From: H.J. Lu <hjl.tools@gmail.com>
Date: Tue, 2 Sep 2025 18:26:57 +0000 (-0700)
Subject: x86: Check plt_got_offset for lazy IBT PLT
X-Git-Tag: gdb-17-branchpoint~65
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aad80d24d29efc2cb5d80f33f7ee127e918ba34f;p=thirdparty%2Fbinutils-gdb.git

x86: Check plt_got_offset for lazy IBT PLT

Lazy IBT PLT entries look like

static const bfd_byte elf_i386_lazy_ibt_plt_entry[LAZY_PLT_ENTRY_SIZE] =
{
  0xf3, 0x0f, 0x1e, 0xfb,       /* endbr32                    */
  0x68, 0, 0, 0, 0,             /* pushl immediate            */
  0xe9, 0, 0, 0, 0,             /* jmp relative               */
  0x66, 0x90                    /* xchg %ax,%ax               */
};

static const bfd_byte elf_x86_64_lazy_ibt_plt_entry[LAZY_PLT_ENTRY_SIZE] =
{
  0xf3, 0x0f, 0x1e, 0xfa,       /* endbr64                    */
  0x68, 0, 0, 0, 0,             /* pushq immediate            */
  0xe9, 0, 0, 0, 0,             /* jmpq relative              */
  0x66, 0x90                    /* xchg %ax,%ax               */
};

They only have

unsigned int plt_reloc_offset;  /* ... offset into relocation table. */

and don't have

unsigned int plt_got_offset;    /* ... address of this symbol in .got. */

We should use plt_reloc_offset, not plt_got_offset, to check IBT PLT.

	PR binutils/33358
	* elf32-i386.c (elf_i386_get_synthetic_symtab): Check
	plt_reloc_offset for lazy IBT PLT.
	* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---

diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index 4b99b8e0202..e375e18d5fe 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -4354,7 +4354,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
 	      if (lazy_ibt_plt != NULL
 		  && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
 			      lazy_ibt_plt->plt_entry,
-			      lazy_ibt_plt->plt_got_offset) == 0))
+			      lazy_ibt_plt->plt_reloc_offset) == 0))
 		plt_type = plt_lazy | plt_second;
 	      else
 		plt_type = plt_lazy;
@@ -4367,7 +4367,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
 	      if (lazy_ibt_plt != NULL
 		  && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
 			      lazy_ibt_plt->pic_plt_entry,
-			      lazy_ibt_plt->plt_got_offset) == 0))
+			      lazy_ibt_plt->plt_reloc_offset) == 0))
 		plt_type = plt_lazy | plt_pic | plt_second;
 	      else
 		plt_type = plt_lazy | plt_pic;
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index 4f0e97c4a9a..00586455203 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -5852,7 +5852,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
 	    {
 	      if (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
 			  lazy_ibt_plt->plt_entry,
-			  lazy_ibt_plt->plt_got_offset) == 0)
+			  lazy_ibt_plt->plt_reloc_offset) == 0)
 		{
 		  /* The fist entry in the lazy IBT PLT is the same as
 		     the lazy PLT.  */
@@ -5874,7 +5874,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
 	      if (memcmp (plt_contents
 			  + lazy_bnd_ibt_plt->plt_entry_size,
 			  lazy_bnd_ibt_plt->plt_entry,
-			  lazy_bnd_ibt_plt->plt_got_offset) == 0)
+			  lazy_bnd_ibt_plt->plt_reloc_offset) == 0)
 		lazy_plt = lazy_bnd_ibt_plt;
 	      else
 		lazy_plt = lazy_bnd_plt;