Differential D52525
[AArch64] Fix range check of R_AARCH64_TLSLE_ADD_TPREL_HI12 Authored by rprichard on Sep 25 2018, 5:31 PM.
Details An AArch64 LE relocation is a positive ("variant 1") offset. This add x0, x0, :tprel_hi12:v1 The comment in the ARM docs for R_AARCH64_TLSLE_ADD_TPREL_HI12 is: "Set an ADD immediate field to bits [23:12] of X; check 0 <= X < 2^24."
Diff Detail
Event TimelineComment Actions The original line was added in https://reviews.llvm.org/rL260677. I didn't see any other similar problems with other relocation overflow checks. Comment Actions For context, I didn't notice this bug because I needed more than 2^23 bytes of TLS LE memory, but because I was experimenting with using a variant 2 TLS layout with Android/AArch64. The standard layout (variant 1 with a 2-word TCB) is a problem because Bionic has allocated some memory that overlaps with the first TLS segment, accessible using TLS LE. In particular, the stack cookie is a problem (see getStackCookieLocation in https://reviews.llvm.org/D18632), because third-party binaries may be assuming a variant-1 incompatible TLS layout. This range check bug isn't related to Android, though. Comment Actions This change looks correct to me. The docs link is http://arminfo.emea.arm.com/help/topic/com.arm.doc.ihi0056b/IHI0056B_aaelf64.pdf search for relocation code 549 in Table 4-18, Local Exec TLS relocations. I've checked the other TPREL relocations that LLD has implemented and they are all of the NC (non range checked) kind so it looks like there aren't any others of this form. |