<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - LLD produced executable with ld.bfd internal ldscript segfaults."

   href="https://bugs.llvm.org/show_bug.cgi?id=35265">35265</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>LLD produced executable with ld.bfd internal ldscript segfaults.

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>lld

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>ELF

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>peter.smith@linaro.org

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=19393" name="attach_19393" title="linker script output from ld.bfd --verbose with header/trailer removed.">attachment 19393</a> <a href="attachment.cgi?id=19393&action=edit" title="linker script output from ld.bfd --verbose with header/trailer removed.">[details]</a></span>

linker script output from ld.bfd --verbose with header/trailer removed.

I took the internal linker script that ld.bfd uses for an executable and fed it

into lld. The resultant executable segfaulted in the dynamic loader when

writing back the resolved address of a function into .got.plt. I found that I

could get the executable to run if I turned off relro with -zno-relro.  

I've reproduced this problem on Ubuntu 16.04 x86_64, and on AArch64 via

qemu-aarch64. Also on Ubuntu 14.04 running on Armv7-a so I think that this is

likely to be a target independent problem with the way we handle relro.

To reproduce:

Any C program, including "int main(void) { return 0; }"

Extract the default linker-script for your target using ld.bfd --verbose

Edit out the header and trailer to leave just the SECTIONS command.

Link the program with lld

clang main.c -Wl,-script=main.script -fuse-ld=lld -o main.exe

./main.exe

Segmentation fault (core dumped)

To prevent the segfault add -Wl,-znorelro

I've attached the linker script that I used for x86_64 "GNU ld (GNU Binutils

for Ubuntu) 2.26.1"

I haven't investigated why -zrelro isn't working yet, nor have I tried a shared

library (obtain the script with "ld --verbose --shared").

The linker script contains: . = DATA_SEGMENT_RELRO_END (SIZEOF (.got.plt) >= 24

? 24 : 0, .);

so we may be missing some magic. The RELRO program header certainly looks very

different to the one produced by ld.bfd.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>