caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b4328fbfa63e54c42acad00a042b7191663caef
clang-p2996/lld/test/ELF/linkerscript/insert-before.test
Fangrui Song 5a58e98c20 [ELF] Align the end of PT_GNU_RELRO associated PT_LOAD to a common-page-size boundary (#66042) 
Close #57618: currently we align the end of PT_GNU_RELRO to a
common-page-size
boundary, but do not align the end of the associated PT_LOAD. This is
benign
when runtime_page_size >= common-page-size.

However, when runtime_page_size < common-page-size, it is possible that
`alignUp(end(PT_LOAD), page_size) < alignDown(end(PT_GNU_RELRO),
page_size)`.
In this case, rtld's mprotect call for PT_GNU_RELRO will apply to
unmapped
regions and lead to an error, e.g.

```
error while loading shared libraries: cannot apply additional memory protection after relocation: Cannot allocate memory
```

To fix the issue, add a padding section .relro_padding like mold, which
is contained in the PT_GNU_RELRO segment and the associated PT_LOAD
segment. The section also prevents strip from corrupting PT_LOAD program
headers.

.relro_padding has the largest `sortRank` among RELRO sections.
Therefore, it is naturally placed at the end of `PT_GNU_RELRO` segment
in the absence of `PHDRS`/`SECTIONS` commands.

In the presence of `SECTIONS` commands, we place .relro_padding
immediately before a symbol assignment using DATA_SEGMENT_RELRO_END (see
also https://reviews.llvm.org/D124656), if present.
DATA_SEGMENT_RELRO_END is changed to align to max-page-size instead of
common-page-size.

Some edge cases worth mentioning:

* ppc64-toc-addis-nop.s: when PHDRS is present, do not append
.relro_padding
* avoid-empty-program-headers.s: when the only RELRO section is .tbss,
it is not part of PT_LOAD segment, therefore we do not append
.relro_padding.

---

Close #65002: GNU ld from 2.39 onwards aligns the end of PT_GNU_RELRO to
a
max-page-size boundary (https://sourceware.org/PR28824) so that the last
page is
protected even if runtime_page_size > common-page-size.

In my opinion, losing protection for the last page when the runtime page
size is
larger than common-page-size is not really an issue. Double mapping a
page of up
to max-common-page for the protection could cause undesired VM waste.
Internally
we had users complaining about 2MiB max-page-size applying to shared
objects.

Therefore, the end of .relro_padding is padded to a common-page-size
boundary. Users who are really anxious can set common-page-size to match
their runtime page size.

---

17 tests need updating as there are lots of change detectors.
2023-09-14 10:33:11 -07:00

48 lines
2.2 KiB
Plaintext
Raw Blame History

# REQUIRES: x86
# RUN: llvm-mc -filetype=obj -triple=x86_64-unknown-linux %p/Inputs/insert-after.s -o %t1.o
## Main linker script contains .text and .data sections. Here
## we check that can use INSERT BEFORE to insert sections .foo.data
## and .foo.text at the right places.
# RUN: ld.lld %t1.o -o %t1 --script %p/Inputs/insert-after.script --script %s
# RUN: llvm-readelf -S -l %t1 | FileCheck %s
# CHECK: Name Type Address Off Size ES Flg
# CHECK-NEXT: NULL
# CHECK-NEXT: .foo.text PROGBITS 0000000000000000 001000 000008 00 AX
# CHECK-NEXT: .text PROGBITS 0000000000000008 001008 000008 00 AX
# CHECK-NEXT: .byte PROGBITS 0000000000000010 001010 000001 00 AX
# CHECK-NEXT: .foo.data PROGBITS 0000000000000011 001011 000008 00 WA
# CHECK-NEXT: .data PROGBITS 0000000000000019 001019 000008 00 WA
# CHECK: Type
# CHECK-NEXT: LOAD {{.*}} R E
# CHECK-NEXT: LOAD {{.*}} RW
# CHECK-NEXT: GNU_STACK {{.*}} RW
## There is no main linker script. INSERT BEFORE just reorders output sections,
## without making more layout changes. Address/offset assignments are different
## with a main linker script.
# RUN: ld.lld --script %s %t1.o -o %t2
# RUN: llvm-readelf -S -l %t2 | FileCheck --check-prefix=CHECK2 %s
# CHECK2: Name Type Address Off Size ES Flg
# CHECK2-NEXT: NULL
# CHECK2-NEXT: .foo.text PROGBITS 000000000020{{.*}} [[#%x,]] 000008 00 AX
# CHECK2-NEXT: .text PROGBITS [[#%x,]] [[#%x,]] 000008 00 AX
# CHECK2-NEXT: .byte PROGBITS [[#%x,]] [[#%x,]] 000001 00 WA
# CHECK2-NEXT: .foo.data PROGBITS [[#%x,]] [[#%x,]] 000008 00 WA
# CHECK2-NEXT: .data PROGBITS [[#%x,]] [[#%x,]] 000008 00 WA
# CHECK2: Type {{.*}} Flg Align
# CHECK2-NEXT: PHDR {{.*}} R 0x8
# CHECK2-NEXT: LOAD {{.*}} R 0x1000
# CHECK2-NEXT: LOAD {{.*}} R E 0x1000
# CHECK2-NEXT: LOAD {{.*}} RW 0x1000
# CHECK2-NEXT: GNU_STACK {{.*}} RW 0
SECTIONS { .byte : { BYTE(0) } } INSERT BEFORE .data;
SECTIONS { .foo.data : { *(.foo.data) } } INSERT BEFORE .data;
## The input section .foo.text is an orphan. It will be placed in .foo.text
SECTIONS { .foo.text : {} } INSERT BEFORE .text;
Reference in New Issue View Git Blame Copy Permalink