diff options
| author | H.J. Lu <hjl.tools@gmail.com> | 2020-01-20 06:58:51 -0800 |
|---|---|---|
| committer | H.J. Lu <hjl.tools@gmail.com> | 2020-01-20 07:01:07 -0800 |
| commit | 14470f0755dbc942aa684ed647df978ddfc7cff2 (patch) | |
| tree | c19e873d9c8c86cc24fe568ec473f7bd8c2b18e2 /bfd/elf64-x86-64.c | |
| parent | b9ca1af69e097b8dc15b23a4e12194f9567c4ad7 (diff) | |
| download | gdb-14470f0755dbc942aa684ed647df978ddfc7cff2.zip gdb-14470f0755dbc942aa684ed647df978ddfc7cff2.tar.gz gdb-14470f0755dbc942aa684ed647df978ddfc7cff2.tar.bz2 | |
x86-64: Fix TLSDESC relaxation for x32
For x32, we must encode "lea x@TLSDESC(%rip), %reg" with a REX prefix
even if it isn't required. Otherwise linker can’t safely perform
GDesc -> IE/LE optimization. X32 TLSDESC sequences can be:
40 8d 05 00 00 00 00 rex lea x@TLSDESC(%rip), %reg
...
67 ff 10 call *x@TLSCALL(%eax)
or the same sequence as LP64:
48 8d 05 00 00 00 00 lea foo@TLSDESC(%rip), %reg
...
ff 10 call *foo@TLSCALL(%rax)
We need to support both sequences for x32. For both GDesc -> IE/LE
transitions,
67 ff 10 call *x@TLSCALL(%eax)
should relaxed to
0f 1f 00 nopl (%rax)
For GDesc -> LE transition,
40 8d 05 00 00 00 00 rex lea x@TLSDESC(%rip), %reg
should relaxed to
40 c7 c0 fc ff ff ff rex movl $x@tpoff, %reg
For GDesc -> IE transition,
40 8d 05 00 00 00 00 rex lea x@TLSDESC(%rip), %reg
should relaxed to
40 8b 05 00 00 00 00 rex movl x@gottpoff(%rip), %eax
bfd/
PR ld/25416
* elf64-x86-64.c (elf_x86_64_check_tls_transition): Support
"rex leal x@tlsdesc(%rip), %reg" and "call *x@tlsdesc(%eax)" in
X32 mode.
(elf_x86_64_relocate_section): In x32 mode, for GDesc -> LE
transition, relax "rex leal x@tlsdesc(%rip), %reg" to
"rex movl $x@tpoff, %reg", for GDesc -> IE transition, relax
"rex leal x@tlsdesc(%rip), %reg" to
"rex movl x@gottpoff(%rip), %eax". For both transitions, relax
"call *(%eax)" to "nopl (%rax)".
gas/
PR ld/25416
* config/tc-i386.c (output_insn): Add a dummy REX_OPCODE prefix
for lea with R_X86_64_GOTPC32_TLSDESC relocation when generating
x32 object.
* testsuite/gas/i386/ilp32/x32-tls.d: Updated.
* testsuite/gas/i386/ilp32/x32-tls.s: Add tests for lea with
R_X86_64_GOTPC32_TLSDESC relocation.
ld/
PR ld/25416
* testsuite/ld-x86-64/pr25416-1.s: New file
* testsuite/ld-x86-64/pr25416-1a.d: Likewise.
* testsuite/ld-x86-64/pr25416-1b.d: Likewise.
* testsuite/ld-x86-64/pr25416-1.s: Likewise.
* testsuite/ld-x86-64/pr25416-2.s: Likewise.
* testsuite/ld-x86-64/pr25416-2a.d: Likewise.
* testsuite/ld-x86-64/pr25416-2b.d: Likewise.
* testsuite/ld-x86-64/pr25416-3.d: Likewise.
* testsuite/ld-x86-64/pr25416-3.s: Likewise.
* testsuite/ld-x86-64/pr25416-4.d: Likewise.
* testsuite/ld-x86-64/pr25416-4.s: Likewise.
* testsuite/ld-x86-64/pr25416-5a.c: Likewise.
* testsuite/ld-x86-64/pr25416-5b.s: Likewise.
* testsuite/ld-x86-64/pr25416-5c.s: Likewise.
* testsuite/ld-x86-64/pr25416-5d.s: Likewise.
* testsuite/ld-x86-64/pr25416-5e.s: Likewise.
* testsuite/ld-x86-64/x86-64.exp: Run PR ld/25416 tests.
Diffstat (limited to 'bfd/elf64-x86-64.c')
| -rw-r--r-- | bfd/elf64-x86-64.c | 100 |
1 files changed, 81 insertions, 19 deletions
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c index 79e68ff..014bea1 100644 --- a/bfd/elf64-x86-64.c +++ b/bfd/elf64-x86-64.c @@ -1223,7 +1223,8 @@ elf_x86_64_check_tls_transition (bfd *abfd, case R_X86_64_GOTPC32_TLSDESC: /* Check transition from GDesc access model: - leaq x@tlsdesc(%rip), %rax + leaq x@tlsdesc(%rip), %rax <--- LP64 mode. + rex leal x@tlsdesc(%rip), %eax <--- X32 mode. Make sure it's a leaq adding rip to a 32-bit offset into any register, although it's probably almost always @@ -1233,7 +1234,8 @@ elf_x86_64_check_tls_transition (bfd *abfd, return FALSE; val = bfd_get_8 (abfd, contents + offset - 3); - if ((val & 0xfb) != 0x48) + val &= 0xfb; + if (val != 0x48 && (ABI_64_P (abfd) || val != 0x40)) return FALSE; if (bfd_get_8 (abfd, contents + offset - 2) != 0x8d) @@ -1244,13 +1246,26 @@ elf_x86_64_check_tls_transition (bfd *abfd, case R_X86_64_TLSDESC_CALL: /* Check transition from GDesc access model: - call *x@tlsdesc(%rax) + call *x@tlsdesc(%rax) <--- LP64 mode. + call *x@tlsdesc(%eax) <--- X32 mode. */ if (offset + 2 <= sec->size) { - /* Make sure that it's a call *x@tlsdesc(%rax). */ + unsigned int prefix; call = contents + offset; - return call[0] == 0xff && call[1] == 0x10; + prefix = 0; + if (!ABI_64_P (abfd)) + { + /* Check for call *x@tlsdesc(%eax). */ + if (call[0] == 0x67) + { + prefix = 1; + if (offset + 3 > sec->size) + return FALSE; + } + } + /* Make sure that it's a call *x@tlsdesc(%rax). */ + return call[prefix] == 0xff && call[1 + prefix] == 0x10; } return FALSE; @@ -3401,10 +3416,13 @@ corrupt_input: { /* GDesc -> LE transition. It's originally something like: - leaq x@tlsdesc(%rip), %rax + leaq x@tlsdesc(%rip), %rax <--- LP64 mode. + rex leal x@tlsdesc(%rip), %eax <--- X32 mode. Change it to: - movl $x@tpoff, %rax. */ + movq $x@tpoff, %rax <--- LP64 mode. + rex movl $x@tpoff, %eax <--- X32 mode. + */ unsigned int val, type; @@ -3412,7 +3430,8 @@ corrupt_input: goto corrupt_input; type = bfd_get_8 (input_bfd, contents + roff - 3); val = bfd_get_8 (input_bfd, contents + roff - 1); - bfd_put_8 (output_bfd, 0x48 | ((type >> 2) & 1), + bfd_put_8 (output_bfd, + (type & 0x48) | ((type >> 2) & 1), contents + roff - 3); bfd_put_8 (output_bfd, 0xc7, contents + roff - 2); bfd_put_8 (output_bfd, 0xc0 | ((val >> 3) & 7), @@ -3426,11 +3445,30 @@ corrupt_input: { /* GDesc -> LE transition. It's originally: - call *(%rax) + call *(%rax) <--- LP64 mode. + call *(%eax) <--- X32 mode. Turn it into: - xchg %ax,%ax. */ - bfd_put_8 (output_bfd, 0x66, contents + roff); - bfd_put_8 (output_bfd, 0x90, contents + roff + 1); + xchg %ax,%ax <-- LP64 mode. + nopl (%rax) <-- X32 mode. + */ + unsigned int prefix = 0; + if (!ABI_64_P (input_bfd)) + { + /* Check for call *x@tlsdesc(%eax). */ + if (contents[roff] == 0x67) + prefix = 1; + } + if (prefix) + { + bfd_put_8 (output_bfd, 0x0f, contents + roff); + bfd_put_8 (output_bfd, 0x1f, contents + roff + 1); + bfd_put_8 (output_bfd, 0x00, contents + roff + 2); + } + else + { + bfd_put_8 (output_bfd, 0x66, contents + roff); + bfd_put_8 (output_bfd, 0x90, contents + roff + 1); + } continue; } else if (r_type == R_X86_64_GOTTPOFF) @@ -3741,13 +3779,18 @@ corrupt_input: { /* GDesc -> IE transition. It's originally something like: - leaq x@tlsdesc(%rip), %rax + leaq x@tlsdesc(%rip), %rax <--- LP64 mode. + rex leal x@tlsdesc(%rip), %eax <--- X32 mode. Change it to: - movq x@gottpoff(%rip), %rax # before xchg %ax,%ax. */ + # before xchg %ax,%ax in LP64 mode. + movq x@gottpoff(%rip), %rax + # before nopl (%rax) in X32 mode. + rex movl x@gottpoff(%rip), %eax + */ /* Now modify the instruction as appropriate. To - turn a leaq into a movq in the form we use it, it + turn a lea into a mov in the form we use it, it suffices to change the second byte from 0x8d to 0x8b. */ if (roff < 2) @@ -3768,13 +3811,32 @@ corrupt_input: { /* GDesc -> IE transition. It's originally: - call *(%rax) + call *(%rax) <--- LP64 mode. + call *(%eax) <--- X32 mode. Change it to: - xchg %ax, %ax. */ + xchg %ax, %ax <-- LP64 mode. + nopl (%rax) <-- X32 mode. + */ - bfd_put_8 (output_bfd, 0x66, contents + roff); - bfd_put_8 (output_bfd, 0x90, contents + roff + 1); + unsigned int prefix = 0; + if (!ABI_64_P (input_bfd)) + { + /* Check for call *x@tlsdesc(%eax). */ + if (contents[roff] == 0x67) + prefix = 1; + } + if (prefix) + { + bfd_put_8 (output_bfd, 0x0f, contents + roff); + bfd_put_8 (output_bfd, 0x1f, contents + roff + 1); + bfd_put_8 (output_bfd, 0x00, contents + roff + 2); + } + else + { + bfd_put_8 (output_bfd, 0x66, contents + roff); + bfd_put_8 (output_bfd, 0x90, contents + roff + 1); + } continue; } else |