XgxCEn/lKtgNclSE+55cQadRGK41D2GKg+0e2PcJHxaEhZ09UzW7Ewg2UzoeCk5KDW9ukJp14icpn6OpUyelsxkF1dhUyTJMz5UJAc8SYWnyaHBbmuFIxX55vKl3GoOEmy4LD+FjuYlP5Zu2YXzY0F6mFP73EPKNf2HWIbBrjoxFU/fsb6/RmjGs+BK95828coS/kSzB96hDHo45LqOsfI0y78Hd0e9vRvdfcAFYrMJyS79000Cmiai1UX5K6sCVak1RpfUHFr+5UMsiGv5WlwlwIw7vkfrEcvH1RsK12a9z3wwIHdrn9h5moBYyiMJtJLAKEQ93FBngKEkEKIe9fD4afvCDAhXAEAOAxIHMplbSrIOtz+lSSFGglatZxEj4Si48bIgfwVKXESSyQdmQQSITzvjTI0bFfSZCfjR4T7DChE/f7J+1IADd4VPGTyfI7Wt/g76aTbNuf4UDvN/DABuiAQk4hhXd8Iybv X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?QWNMbnIxRXdDNXZTQ0ovenNwWldvQlZvVjBaLzRySUlwcTZpNVJ6bjZ3T29n?= =?utf-8?B?ZCtUUmI4bXIzS3RIR2c0MTBVM0VaWGpSL1d0WjJhNjFIanNLeEd0Z09lQkJT?= =?utf-8?B?MGJzVVZrMVhzSERJS3B6RGlhREk2NzE2MDlyWTQxb0F1Tnd0K1UvNG1GL0xV?= =?utf-8?B?YzV3UjE4MURGeFRETkxDNFVqUGtYZmRGTWlZNVBvK1hjekQ1UFNQMFhURjVp?= =?utf-8?B?bDUyai9CUGtTRmRtRW94Wk9YOEszcnJtbS9rSUFBdmdNUDNMdFdZb1ZDN21w?= =?utf-8?B?UG05YmNaa1FJTHBxVHlEVCtBZDlHQXRjZDlyK2FZSFUvUnFOVXFzSUxZaFpQ?= =?utf-8?B?cEdSWTNuRG4xWXRocVFhcHJxU1RiTVY1Q0hlekpEei9vSmlZTzY1Sm11OW9v?= =?utf-8?B?STczNWhmaUw5N2x2S2RLVk9VZkpSYkc2eFBwMGxySW1Wb0FOcmFFTS9wMTZV?= =?utf-8?B?SDMzazNnNWZrK2RQVXhuSHVDQjVpTnIxcGlSR3BLU0JlQStSVjNGK3F2ejRF?= =?utf-8?B?MFVDQ1dOb2krSjc0SE55cFVWQm91bHhqbnZRdE56RHE2b0poUlRFdmd4Vncx?= =?utf-8?B?bmJkSm9wMU1jdE9FNXd4NzhocDFzZzBGSU1YakxrYjh4L3lyQW81SjYrRVJE?= =?utf-8?B?ZmRsQUpJc3RDeVNhem55VHdTQUdaa1pTcWFpQ1hJWUdDYnk4NVV1S2Z0ZDlP?= =?utf-8?B?K2x3QTdwTE05ZmFvT2xUOU5XZEhlV3NQQ3ZncWRVZHJUS0JuMUpoaXR2K2kw?= =?utf-8?B?eGcvcGhDeS9BTGtQSUJOcTJkdFZHdHQrdnc3YmoxRHJFYWIvYloyVXV6aWMz?= =?utf-8?B?cWFEV1hIcUQ0Zm1qZU80RVl3L01qWUJlQkpqbXFDTzRtMS9Fd3M2bTIxOTJU?= =?utf-8?B?MUNPMENWcHhaakEvamtrejhMRlNQUkMrVXhkcFpjdWM2YkhUVW1kT0xDYzVo?= =?utf-8?B?ang4UWdxdFJhdmpmUGsweCtuREJid1hFNnd2NzZZaUgwNHNoT0J2azZ1WTdF?= =?utf-8?B?UjlGY1ZsSzZhbXB5QWhhM3FmbXg2OWF0NVdZc21xRTZDL2VzV09DbUtUazh4?= =?utf-8?B?b2NuTEJSTFpEWXF3UFYzYUtEUXZTVkNHTEo1bDJtRnBlNDgwaXU0amUrSGRS?= =?utf-8?B?ZHZQTjIyYTcrRitxcm50UmFoYkU5QXdSSXdGV09tNU91YXNkVmdCbzl3T0NH?= =?utf-8?B?anJPMWJ0QW1uL0pRUFYzQXIyVVh4b1JVbm9ZMGNVUVdmZVk5bStqYXhnbnhs?= =?utf-8?B?TjhBaElNRzRjVVNyaU5EZmppWEFhbndubWY1RVNpU2NRVnRIL2xyNjh0UkJo?= =?utf-8?B?SERITTA0Y1cwMENQVitBVWM4UnhNUkdSa09aMlpiV0U1cXRLWE9IZ2RmMW1a?= =?utf-8?B?d3h2YkNnSnV2VXROYkZ5NmViSEpIU0pWS2ZkMW5QeDNYMVF2aWNSN3dpalhN?= =?utf-8?B?SU5DODVERitZYmJna1V2NzBsZGN4UFBUZXIzN2Fxc2w5WTFnQzlaWUczdVpK?= =?utf-8?B?K2pKL2Z4V1NXT2o2cGJjV0RVNUw5R3FTNXJ5S3RoRXlSNnloc1d6TjhzNzdj?= =?utf-8?B?Q28ydThac0FvWlBTd2NmSUk5R0lYU1lmWW5kV0p1Ry90YzZwNThnZ2FVdXkv?= =?utf-8?B?bm42amFDd3F2bUdRYTM4dWx4SXF0VGtNTW1LN2thY1NFWS9GV2dsSEVqVWkr?= =?utf-8?B?M09tRFEycDZlN1p4OExINVdwS0EzVDM0dUZMQmtlNlEvS2tOcGdFZ3ZtYVd5?= =?utf-8?B?MndlU01oWGUzbWF1TEpBNkh0N1htRFIrQjNJbVBUQ2VXczBJOTdLNVR2cERh?= =?utf-8?B?ZERnR20wb2k1b3BWOFVvVi90MHdGUFdUU0Vhd0oxcVRzbGY1WmJ2QkVQemYw?= =?utf-8?B?ZTdOQVVISllROVZxdUQxb25rWGNWOWNMNWlvQUJHeDU3bGc9PQ==?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-5183d.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 8e649866-3edd-43f6-c6bd-08da43942edf X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB5765.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2022 06:01:34.8859 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5327 X-Spam-Status: No, score=-9.8 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, KAM_INFOUSMEBIZ, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2022 06:01:40 -0000 On Fri, May 27, 2022 at 3:43 PM Fangrui Song wrote: > > On Mon, May 23, 2022 at 10:10 PM Fangrui Song wrote: > > > > The behavior matches ld.lld which has been used on many aarch64 OSes. > > > > Rationale: copy relocations indicate that the executable and the shared object > > would access different copies, if the shared object does not reference the > > variable with GLOB_DAT. > > > > Note: x86 requires GNU_PROPERTY_NO_COPY_ON_PROTECTED to have the error. > > This is to largely due to GCC 5's > > "x86-64: Optimize access to globals in PIE with copy reloc" which started to use > > direct access relocations for external data symbols in -fpie mode. > > > > GCC's aarch64 port does not have the change. Nowadays with most builds switching > > to -fpie/-fpic, aarch64 mostly doesn't need to worry about copy relocations. So > > for aarch64 we simply don't check GNU_PROPERTY_NO_COPY_ON_PROTECTED. > > The diagnostic is requested on > https://sourceware.org/pipermail/libc-alpha/2022-May/139014.html > > > --- > > bfd/elfnn-aarch64.c | 28 ++++++++++++++++++- > > ld/testsuite/ld-aarch64/aarch64-elf.exp | 9 ++++++ > > .../ld-aarch64/copy-reloc-protected.d | 2 ++ > > ld/testsuite/ld-aarch64/protected.s | 8 ++++++ > > 4 files changed, 46 insertions(+), 1 deletion(-) > > create mode 100644 ld/testsuite/ld-aarch64/copy-reloc-protected.d > > create mode 100644 ld/testsuite/ld-aarch64/protected.s > > > > diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c > > index 4926bab9cf2..8896b0f78dd 100644 > > --- a/bfd/elfnn-aarch64.c > > +++ b/bfd/elfnn-aarch64.c > > @@ -2579,6 +2579,9 @@ struct elf_aarch64_link_hash_entry > > this symbol. */ > > unsigned int got_type; > > > > + /* TRUE if symbol is defined as a protected symbol. */ > > + unsigned int def_protected : 1; > > + > > /* A pointer to the most recently used stub hash entry against this > > symbol. */ > > struct elf_aarch64_stub_hash_entry *stub_cache; > > @@ -2855,9 +2858,16 @@ elfNN_aarch64_copy_indirect_symbol (struct bfd_link_info *info, > > static void > > elfNN_aarch64_merge_symbol_attribute (struct elf_link_hash_entry *h, > > unsigned int st_other, > > - bool definition ATTRIBUTE_UNUSED, > > + bool definition, > > bool dynamic ATTRIBUTE_UNUSED) > > { > > + if (definition) > > + { > > + struct elf_aarch64_link_hash_entry *eh > > + = (struct elf_aarch64_link_hash_entry *) h; > > + eh->def_protected = ELF_ST_VISIBILITY (st_other) == STV_PROTECTED; > > + } > > + > > unsigned int isym_sto = st_other & ~ELF_ST_VISIBILITY (-1); > > unsigned int h_sto = h->other & ~ELF_ST_VISIBILITY (-1); > > > > @@ -8701,6 +8711,22 @@ elfNN_aarch64_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf) > > if (h->dyn_relocs == NULL) > > return true; > > > > + for (p = h->dyn_relocs; p != NULL; p = p->next) > > + if (eh->def_protected) > > + { > > + /* Disallow copy relocations against protected symbol. */ > > + asection *s = p->sec->output_section; > > + if (s != NULL && (s->flags & SEC_READONLY) != 0) > > + { > > + info->callbacks->einfo > > + /* xgettext:c-format */ > > + (_ ("%F%P: %pB: copy relocation against non-copyable " > > + "protected symbol `%s'\n"), > > + p->sec->owner, h->root.root.string); > > + return false; > > + } > > + } > > + > > /* In the shared -Bsymbolic case, discard space allocated for > > dynamic pc-relative relocs against symbols which turn out to be > > defined in regular objects. For the normal shared case, discard > > diff --git a/ld/testsuite/ld-aarch64/aarch64-elf.exp b/ld/testsuite/ld-aarch64/aarch64-elf.exp > > index 64476f111e0..31162277bd9 100644 > > --- a/ld/testsuite/ld-aarch64/aarch64-elf.exp > > +++ b/ld/testsuite/ld-aarch64/aarch64-elf.exp > > @@ -407,6 +407,8 @@ set aarch64elflinktests { > > {copy-reloc-exe-2.s} {{objdump -R copy-reloc-2.d}} "copy-reloc-2"} > > {"ld-aarch64/exe with copy relocation elimination" "-e0 tmpdir/copy-reloc-so.so" "" "" > > {copy-reloc-exe-eliminate.s} {{objdump -R copy-reloc-eliminate.d}} "copy-reloc-elimination"} > > + {"Build .so with protected data" "-shared" "" "" {protected.s} > > + {} "protected.so"} > > {"ld-aarch64/so with global func" "-shared" "" "" {func-in-so.s} > > {} "func-in-so.so"} > > {"ld-aarch64/func sym hash opt for exe" > > @@ -416,8 +418,15 @@ set aarch64elflinktests { > > {} "libbti-plt-so.so"} > > } > > > > +set aarch64elfcclinktests [list \ > > + [list "copy relocation on protected data" \ > > + "-no-pie tmpdir/copy-reloc-exe.o tmpdir/protected.so" "" \ > > + {} {{error_output copy-reloc-protected.d}} "copy-reloc-protected"] > > +] > > + > > if [check_shared_lib_support] { > > run_ld_link_tests $aarch64elflinktests > > + run_cc_link_tests $aarch64elfcclinktests > > } > > > > run_dump_test "bti-plt-3" > > diff --git a/ld/testsuite/ld-aarch64/copy-reloc-protected.d b/ld/testsuite/ld-aarch64/copy-reloc-protected.d > > new file mode 100644 > > index 00000000000..99a356a3df6 > > --- /dev/null > > +++ b/ld/testsuite/ld-aarch64/copy-reloc-protected.d > > @@ -0,0 +1,2 @@ > > +.*: tmpdir/copy-reloc-exe.o: copy relocation against non-copyable protected symbol `global_a' > > +#... > > diff --git a/ld/testsuite/ld-aarch64/protected.s b/ld/testsuite/ld-aarch64/protected.s > > new file mode 100644 > > index 00000000000..eb3fb402dc4 > > --- /dev/null > > +++ b/ld/testsuite/ld-aarch64/protected.s > > @@ -0,0 +1,8 @@ > > +.global global_a > > +.protected global_a > > +.type global_a, %object > > +.size global_a, 4 > > + > > +.data > > +global_a: > > +.word 0xcafedead > > -- > > 2.36 > > Ping