public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/31218] New: PLT rewrite doesn't work on unrelocated definition
@ 2024-01-06 17:06 hjl.tools at gmail dot com
  2024-01-06 18:59 ` [Bug dynamic-link/31218] " hjl.tools at gmail dot com
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2024-01-06 17:06 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=31218

            Bug ID: 31218
           Summary: PLT rewrite doesn't work on unrelocated definition
           Product: glibc
           Version: 2.39
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: hjl.tools at gmail dot com
                CC: goldstein.w.n at gmail dot com
  Target Milestone: ---
            Target: x86-64

When a R_X86_64_JUMP_SLOT relocation is resolved to the unrelocated object,
PLT rewrite will write the wrong address to PLT entry if the definition in
the unrelocated object will be updated by IFUNC relocation later.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug dynamic-link/31218] PLT rewrite doesn't work on unrelocated definition
  2024-01-06 17:06 [Bug dynamic-link/31218] New: PLT rewrite doesn't work on unrelocated definition hjl.tools at gmail dot com
@ 2024-01-06 18:59 ` hjl.tools at gmail dot com
  2024-01-06 22:07 ` [Bug dynamic-link/31218] PLT rewrite overflows large displacement on x32 hjl.tools at gmail dot com
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2024-01-06 18:59 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=31218

--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
IFUNC is fine.  The problem is with x32.  On x32, PLT rewrite generates:

   0xf7fbe060 <+0>:     jmp    0x401030
   0xf7fbe065 <+5>:     int3
   0xf7fbe066 <+6>:     int3
   0xf7fbe067 <+7>:     int3
   0xf7fbe068 <+8>:     int3
   0xf7fbe069 <+9>:     int3
   0xf7fbe06a <+10>:    int3
   0xf7fbe06b <+11>:    int3
   0xf7fbe06c <+12>:    int3
   0xf7fbe06d <+13>:    int3
   0xf7fbe06e <+14>:    int3
   0xf7fbe06f <+15>:    int3

0xf7fbe060 + 0x401030 overflows.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug dynamic-link/31218] PLT rewrite overflows large displacement on x32
  2024-01-06 17:06 [Bug dynamic-link/31218] New: PLT rewrite doesn't work on unrelocated definition hjl.tools at gmail dot com
  2024-01-06 18:59 ` [Bug dynamic-link/31218] " hjl.tools at gmail dot com
@ 2024-01-06 22:07 ` hjl.tools at gmail dot com
  2024-01-06 22:26 ` cvs-commit at gcc dot gnu.org
  2024-01-06 22:26 ` hjl.tools at gmail dot com
  3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2024-01-06 22:07 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=31218

H.J. Lu <hjl.tools at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|PLT rewrite doesn't work on |PLT rewrite overflows large
                   |unrelocated definition      |displacement on x32

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug dynamic-link/31218] PLT rewrite overflows large displacement on x32
  2024-01-06 17:06 [Bug dynamic-link/31218] New: PLT rewrite doesn't work on unrelocated definition hjl.tools at gmail dot com
  2024-01-06 18:59 ` [Bug dynamic-link/31218] " hjl.tools at gmail dot com
  2024-01-06 22:07 ` [Bug dynamic-link/31218] PLT rewrite overflows large displacement on x32 hjl.tools at gmail dot com
@ 2024-01-06 22:26 ` cvs-commit at gcc dot gnu.org
  2024-01-06 22:26 ` hjl.tools at gmail dot com
  3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-01-06 22:26 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=31218

--- Comment #2 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9afc265a4a0f4ba658d7f71c9602a3fda3538e

commit 0f9afc265a4a0f4ba658d7f71c9602a3fda3538e
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Sat Jan 6 14:03:37 2024 -0800

    x32: Handle displacement overflow in PLT rewrite [BZ #31218]

    PLT rewrite calculated displacement with

    ElfW(Addr) disp = value - branch_start - JMP32_INSN_SIZE;

    On x32, displacement from 0xf7fbe060 to 0x401030 was calculated as

    unsigned int disp = 0x401030 - 0xf7fbe060 - 5;

    with disp == 0x8442fcb and caused displacement overflow. The PLT entry
    was changed to:

    0xf7fbe060 <+0>:        e9 cb 2f 44 08          jmp    0x401030
    0xf7fbe065 <+5>:        cc                      int3
    0xf7fbe066 <+6>:        cc                      int3
    0xf7fbe067 <+7>:        cc                      int3
    0xf7fbe068 <+8>:        cc                      int3
    0xf7fbe069 <+9>:        cc                      int3
    0xf7fbe06a <+10>:       cc                      int3
    0xf7fbe06b <+11>:       cc                      int3
    0xf7fbe06c <+12>:       cc                      int3
    0xf7fbe06d <+13>:       cc                      int3
    0xf7fbe06e <+14>:       cc                      int3
    0xf7fbe06f <+15>:       cc                      int3

    x32 has 32-bit address range, but it doesn't wrap address around at 4GB,
    JMP target was changed to 0x100401030 (0xf7fbe060LL + 0x8442fcbLL + 5),
    which is above 4GB.

    Always use uint64_t to calculate displacement.  This fixes BZ #31218.
    Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug dynamic-link/31218] PLT rewrite overflows large displacement on x32
  2024-01-06 17:06 [Bug dynamic-link/31218] New: PLT rewrite doesn't work on unrelocated definition hjl.tools at gmail dot com
                   ` (2 preceding siblings ...)
  2024-01-06 22:26 ` cvs-commit at gcc dot gnu.org
@ 2024-01-06 22:26 ` hjl.tools at gmail dot com
  3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2024-01-06 22:26 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=31218

H.J. Lu <hjl.tools at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |2.39
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from H.J. Lu <hjl.tools at gmail dot com> ---
Fixed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-01-06 22:26 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-06 17:06 [Bug dynamic-link/31218] New: PLT rewrite doesn't work on unrelocated definition hjl.tools at gmail dot com
2024-01-06 18:59 ` [Bug dynamic-link/31218] " hjl.tools at gmail dot com
2024-01-06 22:07 ` [Bug dynamic-link/31218] PLT rewrite overflows large displacement on x32 hjl.tools at gmail dot com
2024-01-06 22:26 ` cvs-commit at gcc dot gnu.org
2024-01-06 22:26 ` hjl.tools at gmail dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).