diff options
| author | Fangrui Song <i@maskray.me> | 2022-06-22 10:55:12 -0700 |
|---|---|---|
| committer | Fangrui Song <i@maskray.me> | 2022-06-22 10:55:12 -0700 |
| commit | 90b7a5df152a64d2bea20beb438e8b81049a5c30 (patch) | |
| tree | 02a86981b9fab3de79108a80950f35c1a2825353 /ld | |
| parent | f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199 (diff) | |
| download | gdb-90b7a5df152a64d2bea20beb438e8b81049a5c30.zip gdb-90b7a5df152a64d2bea20beb438e8b81049a5c30.tar.gz gdb-90b7a5df152a64d2bea20beb438e8b81049a5c30.tar.bz2 | |
aarch64: Disallow copy relocations on protected data
If an executable has copy relocations for extern protected data, that
can only work if the shared object containing the definition is built
with assumptions (a) the compiler emits GOT-generating relocations (b)
the linker produces R_*_GLOB_DAT instead of R_*_RELATIVE. Otherwise the
shared object uses its own definition directly and the executable
accesses a stale copy. Note: the GOT relocations defeat the purpose of
protected visibility as an optimization, and it turns out this never
worked perfectly.
glibc 2.36 will warn on copy relocations on protected data. Let's
produce a warning at link time, matching ld.lld which has been used on
many aarch64 OSes.
Note: x86 requires GNU_PROPERTY_NO_COPY_ON_PROTECTED to have the error.
This is to largely due to GCC 5's "x86-64: Optimize access to globals in
PIE with copy reloc" which started to use direct access relocations for
external data symbols in -fpie mode.
GCC's aarch64 port does not have the change. Nowadays with most builds
switching to -fpie/-fpic, aarch64 mostly doesn't need to worry about
copy relocations. So for aarch64 we simply don't check
GNU_PROPERTY_NO_COPY_ON_PROTECTED.
Diffstat (limited to 'ld')
| -rw-r--r-- | ld/testsuite/ld-aarch64/aarch64-elf.exp | 9 | ||||
| -rw-r--r-- | ld/testsuite/ld-aarch64/copy-reloc-protected.d | 2 | ||||
| -rw-r--r-- | ld/testsuite/ld-aarch64/protected.s | 8 |
3 files changed, 19 insertions, 0 deletions
diff --git a/ld/testsuite/ld-aarch64/aarch64-elf.exp b/ld/testsuite/ld-aarch64/aarch64-elf.exp index 64476f1..3116227 100644 --- a/ld/testsuite/ld-aarch64/aarch64-elf.exp +++ b/ld/testsuite/ld-aarch64/aarch64-elf.exp @@ -407,6 +407,8 @@ set aarch64elflinktests { {copy-reloc-exe-2.s} {{objdump -R copy-reloc-2.d}} "copy-reloc-2"} {"ld-aarch64/exe with copy relocation elimination" "-e0 tmpdir/copy-reloc-so.so" "" "" {copy-reloc-exe-eliminate.s} {{objdump -R copy-reloc-eliminate.d}} "copy-reloc-elimination"} + {"Build .so with protected data" "-shared" "" "" {protected.s} + {} "protected.so"} {"ld-aarch64/so with global func" "-shared" "" "" {func-in-so.s} {} "func-in-so.so"} {"ld-aarch64/func sym hash opt for exe" @@ -416,8 +418,15 @@ set aarch64elflinktests { {} "libbti-plt-so.so"} } +set aarch64elfcclinktests [list \ + [list "copy relocation on protected data" \ + "-no-pie tmpdir/copy-reloc-exe.o tmpdir/protected.so" "" \ + {} {{error_output copy-reloc-protected.d}} "copy-reloc-protected"] +] + if [check_shared_lib_support] { run_ld_link_tests $aarch64elflinktests + run_cc_link_tests $aarch64elfcclinktests } run_dump_test "bti-plt-3" diff --git a/ld/testsuite/ld-aarch64/copy-reloc-protected.d b/ld/testsuite/ld-aarch64/copy-reloc-protected.d new file mode 100644 index 0000000..99a356a --- /dev/null +++ b/ld/testsuite/ld-aarch64/copy-reloc-protected.d @@ -0,0 +1,2 @@ +.*: tmpdir/copy-reloc-exe.o: copy relocation against non-copyable protected symbol `global_a' +#... diff --git a/ld/testsuite/ld-aarch64/protected.s b/ld/testsuite/ld-aarch64/protected.s new file mode 100644 index 0000000..eb3fb40 --- /dev/null +++ b/ld/testsuite/ld-aarch64/protected.s @@ -0,0 +1,8 @@ +.global global_a +.protected global_a +.type global_a, %object +.size global_a, 4 + +.data +global_a: +.word 0xcafedead |