AArch64: Fix regression in Cortex A53 erratum when PIE. (PR ld/23904)

The fix for PR ld/22263 causes TLS relocations using ADRP to be relaxed
into MOVZ, however this causes issues for the erratum code.

The erratum code scans the input sections looking for ADRP instructions
and notes their location in the stream.

It then later tries to find them again in order to generate the linker
stubs.  Due to the relaxation it instead finds a MOVZ and hard aborts.

Since this relaxation is a valid one, and in which case the erratum no
longer applies, it shouldn't abort but instead just continue.

This changes the TLS relaxation code such that when it finds an ADRP and
it relaxes it, it removes the erratum entry from the work list by changing
the stub type into none so the stub is ignored.

The entry is not actually removed as removal is a more expensive operation
and we have already allocated the memory anyway.

The clearing is done for IE->LE and GD->LE relaxations, and a testcase is
added for the IE case. The GD case I believe to be impossible to get together
with the erratum sequence due to the required BL which would break the sequence.
However to cover all basis I have added the guard there as well.

build on native hardware and regtested on
  aarch64-none-elf, aarch64-none-elf (32 bit host),
  aarch64-none-linux-gnu, aarch64-none-linux-gnu (32 bit host)

Cross-compiled and regtested on
  aarch64-none-linux-gnu, aarch64_be-none-linux-gnu

Testcase in PR23940 tested and works as expected now and benchmarks ran on A53
showing no regressions and no issues.

bfd/ChangeLog:

	PR ld/23904
	* elfnn-aarch64.c (_bfd_aarch64_adrp_p): Use existing constants.
	(_bfd_aarch64_erratum_843419_branch_to_stub): Use _bfd_aarch64_adrp_p.
	(struct erratum_835769_branch_to_stub_clear_data): New.
	(_bfd_aarch64_erratum_843419_clear_stub): New.
	(clear_erratum_843419_entry): New.
	(elfNN_aarch64_tls_relax): Use it.
	(elfNN_aarch64_relocate_section): Pass input_section.
	(aarch64_map_one_stub): Handle branch type none as valid.

ld/ChangeLog:

	PR ld/23904
	* testsuite/ld-aarch64/aarch64-elf.exp: Add erratum843419_tls_ie.
	* testsuite/ld-aarch64/erratum843419_tls_ie.d: New test.
	* testsuite/ld-aarch64/erratum843419_tls_ie.s: New test.

(cherry picked from commit 9fca35fc3486283562a7fcd9eb0ff845b0152d98)

2 files changed, 86 insertions, 5 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 53bb9eb..2cdb834 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,16 @@
+2018-11-27  Tamar Christina  <tamar.christina@arm.com>
+
+	Backport from mainline
+	PR ld/23904
+	* elfnn-aarch64.c (_bfd_aarch64_adrp_p): Use existing constants.
+	(_bfd_aarch64_erratum_843419_branch_to_stub): Use _bfd_aarch64_adrp_p.
+	(struct erratum_835769_branch_to_stub_clear_data): New.
+	(_bfd_aarch64_erratum_843419_clear_stub): New.
+	(clear_erratum_843419_entry): New.
+	(elfNN_aarch64_tls_relax): Use it.
+	(elfNN_aarch64_relocate_section): Pass input_section.
+	(aarch64_map_one_stub): Handle branch type none as valid.
+
 2018-11-15  Claudiu Zissulescu  <claziss@synopsys.com>
 
 	Backport from mainline
diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c
index cf321f3..d4964b1 100644
--- a/bfd/elfnn-aarch64.c
+++ b/bfd/elfnn-aarch64.c
@@ -3845,7 +3845,7 @@ _bfd_aarch64_erratum_835769_scan (bfd *input_bfd,
 static bfd_boolean
 _bfd_aarch64_adrp_p (uint32_t insn)
 {
-  return ((insn & 0x9f000000) == 0x90000000);
+  return ((insn & AARCH64_ADRP_OP_MASK) == AARCH64_ADRP_OP);
 }
 
 
@@ -5074,7 +5074,7 @@ _bfd_aarch64_erratum_843419_branch_to_stub (struct bfd_hash_entry *gen_entry,
 	   + stub_entry->adrp_offset);
   insn = bfd_getl32 (contents + stub_entry->adrp_offset);
 
-  if ((insn & AARCH64_ADRP_OP_MASK) !=  AARCH64_ADRP_OP)
+  if (!_bfd_aarch64_adrp_p (insn))
     abort ();
 
   bfd_signed_vma imm =
@@ -5939,6 +5939,64 @@ bad_ifunc_reloc:
 # define movz_hw_R0	(0x52c00000)
 #endif
 
+/* Structure to hold payload for _bfd_aarch64_erratum_843419_clear_stub,
+   it is used to identify the stub information to reset.  */
+
+struct erratum_843419_branch_to_stub_clear_data
+{
+  bfd_vma adrp_offset;
+  asection *output_section;
+};
+
+/* Clear the erratum information for GEN_ENTRY if the ADRP_OFFSET and
+   section inside IN_ARG matches.  The clearing is done by setting the
+   stub_type to none.  */
+
+static bfd_boolean
+_bfd_aarch64_erratum_843419_clear_stub (struct bfd_hash_entry *gen_entry,
+					void *in_arg)
+{
+  struct elf_aarch64_stub_hash_entry *stub_entry
+    = (struct elf_aarch64_stub_hash_entry *) gen_entry;
+  struct erratum_843419_branch_to_stub_clear_data *data
+    = (struct erratum_843419_branch_to_stub_clear_data *) in_arg;
+
+  if (stub_entry->target_section != data->output_section
+      || stub_entry->stub_type != aarch64_stub_erratum_843419_veneer
+      || stub_entry->adrp_offset != data->adrp_offset)
+    return TRUE;
+
+  /* Change the stub type instead of removing the entry, removing from the hash
+     table would be slower and we have already reserved the memory for the entry
+     so there wouldn't be much gain.  Changing the stub also keeps around a
+     record of what was there before.  */
+  stub_entry->stub_type = aarch64_stub_none;
+
+  /* We're done and there could have been only one matching stub at that
+     particular offset, so abort further traversal.  */
+  return FALSE;
+}
+
+/* TLS Relaxations may relax an adrp sequence that matches the erratum 843419
+   sequence.  In this case the erratum no longer applies and we need to remove
+   the entry from the pending stub generation.  This clears matching adrp insn
+   at ADRP_OFFSET in INPUT_SECTION in the stub table defined in GLOBALS.  */
+
+static void
+clear_erratum_843419_entry (struct elf_aarch64_link_hash_table *globals,
+			    bfd_vma adrp_offset, asection *input_section)
+{
+  if (globals->fix_erratum_843419)
+    {
+      struct erratum_843419_branch_to_stub_clear_data data;
+      data.adrp_offset = adrp_offset;
+      data.output_section = input_section;
+
+      bfd_hash_traverse (&globals->stub_hash_table,
+			 _bfd_aarch64_erratum_843419_clear_stub, &data);
+    }
+}
+
 /* Handle TLS relaxations.  Relaxing is possible for symbols that use
    R_AARCH64_TLSDESC_ADR_{PAGE, LD64_LO12_NC, ADD_LO12_NC} during a static
    link.
@@ -5949,8 +6007,9 @@ bad_ifunc_reloc:
 
 static bfd_reloc_status_type
 elfNN_aarch64_tls_relax (struct elf_aarch64_link_hash_table *globals,
-			 bfd *input_bfd, bfd_byte *contents,
-			 Elf_Internal_Rela *rel, struct elf_link_hash_entry *h)
+			 bfd *input_bfd, asection *input_section,
+			 bfd_byte *contents, Elf_Internal_Rela *rel,
+			 struct elf_link_hash_entry *h)
 {
   bfd_boolean is_local = h == NULL;
   unsigned int r_type = ELFNN_R_TYPE (rel->r_info);
@@ -5971,6 +6030,9 @@ elfNN_aarch64_tls_relax (struct elf_aarch64_link_hash_table *globals,
 
 	     Where R is x for LP64, and w for ILP32.  */
 	  bfd_putl32 (movz_R0, contents + rel->r_offset);
+	  /* We have relaxed the adrp into a mov, we may have to clear any
+	     pending erratum fixes.  */
+	  clear_erratum_843419_entry (globals, rel->r_offset, input_section);
 	  return bfd_reloc_continue;
 	}
       else
@@ -6261,6 +6323,9 @@ elfNN_aarch64_tls_relax (struct elf_aarch64_link_hash_table *globals,
 	{
 	  insn = bfd_getl32 (contents + rel->r_offset);
 	  bfd_putl32 (movz_R0 | (insn & 0x1f), contents + rel->r_offset);
+	  /* We have relaxed the adrp into a mov, we may have to clear any
+	     pending erratum fixes.  */
+	  clear_erratum_843419_entry (globals, rel->r_offset, input_section);
 	}
       return bfd_reloc_continue;
 
@@ -6485,7 +6550,8 @@ elfNN_aarch64_relocate_section (bfd *output_bfd,
 	  howto = elfNN_aarch64_howto_from_bfd_reloc (bfd_r_type);
 	  BFD_ASSERT (howto != NULL);
 	  r_type = howto->type;
-	  r = elfNN_aarch64_tls_relax (globals, input_bfd, contents, rel, h);
+	  r = elfNN_aarch64_tls_relax (globals, input_bfd, input_section,
+				       contents, rel, h);
 	  unresolved_reloc = 0;
 	}
       else
@@ -8076,6 +8142,8 @@ aarch64_map_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
       if (!elfNN_aarch64_output_map_sym (osi, AARCH64_MAP_INSN, addr))
 	return FALSE;
       break;
+    case aarch64_stub_none:
+      break;
 
     default:
       abort ();