[Bug ld/26312] New: ld produces broken PLT on aarch64 with BTI+PAC

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/26312] New: ld produces broken PLT on aarch64 with BTI+PAC

From:	fweimer at redhat dot com
Subject:	[Bug ld/26312] New: ld produces broken PLT on aarch64 with BTI+PAC
Date:	Wed, 29 Jul 2020 12:31:09 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=26312

            Bug ID: 26312
           Summary: ld produces broken PLT on aarch64 with BTI+PAC
           Product: binutils
           Version: 2.35
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
  Target Milestone: ---
            Target: aarch64

Building glibc 2.32 on Fedora rawhide with GCC 10.2,
-mbranch-protection=standard, and binutils 2.35 results in a libc.so.6 which
lacks PAC support, possibly due to missing PAC in libgcc.a for the outline
atomics. (We build with -moutline-atomics as well.) This in itself should not
be a problem.

However, catgets/gencat is mislinked.  The PLT is corrupted because its entry
size is not constant (32 bytes for the first entry, 24 bytes for subsequent
entryes, section table says 24 bytes):

Disassembly of section .plt:

0000000000401140 <.plt>:
  401140:       d503245f        bti     c
  401144:       a9bf7bf0        stp     x16, x30, [sp, #-16]!
  401148:       d00000f0        adrp    x16, 41f000 <__FRAME_END__+0x1abd4>
  40114c:       f9474a11        ldr     x17, [x16, #3728]
  401150:       913a4210        add     x16, x16, #0xe90
  401154:       d61f0220        br      x17
  401158:       d503201f        nop
  40115c:       d503201f        nop

0000000000401160 <memcpy@plt>:
  401160:       d503245f        bti     c
  401164:       d00000f0        adrp    x16, 41f000 <__FRAME_END__+0x1abd4>
  401168:       f9474e11        ldr     x17, [x16, #3736]
  40116c:       913a6210        add     x16, x16, #0xe98
  401170:       d61f0220        br      x17
  401174:       d503201f        nop

0000000000401178 <strlen@plt>:
  401178:       d503245f        bti     c
  40117c:       d00000f0        adrp    x16, 41f000 <__FRAME_END__+0x1abd4>
  401180:       f9475211        ldr     x17, [x16, #3744]
  401184:       913a8210        add     x16, x16, #0xea0
  401188:       d61f0220        br      x17
  40118c:       d503201f        nop

I mentioned the lack of PAC earlier because ld seems to be confused about the
PAC status.  It only sets DT_AARCH64_BTI_PLT:

Dynamic section at offset 0xfc60 contains 29 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 0x0000000000000001 (NEEDED)             Shared library:
[ld-linux-aarch64.so.1]
 0x000000000000000c (INIT)               0x401120
 0x000000000000000d (FINI)               0x403868
 0x0000000000000019 (INIT_ARRAY)         0x41fc40
 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
 0x000000000000001a (FINI_ARRAY)         0x41fc48
 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
 0x0000000000000004 (HASH)               0x400330
 0x000000006ffffef5 (GNU_HASH)           0x400498
 0x0000000000000005 (STRTAB)             0x400990
 0x0000000000000006 (SYMTAB)             0x4004e0
 0x000000000000000a (STRSZ)              575 (bytes)
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000015 (DEBUG)              0x0
 0x0000000000000003 (PLTGOT)             0x41fe80
 0x0000000000000002 (PLTRELSZ)           1008 (bytes)
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000017 (JMPREL)             0x400d30
 0x0000000000000007 (RELA)               0x400c88
 0x0000000000000008 (RELASZ)             168 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x0000000070000001 (AARCH64_BTI_PLT)    
 0x0000000000000018 (BIND_NOW)           
 0x000000006ffffffb (FLAGS_1)            Flags: NOW
 0x000000006ffffffe (VERNEED)            0x400c38
 0x000000006fffffff (VERNEEDNUM)         2
 0x000000006ffffff0 (VERSYM)             0x400bd0
 0x0000000000000000 (NULL)               0x0

But the note says it has both:

Displaying notes found in: .note.gnu.property
  Owner                Data size        Description
  GNU                  0x00000010       NT_GNU_PROPERTY_TYPE_0
      Properties: AArch64 feature: BTI, PAC

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug ld/26312] New: ld produces broken PLT on aarch64 with BTI+PAC, fweimer at redhat dot com <=
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, mark at klomp dot org, 2020/07/29
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, pbrobinson at gmail dot com, 2020/07/29
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, jakub at redhat dot com, 2020/07/29
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, nsz at gcc dot gnu.org, 2020/07/29
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, mark at klomp dot org, 2020/07/29
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, jakub at redhat dot com, 2020/07/29
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, fweimer at redhat dot com, 2020/07/29
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, nsz at gcc dot gnu.org, 2020/07/30
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, nsz at gcc dot gnu.org, 2020/07/30
- [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC, cvs-commit at gcc dot gnu.org, 2020/07/30

Prev by Date: Issue 23744 in oss-fuzz: binutils:fuzz_readelf: Abrt in process_archive
Next by Date: [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC
Previous by thread: Issue 23744 in oss-fuzz: binutils:fuzz_readelf: Abrt in process_archive
Next by thread: [Bug ld/26312] ld produces broken PLT on aarch64 with BTI+PAC
Index(es):
- Date
- Thread