From 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Tue, 30 Sep 2025 08:18:29 +0800 Subject: [PATCH] x86: Disallow TLS relocation in non executable section Since TLS relocations are applied to executable machine instructions, disallow TLS relocation in non-SHT_PROGBITS, non-SHF_EXECINSTR section. PR ld/33451 PR ld/33502 * elf32-i386.c (elf_i386_tls_transition): Disallow TLS relocation in non-SHT_PROGBITS, non-SHF_EXECINSTR section. (elf_i386_scan_relocs): Likewise. * elf64-x86-64.c (elf_x86_64_tls_transition): Likewise. (elf_x86_64_scan_relocs): Likewise. * elfxx-x86.c (_bfd_x86_elf_link_report_tls_invalid_section_error): New. * elfxx-x86.h (_bfd_x86_elf_link_report_tls_invalid_section_error): Likewise. Signed-off-by: H.J. Lu --- bfd/elf32-i386.c | 19 +++++++++++++++++++ bfd/elf64-x86-64.c | 20 ++++++++++++++++++++ bfd/elfxx-x86.c | 20 ++++++++++++++++++++ bfd/elfxx-x86.h | 4 ++++ 4 files changed, 63 insertions(+) diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c index 507a0762aff..0d60eded701 100644 --- a/bfd/elf32-i386.c +++ b/bfd/elf32-i386.c @@ -1166,6 +1166,15 @@ elf_i386_tls_transition (struct bfd_link_info *info, bfd *abfd, return true; } + if ((elf_section_type (sec) != SHT_PROGBITS + || (sec->flags & SEC_CODE) == 0)) + { + reloc_howto_type *howto = elf_i386_rtype_to_howto (from_type); + _bfd_x86_elf_link_report_tls_invalid_section_error + (abfd, sec, symtab_hdr, h, sym, howto); + return false; + } + /* Return TRUE if there is no transition. */ if (from_type == to_type) return true; @@ -1733,6 +1742,16 @@ elf_i386_scan_relocs (bfd *abfd, tls_type = GOT_TLS_IE_POS; break; } + if (tls_type >= GOT_TLS_GD + && tls_type <= GOT_TLS_GDESC + && (elf_section_type (sec) != SHT_PROGBITS + || (sec->flags & SEC_CODE) == 0)) + { + _bfd_x86_elf_link_report_tls_invalid_section_error + (abfd, sec, symtab_hdr, h, isym, howto); + goto error_return; + } + if (h != NULL) { h->got.refcount = 1; diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c index 620b6a380cd..59b43149897 100644 --- a/bfd/elf64-x86-64.c +++ b/bfd/elf64-x86-64.c @@ -1626,6 +1626,16 @@ elf_x86_64_tls_transition (struct bfd_link_info *info, bfd *abfd, return true; } + if ((elf_section_type (sec) != SHT_PROGBITS + || (sec->flags & SEC_CODE) == 0)) + { + reloc_howto_type *howto = elf_x86_64_rtype_to_howto (abfd, + from_type); + _bfd_x86_elf_link_report_tls_invalid_section_error + (abfd, sec, symtab_hdr, h, sym, howto); + return false; + } + /* Return TRUE if there is no transition. */ if (from_type == to_type || (from_type == R_X86_64_CODE_4_GOTTPOFF @@ -2757,6 +2767,16 @@ need_got: break; } + if (tls_type >= GOT_TLS_GD + && tls_type <= GOT_TLS_GDESC + && (elf_section_type (sec) != SHT_PROGBITS + || (sec->flags & SEC_CODE) == 0)) + { + _bfd_x86_elf_link_report_tls_invalid_section_error + (abfd, sec, symtab_hdr, h, isym, howto); + goto error_return; + } + if (h != NULL) { h->got.refcount = 1; diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c index 0d389968c91..d8c653a9ad2 100644 --- a/bfd/elfxx-x86.c +++ b/bfd/elfxx-x86.c @@ -3365,6 +3365,26 @@ _bfd_x86_elf_link_report_tls_transition_error bfd_set_error (bfd_error_bad_value); } +/* Report TLS invalid section error. */ + +void +_bfd_x86_elf_link_report_tls_invalid_section_error + (bfd *abfd, asection *sec, Elf_Internal_Shdr *symtab_hdr, + struct elf_link_hash_entry *h, Elf_Internal_Sym *sym, + reloc_howto_type *howto) +{ + const char *name; + if (h) + name = h->root.root.string; + else + name = bfd_elf_sym_name (abfd, symtab_hdr, sym, NULL); + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: relocation %s against thread local symbol `%s' in " + "invalid section `%pA'"), abfd, howto->name, name, sec); + bfd_set_error (bfd_error_bad_value); +} + /* Return TRUE if symbol should be hashed in the `.gnu.hash' section. */ bool diff --git a/bfd/elfxx-x86.h b/bfd/elfxx-x86.h index 1ebc9d2f2e5..f8a24a77577 100644 --- a/bfd/elfxx-x86.h +++ b/bfd/elfxx-x86.h @@ -951,6 +951,10 @@ extern void _bfd_x86_elf_link_report_tls_transition_error const Elf_Internal_Rela *, const char *, const char *, enum elf_x86_tls_error_type); +extern void _bfd_x86_elf_link_report_tls_invalid_section_error + (bfd *, asection *, Elf_Internal_Shdr *, struct elf_link_hash_entry *, + Elf_Internal_Sym *, reloc_howto_type *); + #define bfd_elf64_mkobject \ _bfd_x86_elf_mkobject #define bfd_elf32_mkobject \ -- 2.47.3