x86 linker: Disallow invalid relocations against protected symbols. (#2089358)

2022-05-24 12:35:34 +01:00 · 2022-05-24 12:35:34 +01:00 · 97c0e8e507
commit 97c0e8e507
parent 2749aba2e5
2 changed files with 100 additions and 1 deletions
--- a/binutils-x86-non-canonical-references.patch
+++ b/binutils-x86-non-canonical-references.patch
@ -0,0 +1,92 @@
+diff -rup binutils.orig/bfd/elf32-i386.c binutils-2.38/bfd/elf32-i386.c
+--- binutils.orig/bfd/elf32-i386.c	2022-05-24 12:01:20.307998318 +0100
+++ binutils-2.38/bfd/elf32-i386.c	2022-05-24 12:04:48.789688224 +0100
+@@ -1772,11 +1772,14 @@ elf_i386_scan_relocs (bfd *abfd,
+ 		}
+ 	      else
+ 		{
+-		  h->pointer_equality_needed = 1;
+-		  /* R_386_32 can be resolved at run-time.  */
+		  /* R_386_32 can be resolved at run-time.  Function
+		     pointer reference doesn't need PLT for pointer
+		     equality.  */
+ 		  if (r_type == R_386_32
+ 		      && (sec->flags & SEC_READONLY) == 0)
+ 		    func_pointer_ref = true;
+		  else
+		    h->pointer_equality_needed = 1;
+ 		}
+ 
+ 	      if (!func_pointer_ref)
+@@ -1798,6 +1801,23 @@ elf_i386_scan_relocs (bfd *abfd,
+ 		  if (!h->def_regular
+ 		      || (sec->flags & (SEC_CODE | SEC_READONLY)) != 0)
+ 		    h->plt.refcount = 1;
+
+		  if (h->pointer_equality_needed
+		      && h->type == STT_FUNC
+		      && eh->def_protected
+		      && elf_has_indirect_extern_access (h->root.u.def.section->owner))
+		    {
+		      /* Disallow non-canonical reference to canonical
+			 protected function.  */
+		      _bfd_error_handler
+			/* xgettext:c-format */
+			(_("%pB: non-canonical reference to canonical "
+			   "protected function `%s' in %pB"),
+			 abfd, h->root.root.string,
+			 h->root.u.def.section->owner);
+		      bfd_set_error (bfd_error_bad_value);
+		      goto error_return;
+		    }
+ 		}
+ 	    }
+ 
+diff -rup binutils.orig/bfd/elf64-x86-64.c binutils-2.38/bfd/elf64-x86-64.c
+--- binutils.orig/bfd/elf64-x86-64.c	2022-05-24 12:01:20.296998387 +0100
+++ binutils-2.38/bfd/elf64-x86-64.c	2022-05-24 12:06:07.720192208 +0100
+@@ -2211,16 +2211,18 @@ elf_x86_64_scan_relocs (bfd *abfd, struc
+ 	      else if (r_type != R_X86_64_PC32_BND
+ 		       && r_type != R_X86_64_PC64)
+ 		{
+-		  h->pointer_equality_needed = 1;
+ 		  /* At run-time, R_X86_64_64 can be resolved for both
+ 		     x86-64 and x32. But R_X86_64_32 and R_X86_64_32S
+-		     can only be resolved for x32.  */
+		     can only be resolved for x32.  Function pointer
+		     reference doesn't need PLT for pointer equality.  */
+ 		  if ((sec->flags & SEC_READONLY) == 0
+ 		      && (r_type == R_X86_64_64
+ 			  || (!ABI_64_P (abfd)
+ 			      && (r_type == R_X86_64_32
+ 				  || r_type == R_X86_64_32S))))
+ 		    func_pointer_ref = true;
+		  else
+		    h->pointer_equality_needed = 1;
+ 		}
+ 
+ 	      if (!func_pointer_ref)
+@@ -2242,6 +2244,23 @@ elf_x86_64_scan_relocs (bfd *abfd, struc
+ 		  if (!h->def_regular
+ 		      || (sec->flags & (SEC_CODE | SEC_READONLY)) != 0)
+ 		    h->plt.refcount = 1;
+
+		  if (h->pointer_equality_needed
+		      && h->type == STT_FUNC
+		      && eh->def_protected
+		      && elf_has_indirect_extern_access (h->root.u.def.section->owner))
+		    {
+		      /* Disallow non-canonical reference to canonical
+			 protected function.  */
+		      _bfd_error_handler
+			/* xgettext:c-format */
+			(_("%pB: non-canonical reference to canonical "
+			   "protected function `%s' in %pB"),
+			 abfd, h->root.root.string,
+			 h->root.u.def.section->owner);
+		      bfd_set_error (bfd_error_bad_value);
+		      goto error_return;
+		    }
+ 		}
+ 	    }
+
--- a/binutils.spec
+++ b/binutils.spec
@ -39,7 +39,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?name_cross}%{?_with_debug:-debug}
 Version: 2.38
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils

@ -309,6 +309,10 @@ Patch24: binutils-s390x-static-PIE.patch
 # Lifetime: Fixed in 2.39
 Patch25: binutils-link-following.patch

+# Purpose:  x86 linker: Disallow invalid relocations against protected symbols.
+# Lifetime: Fixed in 2.39
+Patch26: binutils-x86-non-canonical-references.patch
+
 #----------------------------------------------------------------------------

 Provides: bundled(libiberty)
@ -925,6 +929,9 @@ exit 0

 #----------------------------------------------------------------------------
 %changelog
+* Tue May 24 2022 Nick Clifton  <nickc@redhat.comn> - 2.38-12
+- x86 linker: Disallow invalid relocations against protected symbols.  (#2089358)
+
 * Fri May 20 2022 Nick Clifton  <nickc@redhat.comn> - 2.38-11
 - Stop readelf and objdump from unnecessarily following links.  (#2086863)