This is an archive of the discontinued LLVM Phabricator instance.

Differential D93367

[ELF] --emit-relocs: fix a crash if .rela.dyn is an empty output section
ClosedPublic

Authored by MaskRay on Dec 15 2020, 9:34 PM.

Details

Reviewers
grimar
psmith
ruiu
espindola
Commits
rG16cb7910f51f: [ELF] --emit-relocs: fix a crash if .rela.dyn is an empty output section
Summary

Fix PR48357: If .rela.dyn appears as an output section description, its type may
be SHT_RELA (due to the empty synthetic .rela.plt) while there is no input
section. The empty .rela.dyn may be retained due to a reference in a linker
script. Don't crash.

Diff Detail

Event Timeline

MaskRay created this revision.Dec 15 2020, 9:34 PM
Herald added a reviewer: espindola. · View Herald TranscriptDec 15 2020, 9:34 PM
Herald added subscribers: arichardson, emaste. · View Herald Transcript
MaskRay requested review of this revision.Dec 15 2020, 9:34 PM
Herald added a project: Restricted Project. · View Herald TranscriptDec 15 2020, 9:34 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B82574: Diff 312103.Dec 15 2020, 9:35 PM
MaskRay updated this revision to Diff 312105.Dec 15 2020, 9:40 PM

Improve test

Harbormaster completed remote builds in B82577: Diff 312105.Dec 15 2020, 9:41 PM
MaskRay retitled this revision from [ELF] --emit-relocs: fix a crash if .rela.dyn is an output section description to [ELF] --emit-relocs: fix a crash if .rela.dyn is an empty output section.Dec 15 2020, 9:42 PM
grimar added inline comments.Dec 16 2020, 12:22 AM
lld/ELF/OutputSections.cpp
406

I wonder if the same crash can happen here with an empty .ARM.exidx?

MaskRay marked an inline comment as done.Dec 16 2020, 12:28 AM
MaskRay added inline comments.
lld/ELF/OutputSections.cpp
406

It can't (I believe flags & SHF_LINK_ORDER ensures there is at least one input section but it is very late for me and I don't think carefully though:( )

There are many arm-exidx-* tests and someone may need to check whether this is missing test coverage.

grimar added inline comments.Dec 16 2020, 1:35 AM
lld/ELF/OutputSections.cpp
406

SHF_LINK_ORDER case seems is fine. We don't keep any special flags for empty output
sections:

// We do not want to keep any special flags for output section
// in case it is empty.
bool isEmpty = (getFirstInputSection(sec) == nullptr);
if (isEmpty)
  sec->flags = flags & ((sec->nonAlloc ? 0 : (uint64_t)SHF_ALLOC) |
                        SHF_WRITE | SHF_EXECINSTR);
grimar accepted this revision.Dec 16 2020, 1:36 AM

LGTM.

This revision is now accepted and ready to land.Dec 16 2020, 1:36 AM
This revision was landed with ongoing or failed builds.Dec 16 2020, 8:59 AM
Closed by commit rG16cb7910f51f: [ELF] --emit-relocs: fix a crash if .rela.dyn is an empty output section (authored by MaskRay). · Explain Why
This revision was automatically updated to reflect the committed changes.
MaskRay marked an inline comment as done.
MaskRay added a commit: rG16cb7910f51f: [ELF] --emit-relocs: fix a crash if .rela.dyn is an empty output section.

Revision Contents

PathSize
lld/
ELF/
6 lines
test/
ELF/
linkerscript/
17 lines

Diff 312227

lld/ELF/OutputSections.cpp

Show First 20 LinesShow All 397 Lines▼ Show 20 Lines
void OutputSection::finalize() { void OutputSection::finalize() {
InputSection *first = getFirstInputSection(this); InputSection *first = getFirstInputSection(this);
if (flags & SHF_LINK_ORDER) { if (flags & SHF_LINK_ORDER) {
// We must preserve the link order dependency of sections with the // We must preserve the link order dependency of sections with the
// SHF_LINK_ORDER flag. The dependency is indicated by the sh_link field. We // SHF_LINK_ORDER flag. The dependency is indicated by the sh_link field. We
// need to translate the InputSection sh_link to the OutputSection sh_link, // need to translate the InputSection sh_link to the OutputSection sh_link,
// all InputSections in the OutputSection have the same dependency. // all InputSections in the OutputSection have the same dependency.
if (auto *ex = dyn_cast<ARMExidxSyntheticSection>(first)) if (auto *ex = dyn_cast<ARMExidxSyntheticSection>(first))
grimarUnsubmitted
Done
ReplyInline Actions

I wonder if the same crash can happen here with an empty .ARM.exidx?

grimar: I wonder if the same crash can happen here with an empty `.ARM.exidx`?
MaskRayAuthorUnsubmitted
Done
ReplyInline Actions

It can't (I believe flags & SHF_LINK_ORDER ensures there is at least one input section but it is very late for me and I don't think carefully though:( )

There are many arm-exidx-* tests and someone may need to check whether this is missing test coverage.

MaskRay: It can't (I believe `flags & SHF_LINK_ORDER` ensures there is at least one input section but it…
grimarUnsubmitted
Not Done
ReplyInline Actions

SHF_LINK_ORDER case seems is fine. We don't keep any special flags for empty output
sections:

// We do not want to keep any special flags for output section
// in case it is empty.
bool isEmpty = (getFirstInputSection(sec) == nullptr);
if (isEmpty)
  sec->flags = flags & ((sec->nonAlloc ? 0 : (uint64_t)SHF_ALLOC) |
                        SHF_WRITE | SHF_EXECINSTR);
grimar: `SHF_LINK_ORDER` case seems is fine. We don't keep any special flags for empty output sections…
link = ex->getLinkOrderDep()->getParent()->sectionIndex; link = ex->getLinkOrderDep()->getParent()->sectionIndex;
else if (first->flags & SHF_LINK_ORDER) else if (first->flags & SHF_LINK_ORDER)
if (auto *d = first->getLinkOrderDep()) if (auto *d = first->getLinkOrderDep())
link = d->getParent()->sectionIndex; link = d->getParent()->sectionIndex;
} }
if (type == SHT_GROUP) { if (type == SHT_GROUP) {
finalizeShtGroup(this, first); finalizeShtGroup(this, first);
return; return;
} }
if (!config->copyRelocs || (type != SHT_RELA && type != SHT_REL)) if (!config->copyRelocs || (type != SHT_RELA && type != SHT_REL))
return; return;
if (isa<SyntheticSection>(first)) // Skip if 'first' is synthetic, i.e. not a section created by --emit-relocs.
// Normally 'type' was changed by 'first' so 'first' should be non-null.
// However, if the output section is .rela.dyn, 'type' can be set by the empty
// synthetic .rela.plt and first can be null.
if (!first || isa<SyntheticSection>(first))
return; return;
link = in.symTab->getParent()->sectionIndex; link = in.symTab->getParent()->sectionIndex;
// sh_info for SHT_REL[A] sections should contain the section header index of // sh_info for SHT_REL[A] sections should contain the section header index of
// the section to which the relocation applies. // the section to which the relocation applies.
InputSectionBase *s = first->getRelocatedSection(); InputSectionBase *s = first->getRelocatedSection();
info = s->getOutputSection()->sectionIndex; info = s->getOutputSection()->sectionIndex;
flags |= SHF_INFO_LINK; flags |= SHF_INFO_LINK;
▲ Show 20 LinesShow All 122 LinesShow Last 20 Lines

lld/test/ELF/linkerscript/emit-relocs-rela-dyn.s

  • This file was added.
# REQUIRES: x86
## PR48357: If .rela.dyn appears as an output section description, its type may
## be SHT_RELA (due to the empty synthetic .rela.plt) while there is no input
## section. The empty .rela.dyn may be retained due to a reference. Don't crash.
# RUN: llvm-mc -filetype=obj -triple=x86_64 /dev/null -o %t.o
# RUN: ld.lld -shared --emit-relocs -T %s %t.o -o %t
# RUN: llvm-readelf -S %t | FileCheck %s
## Note, sh_link of such an empty .rela.dyn is 0.
# CHECK: Name Type Address Off Size ES Flg Lk Inf Al
# CHECK: .rela.dyn RELA 0000000000000000 001000 000000 18 A 0 0 8
SECTIONS {
.rela.dyn : { *(.rela*) }
__rela_offset = ABSOLUTE(ADDR(.rela.dyn));
}