From: H.J. Lu <hjl.tools@gmail.com>
Date: Mon, 26 Mar 2018 10:57:01 +0000 (-0700)
Subject: x86-64: Add ENDBR64 to the TLSDESC PLT entry
X-Git-Tag: users/ARM/embedded-binutils-2_30-branch-2018q2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=963e88c631ad5878d70d055fd8597c83279efe66;p=thirdparty%2Fbinutils-gdb.git

x86-64: Add ENDBR64 to the TLSDESC PLT entry

The TLSDESC entry in a lazy procedure linkage table is called indirectly
with "callq *(%rax)".  This patch adds an ENDBR64 to support indirect
branch tracking in Intel CET.  The TLSDESC PLT entry now looks like:

0xf3, 0x0f, 0x1e, 0xfa,  /* endbr64             */
0xff, 0x35, 8, 0, 0, 0,  /* pushq GOT+8(%rip)   */
0xff, 0x25, 16, 0, 0, 0  /* jmpq *GOT+TDG(%rip)  */

The BND prefix isn't needed since MPX isn't used for TLSDESC.

bfd/

	PR ld/23000
	* elf64-x86-64.c (elf_x86_64_finish_dynamic_sections): Add
	ENDBR64 to the TLSDESC PLT entry.

ld/

	PR ld/23000
	* testsuite/ld-x86-64/tlsdesc.pd: Updated.

(cherry picked from commit bf54968b128a2133174d81c438d402ecfaf83042)
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 3c9e08beecb..b6b05ecf103 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,12 @@
+2018-03-26  H.J. Lu  <hongjiu.lu@intel.com>
+
+	Backport from master branch
+	2018-03-25  H.J. Lu  <hongjiu.lu@intel.com>
+
+	PR ld/23000
+	* elf64-x86-64.c (elf_x86_64_finish_dynamic_sections): Add
+	ENDBR64 to the TLSDESC PLT entry.
+
 2018-03-21  Alan Modra  <amodra@gmail.com>
 
 	Apply from master
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index ba4f47bff46..30e07c4ef4b 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -4393,15 +4393,23 @@ elf_x86_64_finish_dynamic_sections (bfd *output_bfd,
 
       if (htab->tlsdesc_plt)
 	{
+	  /* The TLSDESC entry in a lazy procedure linkage table.  */
+	  static const bfd_byte tlsdesc_plt_entry[LAZY_PLT_ENTRY_SIZE] =
+	    {
+	      0xf3, 0x0f, 0x1e, 0xfa,	/* endbr64		*/
+	      0xff, 0x35, 8, 0, 0, 0,	/* pushq GOT+8(%rip)	*/
+	      0xff, 0x25, 16, 0, 0, 0	/* jmpq *GOT+TDG(%rip)	*/
+	    };
+
 	  bfd_put_64 (output_bfd, (bfd_vma) 0,
 		      htab->elf.sgot->contents + htab->tlsdesc_got);
 
 	  memcpy (htab->elf.splt->contents + htab->tlsdesc_plt,
-		  htab->lazy_plt->plt0_entry,
-		  htab->lazy_plt->plt0_entry_size);
+		  tlsdesc_plt_entry, LAZY_PLT_ENTRY_SIZE);
 
-	  /* Add offset for pushq GOT+8(%rip), since the
-	     instruction uses 6 bytes subtract this value.  */
+	  /* Add offset for pushq GOT+8(%rip), since ENDBR64 uses 4
+	     bytes and the instruction uses 6 bytes, subtract these
+	     values.  */
 	  bfd_put_32 (output_bfd,
 		      (htab->elf.sgotplt->output_section->vma
 		       + htab->elf.sgotplt->output_offset
@@ -4409,14 +4417,13 @@ elf_x86_64_finish_dynamic_sections (bfd *output_bfd,
 		       - htab->elf.splt->output_section->vma
 		       - htab->elf.splt->output_offset
 		       - htab->tlsdesc_plt
-		       - 6),
+		       - 4 - 6),
 		      (htab->elf.splt->contents
 		       + htab->tlsdesc_plt
-		       + htab->lazy_plt->plt0_got1_offset));
-	  /* Add offset for the PC-relative instruction accessing
-	     GOT+TDG, where TDG stands for htab->tlsdesc_got,
-	     subtracting the offset to the end of that
-	     instruction.  */
+		       + 4 + 2));
+	  /* Add offset for indirect branch via GOT+TDG, where TDG
+	     stands for htab->tlsdesc_got, subtracting the offset
+	     to the end of that instruction.  */
 	  bfd_put_32 (output_bfd,
 		      (htab->elf.sgot->output_section->vma
 		       + htab->elf.sgot->output_offset
@@ -4424,10 +4431,9 @@ elf_x86_64_finish_dynamic_sections (bfd *output_bfd,
 		       - htab->elf.splt->output_section->vma
 		       - htab->elf.splt->output_offset
 		       - htab->tlsdesc_plt
-		       - htab->lazy_plt->plt0_got2_insn_end),
+		       - 4 - 6 - 6),
 		      (htab->elf.splt->contents
-		       + htab->tlsdesc_plt
-		       + htab->lazy_plt->plt0_got2_offset));
+		       + htab->tlsdesc_plt + 4 + 6 + 2));
 	}
     }
 
diff --git a/ld/ChangeLog b/ld/ChangeLog
index 61230789bc8..05223f4a534 100644
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,11 @@
+2018-03-26  H.J. Lu  <hongjiu.lu@intel.com>
+
+	Backport from master branch
+	2018-03-25  H.J. Lu  <hongjiu.lu@intel.com>
+
+	PR ld/23000
+	* testsuite/ld-x86-64/tlsdesc.pd: Updated.
+
 2018-03-20  Roland McGrath  <mcgrathr@google.com>
 
 	* testsuite/ld-elf/elf.exp (pr20995-2): XFAIL on aarch64*-*-elf*,
diff --git a/ld/testsuite/ld-x86-64/tlsdesc.pd b/ld/testsuite/ld-x86-64/tlsdesc.pd
index 0fa36f32739..08b4fa3aef9 100644
--- a/ld/testsuite/ld-x86-64/tlsdesc.pd
+++ b/ld/testsuite/ld-x86-64/tlsdesc.pd
@@ -13,7 +13,7 @@ Disassembly of section .plt:
  [0-9a-f]+:	ff 35 .. .. 20 00    	pushq  .*\(%rip\)        # 201358 <_GLOBAL_OFFSET_TABLE_\+0x8>
  [0-9a-f]+:	ff 25 .. .. 20 00    	jmpq   \*.*\(%rip\)        # 201360 <_GLOBAL_OFFSET_TABLE_\+0x10>
  [0-9a-f]+:	0f 1f 40 00          	nopl   0x0\(%rax\)
+ [0-9a-f]+:	f3 0f 1e fa          	endbr64 
  [0-9a-f]+:	ff 35 .. .. 20 00    	pushq  .*\(%rip\)        # 201358 <_GLOBAL_OFFSET_TABLE_\+0x8>
  [0-9a-f]+:	ff 25 .. .. 20 00    	jmpq   \*.*\(%rip\)        # 201348 <.*>
- [0-9a-f]+:	0f 1f 40 00          	nopl   0x0\(%rax\)