<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/59769>59769</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
lld 15.0.6 mislink of x86 TLS GOT call
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
rakslice
</td>
</tr>
</table>
<pre>
```
$ clang++ --version
Alpine clang version 15.0.6
Target: i586-alpine-linux-musl
Thread model: posix
InstalledDir: /usr/bin
$ ld.lld --version
LLD 15.0.6 (compatible with GNU linkers)
```
I'm in the process of chasing the segfault in firefox in alpine 3.17 x86.
I've found that an object file `mozglue/baseprofiler/Unified_cpp_mozglue_baseprofiler0.o` built with `clang++`
(build command line)
```
/usr/bin/clang++ -Qunused-arguments -std=gnu++17 -o Unified_cpp_mozglue_baseprofiler0.o -c -I/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/dist/stl_wrappers -I/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/dist/system_wrappers -include /home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -DNDEBUG=1 -DTRIMMED=1 -DIMPL_MFBT -DIMPL_MFBT -DMOZ_HAS_MOZGLUE -I/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/mozglue/baseprofiler -I/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/mozglue/baseprofiler -I/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/mozglue/baseprofiler/core -I/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/mozglue/linker -I/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/dist/include -I/usr/include/nspr -I/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/dist/include/nss -I/usr/include/libpng16 -I/usr/include/pixman-1 -DMOZILLA_CLIENT -include /home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/mozilla-config.h -fno-sized-deallocation -fno-aligned-new -fno-exceptions -fPIC -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -Os -fomit-frame-pointer -O2 -fno-plt -fomit-frame-pointer -funwind-tables -Wall -Wbitfield-enum-conversion -Wdeprecated-this-capture -Wempty-body -Wformat-type-confusion -Wignored-qualifiers -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wno-error=tautological-type-limit-compare -Wunreachable-code -Wunreachable-code-return -Wunused-but-set-parameter -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wno-range-loop-analysis -Wc++2a-compat -Wenum-compare-conditional -Wenum-float-conversion -Wno-ambiguous-reversed-operator -Wno-error=deprecated -Wno-error=depecated-anon-enum-enum-conversion -Wno-error=deprecated-enum-enum-conversion -Wno-error=deprecated-pragma -Wno-error=deprecated-this-capture -Wno-error=deprecated-volatile -Wcomma -Wimplicit-fallthrough -Wstring-conversion -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wformat -Wformat-security -Wno-psabi -Wthread-safety -Wno-unknown-warning-option -Wno-ignored-qualifiers -fno-strict-aliasing -ffp-contract=off -MD -MP -MF .deps/Unified_cpp_mozglue_baseprofiler0.o.pp Unified_cpp_mozglue_baseprofiler0.cpp
```
has TLS `lea`-`call` sequences like
```
175: f0 ff 46 28 lock incl 0x28(%esi)
179: 8d 83 00 00 00 00 lea 0x0(%ebx),%eax
17f: ff 93 00 00 00 00 call *0x0(%ebx)
185: 89 c1 mov %eax,%ecx
187: 89 a8 00 00 00 00 mov %ebp,0x0(%eax)
```
with relevant relocs
```
OFFSET TYPE VALUE
0000017b R_386_TLS_LDM _ZN7mozilla12baseprofiler19TLSRegisteredThread17sRegisteredThreadE
00000181 R_386_GOT32 ___tls_get_addr
```
when this is linked with `lld`
(build command line)
```
/usr/bin/clang++ -Qunused-arguments -std=gnu++17 -o ../../dist/bin/firefox -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -fno-sized-deallocation -fno-aligned-new -fno-exceptions -fPIC -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -Os -fomit-frame-pointer -O2 -fno-plt -fomit-frame-pointer -funwind-tables /home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/browser/app/firefox.list -lpthread -fuse-ld=lld -Wl,-z,noexecstack -Wl,-z,text -Wl,-z,relro -Wl,-z,nocopyreloc -Wl,-Bsymbolic-functions -Wl,--build-id=sha1 -fstack-protector-strong -fstack-clash-protection -rdynamic -Wl,-rpath-link,/home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/dist/bin -Wl,-rpath-link,/usr/lib -pie -latomic
```
(resulting `lld` command line)
```
`"/usr/bin/ld.lld" -pie -export-dynamic -z now -z relro --hash-style=gnu --build-id --eh-frame-hdr -m elf_i386 -export-dynamic -dynamic-linker /lib/ld-musl-i386.so.1 -o ../../dist/bin/firefox /usr/lib/Scrt1.o /usr/lib/crti.o /usr/bin/../lib/gcc/i586-alpine-linux-musl/12.2.1/crtbeginS.o -L/usr/bin/../lib/gcc/i586-alpine-linux-musl/12.2.1 -L/usr/bin/../lib/gcc/i586-alpine-linux-musl/12.2.1/../../../../i586-alpine-linux-musl/lib -L/lib -L/usr/lib /home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/browser/app/firefox.list -lpthread -z noexecstack -z text -z relro -Bsymbolic-functions --build-id=sha1 -rpath-link /home/rakslice/src/aports/community/firefox/src/firefox-108.0.1/obj/dist/bin -rpath-link /usr/lib -latomic -lssp_nonshared -lstdc++ -lm -lgcc_s -lgcc -lpthread -lc -lgcc_s -lgcc /usr/bin/../lib/gcc/i586-alpine-linux-musl/12.2.1/crtendS.o /usr/lib/crtn.o`
```
it generates broken output like
```
444d5: f0 ff 46 28 lock incl 0x28(%esi)
444d9: 65 a1 00 00 00 00 mov %gs:0x0,%eax
444df: 90 nop
444e0: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
444e4: 00 89 c1 89 a8 f4 add %cl,-0xb57763f(%ecx)
444ea: ff (bad)
444eb: ff (bad)
444ec: ff 89 a8 f8 ff ff decl -0x758(%ecx)
```
this `mov`-`nop`-`lea`-no-op is the canned sequence from `X86::relaxTlsLdToLe()` in `lld/ELF/Arch/X86.cpp` https://github.com/llvm/llvm-project/blob/llvmorg-15.0.6/lld/ELF/Arch/X86.cpp#L462,
```
// Convert
// leal foo(%reg),%eax
// call ___tls_get_addr
// to
// movl %gs:0,%eax
// nop
// leal 0(%esi,1),%esi
const uint8_t inst[] = {
0x65, 0xa1, 0x00, 0x00, 0x00, 0x00, // movl %gs:0,%eax
0x90, // nop
0x8d, 0x74, 0x26, 0x00, // leal 0(%esi,1),%esi
};
```
which is basically the LD->LE transition right out of "Elf Handling for Thread-Local Storage" v0.21 (2013-08-22) starting on p.54 (https://lrita.github.io/images/posts/cplusplus/ELF_Handling_For_Thread-Local_Storage.pdf#page=54)
But that particular rewrite is clearly inappropriate; the `call` here in the GOT `___tls_get_addr` case is 6 bytes rather than presumably 5 the canned sequence is expecting so it is a byte short, and leaves us with garbage output.
How `lld` got to this:
1. `lld/ELF/Arch/X86.cpp:92`: use `exec` `R_TLSLD_GOTPLT` for `R_386_TLS_LDM`
https://github.com/llvm/llvm-project/blob/llvmorg-15.0.6/lld/ELF/Arch/X86.cpp#L92
2. `lld/ELF/Relocations.cpp:1218`: handling of the `R_TLSLD_GOTPLT` relocation figures that this LD->LE "relaxation" applies https://github.com/llvm/llvm-project/blob/llvmorg-15.0.6/lld/ELF/Relocations.cpp#L1218
3. `lld/ELF/Arch/X86.cpp:462`: as noted `X86::relaxTlsLdToLe()` applies canned code block presumably designed for a different `call` than the one we have https://github.com/llvm/llvm-project/blob/llvmorg-15.0.6/lld/ELF/Arch/X86.cpp#L462
Anyway, there you go. I don't know if this `.o` is ABI compliant, I don't know if this is a valid candidate for some other LD->LE transition, I don't know what a minimal example would look like, I'm just an end user chasing after a broken binary I got shipped.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzkOk1z2ziyv4a-dEFFQdbXwQc7sjKuksfzYud5dy4qiGiSmIAAFwAtKb_-VYPUhxU5k3mzzh7WJYsUutHdaPQnSOG9KgziVTK8SYazC9GE0rorJ754rTK8WFm5vUpGafdJZ0l6nfBLyLQwRcJvEn4DjL2g88qaFnyta2WwxYAOAv1hL-2NWoQn4QoMyeAa1HAyYiLiM61Ms2FV43WHVToUEiorURNubb3atKA744PQGuVMOQIlfN54l_D5SpmDiFr2tJan0i0Ws04YSPgks1UtglpphLUKJXz89TNoZb6g8wmfdrROVt-KkPBxBcpAKBFqZzP0HmwOWSm8MkUc9ljkotGB0HLlMLcbum3XC4Nefwybyah3SvYFIbeNkRBKEUAYsKs_MAuQK42QjNLKfi10g7Rc4bF2lgC0-s9G5QrlMqvrZYe0PEZJezYZpbBqlA7tcpNRerSRRxs8ISQJma0qYSSpBN_Ux7Hy-fyVYfxPYxqPkglXNBWa4IH5IJPBrDBNi9MfA7PwA5IDy4DdJXxe2orWvrPQhM-9yxI-F7V1wZMEtqoao8I24fNO7Xuk7jfrp5Ne2usnfG5XfyR8LpUPhBT0cu1EXaPzP4Hb1gesjhgqk-lGIvz7-WbW5KpI-LzIsmWppETTK4F9Xs4fPj3dzf-5fHz4_OnDLbDZyUgymHFguQ8i-8JqZwNmwTrmg7Om2AMyLXy5A5O7s9mvs9ubzx-TwawPbPb06e7-_nbW_bq7_22xvJ_fPJ3c3z_8vvzl-nF5__D7x8Xn23fZgPPO8457_RMZvhkYMuvwnTm2QfP9fWbnIpFRG3e6oYTPja9_ngiRnz8viFar2hT90XlorTaVMKzfmvzdYnG9_LC4u_316T0jwN4aldaCtfGAQkBuLPPqK0omUWhtM9E6MI0LTbWBZAbX7QBuMqwJ7oHlv919aEddCApYnjcmOj_zbRAgHCmCOP59SsNYVolQMnTOWGB1aJM-q1WNwB4IxVYqsNyJClltlQlkZQ-8nVvr8AZG3pi1MpIFsdLogT0LrYE9r1TIFWrJ0DQVaWFXn7BnibXDTASULJTKs0zUoSG_ecaqDltGlRCw59y6SgQWtjVGLTbddFUY61CyfzVCUzKjeP7cicOEo2zLnn0ppF2zVgRliIAProkhtbIyJkFCUwXBqlpE_pGXVpWi_PlMKnTOumQwC6IJVttCZUKzA9bR1MY4FFlJSmCZleeGmMPQOBMhMVmvmsA8BlYLUmnUJjFV5kVoJZnNc4_B5sCeKex79iKccIXfK0oZFZgPVSBtaSsCsy_ocm3XrxXewr6is6_HtbU1E0borVfdgp0wBbJTQNaWEFy0CyZ-3bbG5RNVqcjShN6BWp6v2JGdVytVNLbxzCEBUDJboxPButcKP9jIN-Od6QhjTWtc31rYWUJ_Dbl2oqjEm-ATwz2P9GK1CFRLsudY35HxVrVWGXmR0DqUzjZFNNfglCm-kUsZqgcpKjCJGsPbrCRmWjjRefsxknBOkE81Rp5AcofIjDUlipp1pe_rqcFWKmuDExWVb3KPha6KnFuvPbivx6xxKmzbubUXK0WOFqMP8yLHHagxX4xdG7YWzpAubB0Oejjj8jGcBqeyQAK2vQDL85qUGJzIQjKY2TwHYPczYPe_AbufQ09i7X-sgO_V9Q9Uy1ldf6d3KYWHp8UjVf8aRTJKGfUBQmvqDjz-q0GToQetvuDxtBNa0B8PqfkCyFPIc7gcAZ_A8Z-22RegjAbphk8S-gzRq30jAf3xtKUwkTAZQJoePh0FFHRJN2k3e7Wh2fwD3YvNnkxOZPIcpueI0MoAIOHXp3S66ZNuHZMpZH2o7AtE9MihZZXtWU3GhDuZgpi8YkWzIuE64R8OfMTm-21k7MIcanwRJtCNzfx3dP4wnz_ePgHA0z9_u4X_vV58vm0BKf31xyv4tBxMRsunxeNyMbuH5e-_jruU3-fHJtKfPi0eP2GhfECHsu21-2N_OvSK_KTfkf_48DTgnXaXy2XQfllgWAop3ffWWiK1y8qD8m2TLfddqNbyP9d99noJn8evrsJrae1a9nfskv47iq_3KmZXzq59bHBEXR_welr5AEzv15M3HpmmjY_nQc864R_Y14R_MBY3mMXNOR4OuAnHvx1qZ1_Py2y9jd66G77x22pltcrYbif8DhTzkGSKBPCl6P9_DMXJrRGV2rNzNW0cOVGMUO_a76yUeYtt63parchoEJhuc_Mbnjpx6BvKyMXB5X_MyUdpwvmJq7fHewnnHW_c0FrZXlFfwdg1XbrtYyUp1YetxjYEwGFngDEsOysupQNWAep8qQaT0beEuxvWtbytAqJA8fSS0ayet73-D8SWYx0mfP6YudDv2dPhzAV1PNrSiFRbhCKjfXzjNJXP-7zH22MgF1ZYKPPYs8AWf5Pe36ewm3Ly9easaGiL45uDAf6ngwyZ21E0-QptFNmb39kA8W1oOHjYu63o2K1fszty586TgWnv66WxxpfCUdujfZDZLsPqCpgusmzp2-uxQnR2Avu3mC8a-XjWQUw83D4bPlSAAg31c-hh5ewXNGCbUDfhuMY9qW4vLy9lVxfC36lxIVKKde5oCKJ_pkA9VJyFTwZtlfq6wm2J5AdxpikYWx9DMT1AJxLGl8BHBxaHcvpQm5KUkY2inNY_FNZevSJ8eSCcpl2R3BbA-WU3LqQk8bOYJNLNajgejwZ5xyfbnGgDxZFeczj7R0WgkIeJNG3116e1_LJXEzvZJ3S_p0OdKgCwdDMeTr4V_GxBG2vZ-EDmpWuiaE_au66xMpbZmurdUCJkwhiU-w4Lcmcrmv-PySgZXCeDa4dabJ60X8gnu8AoxZRypDK7hMnnt4t5wufXLisTPv_HZBR7vVEKZQg1WU_CCV6oUDarXmYr8hH9srtQUUEdNXmhtqtu1LqCdQ_oaOBNNnywuBzxhH-A8z4DLXP4EA8MwslotD8NubWtfh0WZ5q5A3bs2862F3ukYL-ZVdkXfXClt6kfuU83FqV75RxnfSKe2UGjTJgsAyjjQ_voFJLBDJLxzd7yYuM6GpK60o3ot9c0_d61k-RP1tBSnh7POA4GETqRLd3xZXvlo2M-r13mr6w-Gc-Swc3Z7V-XKivJ1lfCK9q8bbT6xYwlg9vFLQQnjI_nceBUUQaKwWBzSDi_1Tn8IozUVBvm1kHbfbKFzYSGx2CdKJBKvZe0x_vk5TztD1g6YVQWTsEH4WJdaQ3UveElYbx2CO1UEL3OLZSldFOJAimH1ta3ubTWjaf_1vyXO4GWc-uWxwItO4F6tcwTPqhJtsFseHmIFvH7pgntI9yahMsaLRw4XDsVkLSUaRROb0EZUdfO1k6JgMngJirt6ECmRIe7B80fH54IdOoUVEYLH6mOYLWlNOdEKNERfwM11d2VWOktDM8GIuUBNzX1GqYAb0EFGhKRFPjSukBGE6t0FC_oofFt514ItxIFdtn01ZPsX-z6qMovbIBgY_dPWxIx-r0_iWqD6ykn6xpcQ-OjTqjAInLJKP20fFo8LmbLjw9Pvy2eaJDsJgKOTkAicnvo9XPi45S37Pg3i_uEu_7ed6vr8_6kW1-5M36b7_b_2wW6PQXIVdE49K19xTy0d7OE85hHIiL5jKhrrdC_T4Y4XRUfLOKyohIGf77DlE9aFQgPxgaUP5QRd2vqLDk-2ljFWuzI2CXGd1tktAwBUuU5OjTh2Luig5DGrUFYI5TiBX9mLj3ymGuzXYsteVqIPr-1DRS2B3cgaSPHAb5QR6ty2BUe7fscysP1zR010rVWwkRffWNO9Or4GIc0J5UUAaN2vK0QbAwZZ-L1GYrr-G4KVMqoSmjAjahqjbC2jZagrf3SltY0Mb4p80fj47ssaCQ5s9u_KCPygLQ7XV2-Uka4LdzFiOFLVdcou7hyIa8GcjqYigu86o_GfMgvB8PRRXkl8lSOOV9x7PeH_VE6mK76OJoOLyf5NJ3I8YW64innfT7oc54Oh6PeKMvH0zzP-VBOh9PhZXKZYiWU7tEO9qwrLpT3DV4Np-PR9EKLFWof35Di3OAaIjDhPBnOLtxVtIVVU_jkMqWu0B-oBBU0Xmktd68cVcrHZsvmsJmM4ik8xXSyxovG6au_bHlRFMpYUdT_CwAA__9D4dmI">