[llvm-bugs] [Bug 50759] New: LLD handling of relocations to unresolved weak references with -pie not consistent

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Jun 17 10:40:11 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=50759

            Bug ID: 50759
           Summary: LLD handling of relocations to unresolved weak
                    references with -pie not consistent
           Product: lld
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: ELF
          Assignee: unassignedbugs at nondot.org
          Reporter: smithp352 at googlemail.com
                CC: llvm-bugs at lists.llvm.org, smithp352 at googlemail.com

When we do a -pie link with no shared libraries present LLD can be inconsistent
with its resolution of unresolved weak-references.

Consider the example below (I'm using aarch64 but it should reproduce on other
targets):
// weak.c
extern __attribute__((weak)) int weak_reference;
__attribute__((visibility("hidden"))) int* address_of_weak_reference =
&weak_reference;

void _start() {
  if (&weak_reference)
    weak_reference = 1;
  if (address_of_weak_reference)
    *address_of_weak_reference = 1;
}

clang -c weak.c -fpie --target=aarch64-linux-gnu -ffreestanding -nostdlib
ld.lld -pie weak.o -o weak-dyn
readelf --relocs weak-dyn
Relocation section '.rela.dyn' at offset 0x278 contains 1 entries:
    Offset             Info             Type               Symbol's Value 
Symbol's Name + Addend
0000000000020390  0000000100000401 R_AARCH64_GLOB_DAT     0000000000000000
weak_reference + 0

In the object file there are GOT generating relocations for the references to
weak_reference and a R_AARCH64_ABS64 relocation from the .data section. LLD is
relocating the GOT reference to weak_reference but is statically resolving the
R_AARCH64_ABS64 to the undefined weak_reference to 0

ld.bfd does what I'd expect for this case as -pie is expected to be used with a
dynamic linker:
Relocation section '.rela.dyn' at offset 0x278 contains 2 entries:
    Offset             Info             Type               Symbol's Value 
Symbol's Name + Addend
0000000000010fe0  0000000300000401 R_AARCH64_GLOB_DAT     0000000000000000
weak_reference + 0
0000000000011000  0000000300000101 R_AARCH64_ABS64        0000000000000000
weak_reference + 0

A second part to this is motivated by the linux kernel KASLR configuration that
uses a combination of -fpie and linking -pie with only static libraries and
with a linker script including something like:
# weak.lds
/DISCARD/ : {
                *(.interp .dynamic)
                *(.dynsym .dynstr .hash .gnu.hash)
        }

If we use LLD with this linker script extract the dynamic symbol table will be
removed, leaving the R_AARCH64_GLOB_DAT with a symbol index of 0. This used to
give a warning, but no longer does so.

ld.lld -pie weak.o -o weak --script=weak.lds

Relocation section '.rela.dyn' at offset 0x10000 contains 1 entries:
    Offset             Info             Type               Symbol's Value 
Symbol's Name + Addend
0000000000000058  0000000000000401 R_AARCH64_GLOB_DAT                0

In this case I think there is a strong argument to statically resolve all
dynamic relocations to unresolved weak references to 0 as a R_AARCH64_GLOB_DAT
to symbol idx 0 is arguably ill-formed.

Perhaps we can even error if there are any dynamic relocations expecting a
symbol when the .dynsym is discarded.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210617/ca054487/attachment.html>

More information about the llvm-bugs mailing list