This is an archive of the discontinued LLVM Phabricator instance.

Differential D31682

Fix PLT and GOTPLT entries for x86 PIC.
ClosedPublic

Authored by ruiu on Apr 4 2017, 3:21 PM.

Details

Reviewers
peter.smith
Commits
rG9c766d7a397b: Fix PLT and GOTPLT entries for 32-bit x86 PIC.
rLLD299553: Fix PLT and GOTPLT entries for 32-bit x86 PIC.
rL299553: Fix PLT and GOTPLT entries for 32-bit x86 PIC.
Summary

Previously, the code we set to our .got.plt entries expected that
.got and .got.plt are consecutive in the virtual address space.
Since %ebx points to the last entry of .got for position-independent
code, it assumed that .got is accessible with small negative
displacements and .got.plt are accessible with small positive
displacements.

That assumption was simply wrong. We don't impose any restrictions on
relative layout of .got and .got.plt. As a result, the control is
transferred to a bogus address from .plt at runtime, which resulted in
segfaults.

This patch removes that wrong assumption. We still assume that .got.plt
has a fixed relative address to .got, but we no longer assume that they
are consecutive in memory.

With this change, a "hello world" program compiled with -fPIC works.

Fixes https://bugs.llvm.org/show_bug.cgi?id=31332.

Diff Detail

Repository
rL LLVM

Event Timeline

ruiu created this revision.Apr 4 2017, 3:21 PM
Harbormaster completed remote builds in B5302: Diff 94130.Apr 4 2017, 3:21 PM
Herald added a subscriber: emaste. · View Herald TranscriptApr 4 2017, 3:21 PM
smeenai added a subscriber: smeenai.Apr 4 2017, 3:43 PM
smeenai added a subscriber: compnerd.Apr 4 2017, 5:33 PM
smeenai added a comment.Apr 4 2017, 5:54 PM

This fixes the issues I was seeing as well. Thanks @ruiu!

peter.smith accepted this revision.Apr 5 2017, 2:05 AM

That looks good to me. I agree that it is the better solution to not assume anything about the relative locations of .got and .got.plt

This revision is now accepted and ready to land.Apr 5 2017, 2:05 AM
Closed by commit rL299553: Fix PLT and GOTPLT entries for 32-bit x86 PIC. (authored by ruiu). · Explain WhyApr 5 2017, 9:14 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lld/
trunk/
ELF/
34 lines
test/
ELF/
12 lines

Diff 94242

lld/trunk/ELF/Target.cpp

Show First 20 LinesShow All 438 Lines▼ Show 20 Linesbool X86TargetInfo::isTlsLocalDynamicRel(uint32_t Type) const {
return Type == R_386_TLS_LDO_32 || Type == R_386_TLS_LDM; return Type == R_386_TLS_LDO_32 || Type == R_386_TLS_LDM;
} }
bool X86TargetInfo::isTlsInitialExecRel(uint32_t Type) const { bool X86TargetInfo::isTlsInitialExecRel(uint32_t Type) const {
return Type == R_386_TLS_IE || Type == R_386_TLS_GOTIE; return Type == R_386_TLS_IE || Type == R_386_TLS_GOTIE;
} }
void X86TargetInfo::writePltHeader(uint8_t *Buf) const { void X86TargetInfo::writePltHeader(uint8_t *Buf) const {
// Executable files and shared object files have
// separate procedure linkage tables.
if (Config->Pic) { if (Config->Pic) {
const uint8_t V[] = { const uint8_t V[] = {
0xff, 0xb3, 0x04, 0x00, 0x00, 0x00, // pushl 4(%ebx) 0xff, 0xb3, 0x04, 0x00, 0x00, 0x00, // pushl 4(%ebx)
0xff, 0xa3, 0x08, 0x00, 0x00, 0x00, // jmp *8(%ebx) 0xff, 0xa3, 0x08, 0x00, 0x00, 0x00, // jmp *8(%ebx)
0x90, 0x90, 0x90, 0x90 // nop; nop; nop; nop 0x90, 0x90, 0x90, 0x90 // nop
}; };
memcpy(Buf, V, sizeof(V)); memcpy(Buf, V, sizeof(V));
uint32_t Ebx = In<ELF32LE>::Got->getVA() + In<ELF32LE>::Got->getSize();
uint32_t GotPlt = In<ELF32LE>::GotPlt->getVA() - Ebx;
write32le(Buf + 2, GotPlt + 4);
write32le(Buf + 8, GotPlt + 8);
return; return;
} }
const uint8_t PltData[] = { const uint8_t PltData[] = {
0xff, 0x35, 0x00, 0x00, 0x00, 0x00, // pushl (GOT+4) 0xff, 0x35, 0x00, 0x00, 0x00, 0x00, // pushl (GOT+4)
0xff, 0x25, 0x00, 0x00, 0x00, 0x00, // jmp *(GOT+8) 0xff, 0x25, 0x00, 0x00, 0x00, 0x00, // jmp *(GOT+8)
0x90, 0x90, 0x90, 0x90 // nop; nop; nop; nop 0x90, 0x90, 0x90, 0x90 // nop
}; };
memcpy(Buf, PltData, sizeof(PltData)); memcpy(Buf, PltData, sizeof(PltData));
uint32_t Got = In<ELF32LE>::GotPlt->getVA(); uint32_t GotPlt = In<ELF32LE>::GotPlt->getVA();
write32le(Buf + 2, Got + 4); write32le(Buf + 2, GotPlt + 4);
write32le(Buf + 8, Got + 8); write32le(Buf + 8, GotPlt + 8);
} }
void X86TargetInfo::writePlt(uint8_t *Buf, uint64_t GotEntryAddr, void X86TargetInfo::writePlt(uint8_t *Buf, uint64_t GotPltEntryAddr,
uint64_t PltEntryAddr, int32_t Index, uint64_t PltEntryAddr, int32_t Index,
unsigned RelOff) const { unsigned RelOff) const {
const uint8_t Inst[] = { const uint8_t Inst[] = {
0xff, 0x00, 0x00, 0x00, 0x00, 0x00, // jmp *foo_in_GOT|*foo@GOT(%ebx) 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, // jmp *foo_in_GOT|*foo@GOT(%ebx)
0x68, 0x00, 0x00, 0x00, 0x00, // pushl $reloc_offset 0x68, 0x00, 0x00, 0x00, 0x00, // pushl $reloc_offset
0xe9, 0x00, 0x00, 0x00, 0x00 // jmp .PLT0@PC 0xe9, 0x00, 0x00, 0x00, 0x00 // jmp .PLT0@PC
}; };
memcpy(Buf, Inst, sizeof(Inst)); memcpy(Buf, Inst, sizeof(Inst));
// jmp *foo@GOT(%ebx) or jmp *foo_in_GOT if (Config->Pic) {
Buf[1] = Config->Pic ? 0xa3 : 0x25; // jmp *foo@GOT(%ebx)
uint32_t Got = In<ELF32LE>::GotPlt->getVA(); uint32_t Ebx = In<ELF32LE>::Got->getVA() + In<ELF32LE>::Got->getSize();
write32le(Buf + 2, Config->Shared ? GotEntryAddr - Got : GotEntryAddr); Buf[1] = 0xa3;
write32le(Buf + 2, GotPltEntryAddr - Ebx);
} else {
// jmp *foo_in_GOT
Buf[1] = 0x25;
write32le(Buf + 2, GotPltEntryAddr);
}
write32le(Buf + 7, RelOff); write32le(Buf + 7, RelOff);
write32le(Buf + 12, -Index * PltEntrySize - PltHeaderSize - 16); write32le(Buf + 12, -Index * PltEntrySize - PltHeaderSize - 16);
} }
int64_t X86TargetInfo::getImplicitAddend(const uint8_t *Buf, int64_t X86TargetInfo::getImplicitAddend(const uint8_t *Buf,
uint32_t Type) const { uint32_t Type) const {
switch (Type) { switch (Type) {
default: default:
▲ Show 20 LinesShow All 1,935 LinesShow Last 20 Lines

lld/trunk/test/ELF/plt-i686.s

Show First 20 LinesShow All 129 Lines▼ Show 20 Lines
// DISASMSHARED: _start: // DISASMSHARED: _start:
// 0x1013 + 5 - 24 = 0x1000 // 0x1013 + 5 - 24 = 0x1000
// DISASMSHARED-NEXT: 1004: e9 27 00 00 00 jmp 39 // DISASMSHARED-NEXT: 1004: e9 27 00 00 00 jmp 39
// DISASMSHARED-NEXT: 1009: e9 22 00 00 00 jmp 34 // DISASMSHARED-NEXT: 1009: e9 22 00 00 00 jmp 34
// DISASMSHARED-NEXT: 100e: e9 2d 00 00 00 jmp 45 // DISASMSHARED-NEXT: 100e: e9 2d 00 00 00 jmp 45
// DISASMSHARED-NEXT: 1013: e9 e8 ff ff ff jmp -24 // DISASMSHARED-NEXT: 1013: e9 e8 ff ff ff jmp -24
// DISASMSHARED-NEXT: Disassembly of section .plt: // DISASMSHARED-NEXT: Disassembly of section .plt:
// DISASMSHARED-NEXT: .plt: // DISASMSHARED-NEXT: .plt:
// DISASMSHARED-NEXT: 1020: ff b3 04 00 00 00 pushl 4(%ebx) // DISASMSHARED-NEXT: 1020: ff b3 04 20 00 00 pushl 8196(%ebx)
// DISASMSHARED-NEXT: 1026: ff a3 08 00 00 00 jmpl *8(%ebx) // DISASMSHARED-NEXT: 1026: ff a3 08 20 00 00 jmpl *8200(%ebx)
// DISASMSHARED-NEXT: 102c: 90 nop // DISASMSHARED-NEXT: 102c: 90 nop
// DISASMSHARED-NEXT: 102d: 90 nop // DISASMSHARED-NEXT: 102d: 90 nop
// DISASMSHARED-NEXT: 102e: 90 nop // DISASMSHARED-NEXT: 102e: 90 nop
// DISASMSHARED-NEXT: 102f: 90 nop // DISASMSHARED-NEXT: 102f: 90 nop
// DISASMSHARED-NEXT: 1030: ff a3 0c 00 00 00 jmpl *12(%ebx) // DISASMSHARED-NEXT: 1030: ff a3 0c 20 00 00 jmpl *8204(%ebx)
// DISASMSHARED-NEXT: 1036: 68 00 00 00 00 pushl $0 // DISASMSHARED-NEXT: 1036: 68 00 00 00 00 pushl $0
// DISASMSHARED-NEXT: 103b: e9 e0 ff ff ff jmp -32 <.plt> // DISASMSHARED-NEXT: 103b: e9 e0 ff ff ff jmp -32 <.plt>
// DISASMSHARED-NEXT: 1040: ff a3 10 00 00 00 jmpl *16(%ebx) // DISASMSHARED-NEXT: 1040: ff a3 10 20 00 00 jmpl *8208(%ebx)
// DISASMSHARED-NEXT: 1046: 68 08 00 00 00 pushl $8 // DISASMSHARED-NEXT: 1046: 68 08 00 00 00 pushl $8
// DISASMSHARED-NEXT: 104b: e9 d0 ff ff ff jmp -48 <.plt> // DISASMSHARED-NEXT: 104b: e9 d0 ff ff ff jmp -48 <.plt>
// DISASMPIE: Disassembly of section .plt: // DISASMPIE: Disassembly of section .plt:
// DISASMPIE-NEXT: .plt: // DISASMPIE-NEXT: .plt:
// DISASMPIE-NEXT: 1020: ff b3 04 00 00 00 pushl 4(%ebx) // DISASMPIE-NEXT: 1020: ff b3 04 20 00 00 pushl 8196(%ebx)
// DISASMPIE-NEXT: 1026: ff a3 08 00 00 00 jmpl *8(%ebx) // DISASMPIE-NEXT: 1026: ff a3 08 20 00 00 jmpl *8200(%ebx)
// DISASMPIE-NEXT: 102c: 90 nop // DISASMPIE-NEXT: 102c: 90 nop
// DISASMPIE-NEXT: 102d: 90 nop // DISASMPIE-NEXT: 102d: 90 nop
// DISASMPIE-NEXT: 102e: 90 nop // DISASMPIE-NEXT: 102e: 90 nop
// DISASMPIE-NEXT: 102f: 90 nop // DISASMPIE-NEXT: 102f: 90 nop
// DISASMPIE-NEXT: 1030: ff a3 0c 20 00 00 jmpl *8204(%ebx) // DISASMPIE-NEXT: 1030: ff a3 0c 20 00 00 jmpl *8204(%ebx)
// DISASMPIE-NEXT: 1036: 68 00 00 00 00 pushl $0 // DISASMPIE-NEXT: 1036: 68 00 00 00 00 pushl $0
// DISASMPIE-NEXT: 103b: e9 e0 ff ff ff jmp -32 <.plt> // DISASMPIE-NEXT: 103b: e9 e0 ff ff ff jmp -32 <.plt>
// DISASMPIE-NEXT: 1040: ff a3 10 20 00 00 jmpl *8208(%ebx) // DISASMPIE-NEXT: 1040: ff a3 10 20 00 00 jmpl *8208(%ebx)
Show All 12 Lines