x86: Disallow invalid relocation against protected symbol
to allow function pointer reference and make sure that PLT entry isn't
used for function reference due to function pointer reference.
bfd/
PR ld/29087
* elf32-i386.c (elf_i386_scan_relocs): Don't set
pointer_equality_needed nor check non-canonical reference for
function pointer reference.
* elf64-x86-64.c (elf_x86_64_scan_relocs): Likewise.
ld/
PR ld/29087
* testsuite/ld-x86-64/x86-64.exp: Run PR ld/29087 tests.
* testsuite/ld-x86-64/protected-func-3.c: New file.
Stefan Liebler [Thu, 28 Apr 2022 12:30:55 +0000 (14:30 +0200)]
s390: Add DT_JMPREL pointing to .rela.[i]plt with static-pie
In static-pie case, there are IRELATIVE-relocs in
.rela.iplt (htab->irelplt), which will later be grouped
to .rela.plt. On s390, the IRELATIVE relocations are
always located in .rela.iplt - even for non-static case.
Ensure that DT_JMPREL, DT_PLTRELA, DT_PLTRELASZ is added
to the dynamic section even if htab->srelplt->size == 0.
See _bfd_elf_add_dynamic_tags in bfd/elflink.c.
bfd/
elf64-s390.c (elf_s390_size_dynamic_sections):
Enforce DT_JMPREL via htab->elf.dt_jmprel_required.
The last section in a CTF dict is the string table, at an offset
represented by the cth_stroff header field. Its length is recorded in
the next field, cth_strlen, and the two added together are taken as the
size of the CTF dict. Upon opening a dict, we check that none of the
header offsets exceed this size, and we check when uncompressing a
compressed dict that the result of the uncompression is the same length:
but CTF dicts need not be compressed, and short ones are not.
Uncompressed dicts just use the ctf_size without checking it. This
field is thankfully almost unused: it is mostly used when reserializing
a dict, which can't be done to dicts read off disk since they're
read-only.
However, when opening an uncompressed foreign-endian dict we have to
copy it out of the mmaped region it is stored in so we can endian-
swap it, and we use ctf_size when doing that. When the cth_strlen is
corrupt, this can overrun.
Fix this by checking the ctf_size in all uncompressed cases, just as we
already do in the compressed case. Add a new test.
This came to light because various corrupted-CTF raw-asm tests had an
incorrect cth_strlen: fix all of them so they produce the expected
error again.
libctf/
PR libctf/28933
* ctf-open.c (ctf_bufopen_internal): Always check uncompressed
CTF dict sizes against the section size in case the cth_strlen is
corrupt.
Without a -M cpu option given, powerpc objdump defaults currently to
-Mpower10 but -Many is also given. Commit 1ff6a3b8e562 regressed
-Many disassembly of instructions that are encoded differently
depending on cpu, such as mftb which has pre- and post-power4
encodings.
PR 28959
* ppc-dis.c (lookup_powerpc): Revert 2021-05-28 change. Instead
only look at deprecated PPC_OPCODE_RAW bit when -Many.
Alan Modra [Wed, 2 Mar 2022 13:34:57 +0000 (00:04 +1030)]
PowerPC64 DT_RELR relative reloc addresses
Section addresses can change between ppc64_elf_size_stubs and
ppc64_elf_build_stubs due to .eh_frame editing. The idea of stashing
r_offset final addresses calculated in ppc64_elf_size_stubs for use by
ppc64_elf_build_stubs was never a good idea. Instead, we need to keep
section/offset pairs.
* elf64-ppc.c (struct ppc_link_hash_table): Delete relr_addr.
Add relr section/offset array.
(append_relr_off): Rewrite. Update all callers.
(sort_relr): New function.
(ppc64_elf_size_stubs): Adjust to suit new relative reloc stash.
(ppc64_elf_build_stubs): Likewise.
Alan Modra [Wed, 9 Feb 2022 05:51:02 +0000 (16:21 +1030)]
Work around gcc-4 warnings in elf64-ppc.c
elf64-ppc.c: In function 'ppc64_elf_size_dynamic_sections':
elf64-ppc.c:10309:45: error: value computed is not used [-Werror=unused-value]
++lgot_ents, ++lgot_masks, isym != NULL && isym++)
It is of course a silly warning, fixed in later versions of gcc. I
wrote "isym != NULL && isym++" rather than the simpler "isym++" to
stop sanitisers complaining about incrementing a NULL pointer. isym
is of course unused in any code path where it might start off as
NULL. Sometimes you can't win. So don't try to be clever in reading
local symbols only when needed. 99 times out of 100 they will be
cached anyway.
* elf64-ppc.c (ppc64_elf_size_dynamic_sections): Avoid annoying
warnings by always reading local syms.
(ppc64_elf_layout_multitoc): Likewise.
H.J. Lu [Wed, 9 Feb 2022 23:51:22 +0000 (15:51 -0800)]
x86: Disallow invalid relocation against protected symbol
I am checking this into master and will backport it to 2.38 branch.
H.J
----
On x86, GCC 12 supports -mno-direct-extern-access to enable canonical
reference to protected function and disable copy relocation. With
-mno-direct-extern-access, the canonical protected function symbols must
be accessed via canonical reference and the protected data symbols in
shared libraries are non-copyable. Under glibc 2.35, non-canonical
reference to the canonical protected function will get the run-time error:
./y: internal_f: ./libfoo.so: non-canonical reference to canonical protected function
and copy relocations against the non-copyable protected symbols will get
the run-time error:
./x: internal_i: ./libfoo.so: copy relocation against non-copyable protected symbol
Update x86 linker to disallow non-canonical reference to the canonical
protected function:
ld: plt.o: non-canonical reference to canonical protected function `internal_f' in libfoo.so
ld: failed to set dynamic section sizes: bad value
and copy relocation against the non-copyable protected symbol:
ld: main.o: copy relocation against non-copyable protected symbol `internal_i' in libfoo.so
projects / thirdparty / binutils-gdb.git / log
