[PATCH 2/2][Binutils][Arm]: Fix LSB of GOT for Thumb2 only PLT

[PATCH 2/2][Binutils][Arm]: Fix LSB of GOT for Thumb2 only PLT

[Tamar Christina]

[-- Attachment #1: Type: text/plain, Size: 1934 bytes --]

Hi All,

When you have a Thumb only PLT then the address in the GOT for PLT0 needs to
have the Thumb bit set since the instruction used in PLTn to get there is
`ldr.w	pc` which is an inter-working instruction:

the PLT sequence in question is

00000120 <foo@plt>:
 120:	f240 0c98 	movw	ip, #152	; 0x98
 124:	f2c0 0c01 	movt	ip, #1
 128:	44fc      	add	ip, pc
 12a:	f8dc f000 	ldr.w	pc, [ip]
 12e:	e7fc      	b.n	12a <foo@plt+0xa>

Disassembly of section .text:

00000130 <bar>:
 130:	b580      	push	{r7, lr}
 132:	af00      	add	r7, sp, #0
 134:	f7ff fff4 	bl	120 <foo@plt>

and previously the linker would generate

Hex dump of section '.got':
 ...
  0x000101b8 40010100 00000000 00000000 10010000 @...............

Which would make it jump and transition out of thumb mode and crash since you
only have thumb mode on such cores.

Now it correctly generates

Hex dump of section '.got':
 ...
  0x000101b8 40010100 00000000 00000000 11010000 @...............

build on native hardware and regtested on
  arm-none-elf, arm-none-elf (32 bit host),
  arm-none-linux-gnueabihf, arm-none-linux-gnueabihf (32 bit host)

Cross-compiled and regtested on
  arm-none-linux-gnueabihf, armeb-none-elf, arm-wince-pe
and no issues.

However I have not been able to do an execution test since I do not have a way
to actually test this. I am hoping the user who reported it can test it but the
patch is sound based on principles.

Amol would you be able to confirm the patch works on your setup?

Ok for master? and for backport to binutils-2.34?

Thanks,
Tamar

bfd/ChangeLog:

2020-03-30  Tamar Christina  <tamar.christina@arm.com>

	PR ld/16017
	* elf32-arm.c (elf32_arm_populate_plt_entry): Set LSB of the PLT0
	address in the GOT if in thumb only mode.

ld/ChangeLog:

2020-03-30  Tamar Christina  <tamar.christina@arm.com>

	PR ld/16017
	* testsuite/ld-arm/arm-elf.exp (thumb-plt-got): New.
	* testsuite/ld-arm/thumb-plt-got.d: New test.

-- 

[-- Attachment #2: rb12844.patch --]
[-- Type: text/x-diff, Size: 1878 bytes --]

diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
index 0036ff96e593456e602c47775f1695fc0e629ea7..02d43a86195bd527fec24c845c2e925bc5a45346 100644
--- a/bfd/elf32-arm.c
+++ b/bfd/elf32-arm.c
@@ -10001,6 +10001,12 @@ elf32_arm_populate_plt_entry (bfd *output_bfd, struct bfd_link_info *info,
 	      rel.r_info = ELF32_R_INFO (dynindx, R_ARM_JUMP_SLOT);
 	      initial_got_entry = (splt->output_section->vma
 				   + splt->output_offset);
+
+	      /* PR ld/16017
+		 When thumb only we need to set the LSB for any address that
+		 will be used with an interworking branch instruction.  */
+	      if (using_thumb_only (htab))
+		initial_got_entry |= 1;
 	    }
 	}
 
diff --git a/ld/testsuite/ld-arm/arm-elf.exp b/ld/testsuite/ld-arm/arm-elf.exp
index 99a313999e7327fbeb0c344af4a66d2ee73771b6..59e68de800bdcd53b51fd44b28972e53f7f141c8 100644
--- a/ld/testsuite/ld-arm/arm-elf.exp
+++ b/ld/testsuite/ld-arm/arm-elf.exp
@@ -1270,3 +1270,4 @@ run_dump_test "non-contiguous-arm5"
 run_dump_test "non-contiguous-arm6"
 
 run_dump_test "thumb-plt"
+run_dump_test "thumb-plt-got"
diff --git a/ld/testsuite/ld-arm/thumb-plt-got.d b/ld/testsuite/ld-arm/thumb-plt-got.d
new file mode 100644
index 0000000000000000000000000000000000000000..e65aba9e2f8a3129990166c458d7c82306e1af7b
--- /dev/null
+++ b/ld/testsuite/ld-arm/thumb-plt-got.d
@@ -0,0 +1,14 @@
+#source: thumb-plt.s
+#name: Thumb only PLT and GOT LSB Symbol
+#ld: -shared -e0
+#readelf: -rx .got
+#skip: *-*-pe *-*-wince *-*-vxworks armeb-*-* *-*-gnueabihf
+
+Relocation section '.rel.plt' at offset 0x108 contains 1 entry:
+ Offset     Info    Type            Sym.Value  Sym. Name
+000101c4  00000116 R_ARM_JUMP_SLOT   00000000   foo
+
+Hex dump of section '.got':
+ NOTE: This section has relocations against it, but these have NOT been applied to this dump.
+  0x000101b8 40010100 00000000 00000000 11010000 @...............
+

Re: [PATCH 2/2][Binutils][Arm]: Fix LSB of GOT for Thumb2 only PLT

[Nick Clifton]

Hi Tamar,  
> 
> bfd/ChangeLog:
> 
> 2020-03-30  Tamar Christina  <tamar.christina@arm.com>
> 
> 	PR ld/16017
> 	* elf32-arm.c (elf32_arm_populate_plt_entry): Set LSB of the PLT0
> 	address in the GOT if in thumb only mode.
> 
> ld/ChangeLog:
> 
> 2020-03-30  Tamar Christina  <tamar.christina@arm.com>
> 
> 	PR ld/16017
> 	* testsuite/ld-arm/arm-elf.exp (thumb-plt-got): New.
> 	* testsuite/ld-arm/thumb-plt-got.d: New test.
> 

Approved - please apply (mainline and branch).

Cheers
  Nick

Re: [PATCH 2/2][Binutils][Arm]: Fix LSB of GOT for Thumb2 only PLT

[Amol]

Hi Tamar,

On 30/03/2020, Tamar Christina <tamar.christina@arm.com> wrote:
> However I have not been able to do an execution test since I do not have a way
> to actually test this. I am hoping the user who reported it can test it but the
> patch is sound based on principles.
>

The issue was originally reported on Arm's community by a user rgujju [1];
I was just the debugger.

> Amol would you be able to confirm the patch works on your setup?
>

The .got entries for both the binaries
   (a) on the ld/16017, and
   (b) on the setup at [1],
now have the LSB set, where previously they did not.

I tested the setup at [1], but on qemu alone; the control now
successfully jumps to the plt0 stub, where previously it would just crash
attempting that jump.

If it isn't too late, you may want to flag rgujju as the reporter of the bug.
Apologies for any inconvenience caused.

[1] https://community.arm.com/developer/ip-products/processors/f/cortex-m-forum/45919/gcc-does-not-generate-correct-code-while-building-pic

Thanks,
amol

RE: [PATCH 2/2][Binutils][Arm]: Fix LSB of GOT for Thumb2 only PLT

[Tamar Christina]

Hi Amol,

> -----Original Message-----
> From: Amol <suratiamol@gmail.com>
> Sent: Tuesday, March 31, 2020 11:44 AM
> To: Tamar Christina <Tamar.Christina@arm.com>
> Cc: binutils@sourceware.org; nd <nd@arm.com>; Richard Earnshaw
> <Richard.Earnshaw@arm.com>; nickc@redhat.com; Ramana Radhakrishnan
> <Ramana.Radhakrishnan@arm.com>
> Subject: Re: [PATCH 2/2][Binutils][Arm]: Fix LSB of GOT for Thumb2 only PLT
> 
> Hi Tamar,
> 
> On 30/03/2020, Tamar Christina <tamar.christina@arm.com> wrote:
> > However I have not been able to do an execution test since I do not
> > have a way to actually test this. I am hoping the user who reported it
> > can test it but the patch is sound based on principles.
> >
> 
> The issue was originally reported on Arm's community by a user rgujju [1]; I
> was just the debugger.
> 
> > Amol would you be able to confirm the patch works on your setup?
> >
> 
> The .got entries for both the binaries
>    (a) on the ld/16017, and
>    (b) on the setup at [1],
> now have the LSB set, where previously they did not.
> 
> I tested the setup at [1], but on qemu alone; the control now successfully
> jumps to the plt0 stub, where previously it would just crash attempting that
> jump.

Thanks for testing!

> 
> If it isn't too late, you may want to flag rgujju as the reporter of the bug.
> Apologies for any inconvenience caused.
> 
> [1] https://community.arm.com/developer/ip-
> products/processors/f/cortex-m-forum/45919/gcc-does-not-generate-
> correct-code-while-building-pic

Oh..  I didn't even know about this section of community.arm.com.. Thanks for bringing the bug to our attention!

I'll credit rgujju for reporting it.

Thanks,
Tamar
> 
> Thanks,
> amol