| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Older gcc reports:
.../bfd/dwarf2.c: In function 'read_ranges':
.../bfd/dwarf2.c:3107: error: comparison between signed and unsigned
.../bfd/dwarf2.c: In function 'read_rnglists':
.../bfd/dwarf2.c:3189: error: comparison between signed and unsigned
Similarly for binutils/dwarf.c. Arrange for the left sides of the > to
also be unsigned quantities.
|
|
|
|
|
|
|
|
|
|
|
|
* elf-attrs.c (_bfd_elf_parse_attributes): Break out of loop if
subsection length is too small to cover tag and length field.
|
|
|
|
|
|
2021-05-31 Nelson Chu <nelson.chu@sifive.com>
Lifang Xia <lifang_xia@c-sky.com>
The data segment phase exp_seg_relro_adjust means we are still adjusting the
relro segments, so we will get the symbol values which havn't consider the
relro. It is dangerous and we shouldn't do the relaxations at this stage.
Otherwise, we may get the truncated fails when the relax range crossing the
data segment.
One of the solution is that, we use a pointer to monitor the data segment
phase while relaxing, to know whether the relro has been handled or not.
Once we check the phase is exp_seg_relro_adjust, we should skip this round
of relaxations, since the incorrect symbol values will affect the correctness
of relaxations. I think we probably need to record more information about
data segment or alignments in the future, to make sure it is safe to doing
relaxations.
For the two new testcases, relro-relax-lui and relro-relax-pcrel, we get
the following truncated errors when using toolchains, which enable relro:
(.text+0x0): relocation truncated to fit: R_RISCV_GPREL_I against symbol `SymbolRodata' defined in .rodata section in test1.o
After applying this patch, the truncated errors should be resolved.
However, only linux toolchains support -z relro, so we only test these
two testcases when supporting shared library.
bfd/
PR 27566
* elfnn-riscv.c (struct riscv_elf_link_hash_table): New integer pointer
to monitor the data segment phase.
(bfd_elfNN_riscv_set_data_segment_info): New function called by
after_allocation, to set the data_segment_phase from expld.dataseg.
(_bfd_riscv_relax_section): Don't relax when data_segment_phase is
exp_seg_relro_adjust (0x4).
* elfxx-riscv.h (bfd_elf32_riscv_set_data_segment_info): New extern.
(bfd_elf64_riscv_set_data_segment_info): Likewise.
ld/
PR 27566
* emultempl/riscvelf.em (after_allocation): Call
riscv_set_data_segment_info to set data segment phase before relaxing.
* testsuite/ld-riscv-elf/ld-riscv-elf.exp: Updated.
* testsuite/ld-riscv-elf/relro-relax-lui.d: New testcase.
* testsuite/ld-riscv-elf/relro-relax-lui.s: Likewise.
* testsuite/ld-riscv-elf/relro-relax-pcrel.d: Likewise.
* testsuite/ld-riscv-elf/relro-relax-pcrel.s: Likewise.
|
|
|
|
|
|
|
|
The x86-64 psABI has
---
A program or object file using R_X86_64_8, R_X86_64_16, R_X86_64_PC16
or R_X86_64_PC8 relocations is not conformant to this ABI, these
relocations are only added for documentation purposes.
---
Since x86 PC16 relocations have been used for 16-bit programs in an ELF32
or ELF64 container, PC16 relocation should wrap-around in 16-bit address
space. Revert
commit a7664973b24a242cd9ea17deb5eaf503065fc0bd
Author: Jan Beulich <jbeulich@suse.com>
Date: Mon Apr 26 10:41:35 2021 +0200
x86: correct overflow checking for 16-bit PC-relative relocs
and xfail the related tests. Also revert
commit 50c95a739c91ae70cf8481936611aa1f5397a384
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed May 26 12:13:13 2021 -0700
x86: Propery check PC16 reloc overflow in 16-bit mode instructions
while keeping PR ld/27905 tests for PC16 relocation in 16-bit programs.
bfd/
PR ld/27905
* elf32-i386.c: Don't include "libiberty.h".
(elf_howto_table): Revert commits a7664973b24 and 50c95a739c9.
(elf_i386_rtype_to_howto): Revert commit 50c95a739c9.
(elf_i386_info_to_howto_rel): Likewise.
(elf_i386_tls_transition): Likewise.
(elf_i386_relocate_section): Likewise.
* elf64-x86-64.c (x86_64_elf_howto_table): Revert commits
a7664973b24 and 50c95a739c9.
(elf_x86_64_rtype_to_howto): Revert commit 50c95a739c9.
* elfxx-x86.c (_bfd_x86_elf_parse_gnu_properties): Likewise.
* elfxx-x86.h (elf_x86_obj_tdata): Likewise.
(elf_x86_has_code16): Likewise.
binutils/
PR ld/27905
* readelf.c (decode_x86_feature_2): Revert commit 50c95a739c9.
gas/
PR ld/27905
* config/tc-i386.c (set_code_flag): Revert commit 50c95a739c9.
(set_16bit_gcc_code_flag): Likewise.
(x86_cleanup): Likewise.
* testsuite/gas/i386/code16-2.d: Updated.
* testsuite/gas/i386/x86-64-code16-2.d: Likewise.
include/
PR ld/27905
* elf/common.h (GNU_PROPERTY_X86_FEATURE_2_CODE16): Removed.
ld/
PR ld/27905
* testsuite/ld-i386/pcrel16-2.d: xfail.
* testsuite/ld-x86-64/pcrel16-2.d: Likewise.
|
|
|
|
|
|
commit a7664973b24a242cd9ea17deb5eaf503065fc0bd
Author: Jan Beulich <jbeulich@suse.com>
Date: Mon Apr 26 10:41:35 2021 +0200
x86: correct overflow checking for 16-bit PC-relative relocs
caused linker failure when building 16-bit program in a 32-bit ELF
container. Update GNU_PROPERTY_X86_FEATURE_2_USED with
#define GNU_PROPERTY_X86_FEATURE_2_CODE16 (1U << 12)
to indicate that 16-bit mode instructions are used in the input object:
https://groups.google.com/g/x86-64-abi/c/UvvXWeHIGMA
to indicate that 16-bit mode instructions are used in the object to
allow linker to properly perform relocation overflow check for 16-bit
PC-relative relocations in 16-bit mode instructions.
1. Update x86 assembler to always generate the GNU property note with
GNU_PROPERTY_X86_FEATURE_2_CODE16 for .code16 in ELF object.
2. Update i386 and x86-64 linkers to use 16-bit PC16 relocations if
input object is marked with GNU_PROPERTY_X86_FEATURE_2_CODE16.
bfd/
PR ld/27905
* elf32-i386.c: Include "libiberty.h".
(elf_howto_table): Add 16-bit R_386_PC16 entry.
(elf_i386_rtype_to_howto): Add a BFD argument. Use 16-bit
R_386_PC16 if input has 16-bit mode instructions.
(elf_i386_info_to_howto_rel): Update elf_i386_rtype_to_howto
call.
(elf_i386_tls_transition): Likewise.
(elf_i386_relocate_section): Likewise.
* elf64-x86-64.c (x86_64_elf_howto_table): Add 16-bit
R_X86_64_PC16 entry.
(elf_x86_64_rtype_to_howto): Use 16-bit R_X86_64_PC16 if input
has 16-bit mode instructions.
* elfxx-x86.c (_bfd_x86_elf_parse_gnu_properties): Set
elf_x86_has_code16 if relocatable input is marked with
GNU_PROPERTY_X86_FEATURE_2_CODE16.
* elfxx-x86.h (elf_x86_obj_tdata): Add has_code16.
(elf_x86_has_code16): New.
binutils/
PR ld/27905
* readelf.c (decode_x86_feature_2): Support
GNU_PROPERTY_X86_FEATURE_2_CODE16.
gas/
PR ld/27905
* config/tc-i386.c (set_code_flag): Update x86_feature_2_used
with GNU_PROPERTY_X86_FEATURE_2_CODE16 for .code16 in ELF
object.
(set_16bit_gcc_code_flag): Likewise.
(x86_cleanup): Always generate the GNU property note if
x86_feature_2_used isn't 0.
* testsuite/gas/i386/code16-2.d: New file.
* testsuite/gas/i386/code16-2.s: Likewise.
* testsuite/gas/i386/x86-64-code16-2.d: Likewise.
* testsuite/gas/i386/i386.exp: Run code16-2 and x86-64-code16-2.
include/
PR ld/27905
* elf/common.h (GNU_PROPERTY_X86_FEATURE_2_CODE16): New.
ld/
PR ld/27905
* testsuite/ld-i386/code16.d: New file.
* testsuite/ld-i386/code16.t: Likewise.
* testsuite/ld-x86-64/code16.d: Likewise.
* testsuite/ld-x86-64/code16.t: Likewise.
* testsuite/ld-i386/i386.exp: Run code16.
* testsuite/ld-x86-64/x86-64.exp: Likewise.
|
|
Since the policies of GNU and llvm toolchain are different for now,
current binutils mainline cannot accept any draft extensions, including
rvv, zfh, .... The Clang/LLVM allows these draft stuff on mainline,
but the GNU ld might be used with them, so this causes the link time
problems.
The patch allows ld to link the objects with unknown prefixed extensions,
which are probably generated by LLVM or customized toolchains.
bfd/
* elfxx-riscv.h (check_unknown_prefixed_ext): New bool.
* elfxx-riscv.c (riscv_parse_prefixed_ext): Do not check the
prefixed extension name if check_unknown_prefixed_ext is false.
* elfnn-riscv.c (riscv_merge_arch_attr_info): Set
check_unknown_prefixed_ext to false for linker.
gas/
* config/tc-riscv.c (riscv_set_arch): Set
check_unknown_prefixed_ext to true for assembler.
|
|
|
|
bfd * elf32-arn.c (struct elf_arm_obj_tdata): Add num_entries field.
(elf32_arm_num_entries): New macro.
(elf32_arm_allocate_local_sym_info): Initialise the new field.
Allocate arrays individually so that buffer overruns can be
detected by memory checkers.
(elf32_arm_create_local_iplt): Check num_entries.
(elf32_arm_get_plt_info): Likewise.
(elf32_arm_final_link_relocate): Likewise.
(elf32_arm_check_relocs): Likewise.
(elf32_arm_size_dynamic_sections): Likewise.
(elf32_arm_output_arch_local_syms): Likewise.
|
|
|
|
I exposed a problem with the change in commit 574ec1084d to the outer
loop of _bfd_elf_parse_attributes. "p_end - p >= 4" is better than
"p < p_end - 4" as far as pointer UB is concerned if the size of the
attritbute section is say, 3 bytes. However you do need to ensure p
never exceeds p_end, and that length remaining is kept consistent with
the pointer.
* elf-attrs.c (elf_attr_strdup): New function.
(_bfd_elf_attr_strdup): Use it here.
(elf_add_obj_attr_string): New function, extracted from..
(bfd_elf_add_obj_attr_string): ..here.
(elf_add_obj_attr_int_string): New function, extracted from..
(bfd_elf_add_obj_attr_int_string): ..here.
(_bfd_elf_parse_attributes): Don't allocate an extra byte for a
string terminator. Instead ensure parsing doesn't go past
end of sub-section. Use size_t variables for lengths.
|
|
|
|
|
|
|
|
This patch is aimed at the many places in dwarf2.c that blindly
increment a data pointer after calling functions that are meant to
read a fixed number of bytes. The problem with that is with damaged
dwarf we might increment a data pointer past the end of data, which is
UB and complicates (ie. bugs likely) any further use of that data
pointer. To fix those problems, I've moved incrementing of the data
pointer into the functions that do the reads. _bfd_safe_read_leb128
gets the same treatment for consistency.
* libbfd.c (_bfd_safe_read_leb128): Remove length_return parameter.
Replace data pointer with pointer to pointer. Increment pointer
over bytes read.
* libbfd-in.h (_bfd_safe_read_leb128): Update prototype.
* elf-attrs.c (_bfd_elf_parse_attributes): Adjust to suit. Be
careful not to increment data pointer past end. Remove now
redundant pr17512 check.
* wasm-module.c (READ_LEB128): Adjust to suit changes to
_bfd_safe_read_leb128.
* dwarf2.c (read_n_bytes): New inline function, old one renamed to..
(read_blk): ..this. Allocate and return block. Increment bfd_byte**
arg.
(read_3_bytes): New function.
(read_1_byte, read_1_signed_byte, read_2_bytes, read_4_bytes),
(read_8_bytes, read_string, read_indirect_string),
(read_indirect_line_string, read_alt_indirect_string): Take a
byte_byte** arg which is incremented over bytes read. Remove any
bytes_read return. Rewrite limit checks to compare lengths
rather than pointers.
(read_abbrevs, read_attribute_value, read_formatted_entries),
(decode_line_info, find_abstract_instance, read_ranges),
(read_rnglists, scan_unit_for_symbols, parse_comp_unit),
(stash_comp_unit): Adjust to suit. Rewrite limit checks to
compare lengths rather than pointers.
* libbfd.h: Regenerate.
|
|
|
|
bfd * elf.c (elfcore_make_memtag_note_section): New function.
(elfcore_grok_note): Handle NT_MEMTAG note types.
binutils* readelf.c (get_note_type): Handle NT_MEMTAG note types.
include * elf/common.h (NT_MEMTAG): New constant.
(NT_MEMTAG_TYPE_AARCH_MTE): New constant.
|
|
|
|
I built GDB with `--enable-targets=all`, then started GDB passing it
an x86-64 executable, finally I ran 'maint selftest', and observed GDB
crash like this:
BFD: BFD (GNU Binutils) 2.36.50.20210519 assertion fail ../../src/bfd/hash.c:438
Aborted (core dumped)
The problem originates from two locations, for example in csky-dis.c
(csky_get_disassembler) where we do this:
const char *sec_name = NULL;
...
sec_name = get_elf_backend_data (abfd)->obj_attrs_section;
if (bfd_get_section_by_name (abfd, sec_name) != NULL)
...
We end up in here because during the selftests GDB forces the
architecture to be csky, but the BFD being accessed is still of type
x86-64. As a result obj_attrs_section returns NULL, which means we
end up passing NULL to bfd_get_section_by_name. If we follow the
function calls from bfd_get_section_by_name we eventually end up in
bfd_hash_hash, which asserts that the string (i.e. the name) is not
NULL.
The same crash can be reproduced in GDB without using the selftests,
for example:
(gdb) file x86_64.elf
(gdb) start
(gdb) set architecture csky
(gdb) disassemble main
Dump of assembler code for function main:
BFD: BFD (GNU Binutils) 2.36.50.20210519 assertion fail ../../src/bfd/hash.c:438
Aborted (core dumped)
The fix I propose here is to have bfd_get_section_by_name return NULL
if name is ever NULL. For consistency I updated
bfd_get_section_by_name_if in the same way, even though I'm not
hitting any problems along that code path right now.
I looked through the source tree and removed two NULL checks in
bfd/dwarf2.c which are no longer needed, its possible that there are
additional NULL checks that could be removed, I just didn't find them.
bfd/ChangeLog:
* section.c (bfd_get_section_by_name): Return NULL if name is
NULL.
(bfd_get_section_by_name_if): Likewise.
* dwarf2.c (read_section): Remove unneeded NULL check.
(find_debug_info): Likewise.
|
|
|
|
* plugin.c (bfd_plugin_open_input): Inform the user if the limit
on the number of open files is reached. If possible, try to
increase this limit before failing.
|
|
|
|
|
|
|
|
|
|
|
|
The %pcrel_lo addend may causes the overflow, and need more than one
%pcrel_hi values. But there may be only one auipc, shared by those
%pcrel_lo with addends. However, the existing check method in the
riscv_resolve_pcrel_lo_relocs, may not be able to work for some
special/corner cases.
Consider the testcases pcrel-lo-addend-2b. Before applying this patch,
I can compile it successfully. But in fact the addend cause the value
of %pcrel_hi to be different. This patch try to check the value of
%pcrel_hi directly, to make sure it won't be changed. Otherwise, linker
will report the following errors,
(.text+0xa): dangerous relocation: %pcrel_lo overflow with an addend,
the value of %pcrel_hi is 0x1000 without any addend, but may be 0x2000
after adding the %pcrel_lo addend
The toolchain regressions, rv64gc-linux/rv64gc-elf/rv32gc-linux/rv32i-elf,
pass expectedly and looks fine.
bfd/
* elfnn-riscv.c (riscv_resolve_pcrel_lo_relocs): Check the values
of %pcrel_hi, before and after adding the addend. Make sure the
value won't be changed, otherwise, report dangerous error.
ld/
* testsuite/ld-riscv-elf/ld-riscv-elf.exp: Updated.
* testsuite/ld-riscv-elf/pcrel-lo-addend-2a.d: Renamed from
pcrel-lo-addend-2.
* testsuite/ld-riscv-elf/pcrel-lo-addend-2a.s: Likewise.
* testsuite/ld-riscv-elf/pcrel-lo-addend-2b.d: New testcase.
* testsuite/ld-riscv-elf/pcrel-lo-addend-2b.s: Likewise.
|
|
|
|
Add a new table, riscv_implicit_subsets, to record all implicit information.
So that we add all implicit subsets according to the table, to avoid too
many repeated codes in the riscv_parse_add_implicit_subsets. Besides, the
check_func is used to check whether we should add this implicit subset.
For example, check_implicit_for_i checks the version of i, and we only add
zicsr and zifencei implicitly only when the version less than 2.1.
bfd/
* elfxx-riscv.c (check_implicit_always): The check_func, always add
the implicit subset without checking.
(check_implicit_for_i): The check_func for i, only add zicsr and
zifencei when the version of i less than 2.1.
(struct riscv_implicit_subset): Record the subsets and their
corresponding implicit subsets.
(riscv_implicit_subsets): Table records all implicit informations.
(riscv_parse_add_implicit_subsets): Updated and add implicit subsets
according to riscv_implicit_subsets. Remove the redundant codes.
|
|
PR 27858
* elf32-sh.c (sh_elf_info_to_howto): Correct check for last valid
reloc howto.
|
|
|
|
* elf-bfd.h (elfcore_write_aarch_mte): New prototype.
* elf.c (elfcore_grok_aarch_mte, elfcore_write_aarch_mte): New
functions.
(elfcore_grok_note): Handle notes of type NT_ARM_TAGGED_ADDR_CTRL.
(elfcore_write_register_note): Handle MTE notes.
|
|
|
|
This was detected when a user accidentally tried to build a shared
library using armv8-m.main objects. The resulting error was "warning:
thumb-1 mode PLT generation not currently supported". Something was
clearly wrong because v8-m.main is a thumb-2 variant.
It turns out that the code to detect thumb-2 in object files hadn't
been updated for the extended definition of Tag_THUMB_ISA_use to
support the value 3, meaning 'work it out for yourself from the
architecture tag'; something that is now necessary given that the line
between thumb-1 and thumb-2 has become blurred over time.
Another problem with the function doing this calculation was that the
absence of this tag (implying a default value 0) should mean use of
thumb code was NOT permitted. However, the code went on to look at
the architecture flags and decide that it could ignore this if the
architecture flags said that thumb2 features were available, thus
completely ignoring the intended meaning.
bfd/
* elf32-arm.c (using_thumb2): Correctly handle Tag_THUMB_ISA_use
values 0 and 3.
|
|
Special care for fuzzers.
PR 27844
* pdp11.c (aout_get_external_symbols): Clear first four bytes of
strings array, not just the first byte.
* aoutx.h (aout_get_external_symbols): Likewise.
|
|
|
|
PR binutils/27839
* simple.c (bfd_simple_get_relocated_section_contents): Remove
strayed fprintf.
|
|
PR 27839
* simple.c (simple_dummy_add_to_set): New function.
(simple_dummy_constructor): New function.
(simple_dummy_multiple_common): New function.
(bfd_simple_get_relocated_section_contents): Zero out the
callbacks structure, and then set the add_to_set, constructor and
multiple_common fields.
|
