From d844f10ac2735da8e5643236d7007a81098cbc2b Mon Sep 17 00:00:00 2001 From: David Faust Date: Fri, 7 Aug 2020 20:36:47 +0200 Subject: bpf: fix false overflow in eBPF ELF backend linker When performing DISP{16,32} relocations, the eBPF ELF backend linker needs to convert the relocation from an address into a signed number of 64-bit words (minus one) to jump. Because of this unsigned-to-signed conversion, special care needs to be taken when dividing to ensure the sign bits remain correct. Otherwise, a false relocation overflow error can be triggered. bfd/ChangeLog 2020-08-07 David Faust * elf64-bpf.c (bpf_elf_relocate_section): Ensure signed division for DISP16 and DISP32 relocations. ld/ChangeLog 2020-08-07 David Faust * testsuite/ld-bpf/call-3.s: New file. * testsuite/ld-bpf/call-3.d: Likewise. --- bfd/ChangeLog | 5 +++++ bfd/elf64-bpf.c | 9 +++++---- ld/ChangeLog | 5 +++++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 1c96c22..69ebd14 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2020-08-07 David Faust + + * elf64-bpf.c (bpf_elf_relocate_section): Ensure signed division for + DISP16 and DISP32 relocations. + 2020-08-05 David Faust * elf64-bpf.c (bpf_elf_generic_reloc): New function. diff --git a/bfd/elf64-bpf.c b/bfd/elf64-bpf.c index c6a726d..d5a160f 100644 --- a/bfd/elf64-bpf.c +++ b/bfd/elf64-bpf.c @@ -442,10 +442,11 @@ bpf_elf_relocate_section (bfd *output_bfd ATTRIBUTE_UNUSED, case R_BPF_INSN_DISP32: { /* Make the relocation PC-relative, and change its unit to - 64-bit words. */ - relocation -= sec_addr (input_section) + rel->r_offset; - /* Make it 64-bit words. */ - relocation = relocation / 8; + 64-bit words. Note we need *signed* arithmetic + here. */ + relocation = ((bfd_signed_vma) relocation + - (sec_addr (input_section) + rel->r_offset)); + relocation = (bfd_signed_vma) relocation / 8; /* Get the addend from the instruction and apply it. */ addend = bfd_get (howto->bitsize, input_bfd, diff --git a/ld/ChangeLog b/ld/ChangeLog index d46e976..db019e2 100644 --- a/ld/ChangeLog +++ b/ld/ChangeLog @@ -1,3 +1,8 @@ +2020-08-07 David Faust + + * testsuite/ld-bpf/call-3.s: New file. + * testsuite/ld-bpf/call-3.d: Likewise. + 2020-08-05 David Faust * testsuite/ld-bpf/call-2.s: New file. -- cgit v1.1