[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in c
From: |
amodra at gmail dot com |
Subject: |
[Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes |
Date: |
Tue, 14 Jan 2020 23:25:16 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=25384
Alan Modra <amodra at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Version|unspecified |2.34 (HEAD)
Assignee|unassigned at sourceware dot org |amodra at gmail dot com
Target Milestone|--- |2.34
--- Comment #3 from Alan Modra <amodra at gmail dot com> ---
The trigger for this problem is an initialized function pointer in a read-only
section, the function being defined in a shared library.
.section .rodata
ptr:
.quad alias
.weakref alias, implementation
That generates a .dynbss copy and copy reloc via linker code supposed to work
around bugs in very old versions of gcc. The work-around should have reported
an error
if (h->plt.plist != NULL)
{
/* We should never get here, but unfortunately there are versions
of gcc out there that improperly (for this ABI) put initialized
function pointers, vtable refs and suchlike in read-only
sections. Allow them to proceed, but warn that this might
break at runtime. */
info->callbacks->einfo
(_("%P: copy reloc against `%T' requires lazy plt linking; "
"avoid setting LD_BIND_NOW=1 or upgrade gcc\n"),
h->root.root.string);
}
but doesn't due to a lack of a call to "implementation" in the executable.
(plt.plist is NULL). That's a linker bug. The warning is relevant even when
there is no call in the executable.
So we have this .dynbss copy of the "implementation" function descriptor in the
executable:
000000001001fc08 0000000800000013 R_PPC64_COPY 000000001001fc08
implementation + 0
8: 000000001001fc08 40 FUNC GLOBAL DEFAULT 18 implementation
Notice that the size (40) is incorrect for a function descriptor. That's
because gcc puts the text size of the function on the symbol. But that means
the .dynbss copy is the wrong size too, a linker and glibc bug if we are to
support .dynbss copies of function descriptors with versions of gcc since 2004
when dot-symbols were removed. (With dot-symbols, the size of the
"implementation symbol is the size of the function descriptor with the size of
".implementation" being the text size.)
Anyway, a size larger than 16 is OK for copying the descriptor and "works" just
as well for this testcase as if we copied the descriptor. We just get some
more of .opd copied from the library defining "implementation".
The segfault happens because the PLT slot in liblike-dl.so for "implementation"
is initialized from the function descriptor for "implementation", which is now
the copy in main. Unfortunately that initialization happens before "main" is
processed to initialize the copy, resulting in the PLT slot being set to zeros.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/25384] New: Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, fweimer at redhat dot com, 2020/01/14
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, fweimer at redhat dot com, 2020/01/14
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, fweimer at redhat dot com, 2020/01/14
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, fweimer at redhat dot com, 2020/01/14
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes,
amodra at gmail dot com <=
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, cvs-commit at gcc dot gnu.org, 2020/01/14
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, amodra at gmail dot com, 2020/01/14
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, cvs-commit at gcc dot gnu.org, 2020/01/14
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, cvs-commit at gcc dot gnu.org, 2020/01/14
- [Bug ld/25384] Copy relocations and BIND_NOW on POWER ELFv1 results in crashes, fweimer at redhat dot com, 2020/01/15