diff options
| author | Fangrui Song <i@maskray.me> | 2022-06-22 10:55:12 -0700 |
|---|---|---|
| committer | Fangrui Song <i@maskray.me> | 2022-06-22 10:55:12 -0700 |
| commit | 90b7a5df152a64d2bea20beb438e8b81049a5c30 (patch) | |
| tree | 02a86981b9fab3de79108a80950f35c1a2825353 /bfd | |
| parent | f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199 (diff) | |
| download | gdb-90b7a5df152a64d2bea20beb438e8b81049a5c30.zip gdb-90b7a5df152a64d2bea20beb438e8b81049a5c30.tar.gz gdb-90b7a5df152a64d2bea20beb438e8b81049a5c30.tar.bz2 | |
aarch64: Disallow copy relocations on protected data
If an executable has copy relocations for extern protected data, that
can only work if the shared object containing the definition is built
with assumptions (a) the compiler emits GOT-generating relocations (b)
the linker produces R_*_GLOB_DAT instead of R_*_RELATIVE. Otherwise the
shared object uses its own definition directly and the executable
accesses a stale copy. Note: the GOT relocations defeat the purpose of
protected visibility as an optimization, and it turns out this never
worked perfectly.
glibc 2.36 will warn on copy relocations on protected data. Let's
produce a warning at link time, matching ld.lld which has been used on
many aarch64 OSes.
Note: x86 requires GNU_PROPERTY_NO_COPY_ON_PROTECTED to have the error.
This is to largely due to GCC 5's "x86-64: Optimize access to globals in
PIE with copy reloc" which started to use direct access relocations for
external data symbols in -fpie mode.
GCC's aarch64 port does not have the change. Nowadays with most builds
switching to -fpie/-fpic, aarch64 mostly doesn't need to worry about
copy relocations. So for aarch64 we simply don't check
GNU_PROPERTY_NO_COPY_ON_PROTECTED.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/elfnn-aarch64.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c index ca24a6b..81311fc 100644 --- a/bfd/elfnn-aarch64.c +++ b/bfd/elfnn-aarch64.c @@ -2579,6 +2579,9 @@ struct elf_aarch64_link_hash_entry this symbol. */ unsigned int got_type; + /* TRUE if symbol is defined as a protected symbol. */ + unsigned int def_protected : 1; + /* A pointer to the most recently used stub hash entry against this symbol. */ struct elf_aarch64_stub_hash_entry *stub_cache; @@ -2855,9 +2858,16 @@ elfNN_aarch64_copy_indirect_symbol (struct bfd_link_info *info, static void elfNN_aarch64_merge_symbol_attribute (struct elf_link_hash_entry *h, unsigned int st_other, - bool definition ATTRIBUTE_UNUSED, + bool definition, bool dynamic ATTRIBUTE_UNUSED) { + if (definition) + { + struct elf_aarch64_link_hash_entry *eh + = (struct elf_aarch64_link_hash_entry *)h; + eh->def_protected = ELF_ST_VISIBILITY (st_other) == STV_PROTECTED; + } + unsigned int isym_sto = st_other & ~ELF_ST_VISIBILITY (-1); unsigned int h_sto = h->other & ~ELF_ST_VISIBILITY (-1); @@ -8701,6 +8711,22 @@ elfNN_aarch64_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf) if (h->dyn_relocs == NULL) return true; + for (p = h->dyn_relocs; p != NULL; p = p->next) + if (eh->def_protected) + { + /* Disallow copy relocations against protected symbol. */ + asection *s = p->sec->output_section; + if (s != NULL && (s->flags & SEC_READONLY) != 0) + { + info->callbacks->einfo + /* xgettext:c-format */ + (_ ("%F%P: %pB: copy relocation against non-copyable " + "protected symbol `%s'\n"), + p->sec->owner, h->root.root.string); + return false; + } + } + /* In the shared -Bsymbolic case, discard space allocated for dynamic pc-relative relocs against symbols which turn out to be defined in regular objects. For the normal shared case, discard |