Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 23 May 2015 23:08:09 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: ppc soft-float regression

On Fri, May 22, 2015 at 02:23:46AM -0400, Rich Felker wrote:
> On Tue, May 19, 2015 at 12:07:31AM +0200, Felix Janda wrote:
> > Rich Felker wrote:
> > > On Mon, May 18, 2015 at 04:10:43PM -0400, Rich Felker wrote:
> > > > OK I've looked at this and I understand what's happening. PowerPC does
> > > > not have a separate relocation type for GOT entries; instead it uses
> > > > the same relocation type used for address constants global data. These
> > > > do not get re-processed after the main program and libraries are
> > > > added, because unlike GOT slots, they have addends, and if the addend
> > > > is inline (using REL rather than RELA) then it's already been
> > > > clobbered by the early relocation phase and can't easily be recovered.
> > > > 
> > > > I see three possible solutions:
> > > > 
> > > > 1. Treat R_PPC_ADDR32 as a GOT relocation instead of a regular
> > > >    symbolic relocation in data. This would suppress the addend (giving
> > > >    wrong address) if inline addends (REL) were used, but in practice
> > > >    powerpc aways uses RELA. I consider this a hack, and perhaps risky,
> > > >    since in principle someone could make powerpc binaries with REL.
> > > > 
> > > > 2. Re-process not just GOT type relocs, but also any RELA
> > > >    (non-inline-addend) relocs again on the second pass. This would
> > > >    work as long as powerpc only uses RELA, and if REL is ever used,
> > > >    the worst that would happen is the current bug (losing environ,
> > > >    etc.) rather than silently wrong relocations in global data. This
> > > >    approach is not a hack, but I consider it something of an
> > > >    incomplete fix.
> > > > 
> > > > 3. Re-process all symbolic relocations. For REL-type (inline addend),
> > > >    we have to recover the original addend, which can be done by
> > > >    calling find_sym again, but using ldso instead of the current
> > > >    library chain head as the context to search for the symbol in, then
> > > >    subtracting the resulting address to get back the original addend.
> > > > 
> > > > I like the third solution best, even though it incurs a small code
> > > > size cost and a performance cost for archs using REL, because it's
> > > > completely robust against any weird ways some archs might end up using
> > > > relocations. The expected number of such relocations is tiny anyway;
> > > > on my i386 builds it's 14.
> > > > 
> > > > If option 3 proves to be difficult or costly, however, we could
> > > > consider option 2 as a temporary measure to get powerpc working. It
> > > > wouldn't even need to be reverted, because option 3 includes/subsumes
> > > > the work that would be done for option 2.
> > > 
> > > Attached is a patch to implement option 2. I'll probably commit it
> > > soon anyway but here is it in case you want to test sooner. I verified
> > > it fixes the test program on powerpc for me.
> > 
> > Thanks for the quick fix! The new commit fixes also the other segfaults
> > I've seen.
> 
> Attached is a patch that finishes the job by completing option 3. I
> haven't tested it much yet so I'll hold off on committing it for a
> while but it seems to work fine (not break anything) on i386.
> 
> diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
> index 93595a0..485bd4f 100644
> --- a/src/ldso/dynlink.c
> +++ b/src/ldso/dynlink.c
> @@ -280,12 +280,17 @@ static void do_relocs(struct dso *dso, size_t *rel, size_t rel_size, size_t stri
>  			def.dso = dso;
>  		}
>  
> -		int gotplt = (type == REL_GOT || type == REL_PLT);
> -		if (dso->rel_update_got && !gotplt && stride==2) continue;
> -
> -		addend = stride>2 ? rel[2]
> -			: gotplt || type==REL_COPY ? 0
> -			: *reloc_addr;
> +		if (stride > 2) {
> +			addend = rel[2];
> +		} else if (type==REL_GOT || type==REL_PLT || type==REL_COPY) {
> +			addend = 0;
> +		} else {
> +			addend = *reloc_addr;
> +			if (dso->rel_update_got) {
> +				struct symdef old = find_sym(&ldso, name, 0);
> +				addend -= (size_t)ldso.base+old.sym->st_value;
> +			}
> +		}

Actually I'm not happy with this patch as-is. It's only valid for
REL_SYMBOLIC (or REL_SYM_OR_REL with a symbol) type relocations,
because it's assuming that the value at reloc_addr is sym_val+addend.
We could restrict reprocessing to just those types, but there are a
number of other reloc types that could theoretically arise and that we
should be treating correctly. REL_OFFSET/REL_OFFSET32 probably should
not appear in libc.so (or anything without TEXTRELs), but if we need
to support them, we would also need to adjust by (size_t)reloc_addr.
What's more important, though, are TLS-type relocations which in
principle could appear if libgcc.a is emulating floating point
environment for softfloat via TLS. REL_DTPOFF and REL_TLSDESC are
probably the only ones that would be valid here (only GD model is
valid in shared libraries) and REL_DTPOFF is trivial to reverse and
extract an addend, but REL_TLSDESC is relatively complex to handle.

Sure we could just do REL_SYMBOLIC for now, but if we can't yet solve
the problem in a future-proof way, I'm not sure there's much value in
committing the patch at this point, since there's no present issue
it's fixing.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.