1 /* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008 Red Hat, Inc.
2    This file is part of elfutils.
3    Written by Ulrich Drepper <drepper@redhat.com>, 2001.
4 
5    This file is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License as published by
7    the Free Software Foundation; either version 3 of the License, or
8    (at your option) any later version.
9 
10    elfutils is distributed in the hope that it will be useful, but
11    WITHOUT ANY WARRANTY; without even the implied warranty of
12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13    GNU General Public License for more details.
14 
15    You should have received a copy of the GNU General Public License
16    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
17 
18 #ifdef HAVE_CONFIG_H
19 # include <config.h>
20 #endif
21 
22 #include <assert.h>
23 #include <error.h>
24 #include <libintl.h>
25 #include <stdlib.h>
26 #include <string.h>
27 
28 // XXX For debugging
29 #include <stdio.h>
30 
31 #include <system.h>
32 #include "ld.h"
33 #include "list.h"
34 /* x86 is little endian.  */
35 #define UNALIGNED_ACCESS_CLASS LITTLE_ENDIAN
36 #include "unaligned.h"
37 #include "xelf.h"
38 
39 
40 /* The old callbacks.  */
41 static int (*old_open_outfile) (struct ld_state *, int, int, int);
42 
43 
44 static int
elf_i386_open_outfile(struct ld_state * statep,int machine,int klass,int data)45 elf_i386_open_outfile (struct ld_state *statep,
46 		       int machine __attribute__ ((unused)),
47 		       int klass __attribute__ ((unused)),
48 		       int data __attribute__ ((unused)))
49 {
50   /* This backend only handles 32-bit object files.  */
51   /* XXX For now just use the generic backend.  */
52   return old_open_outfile (statep, EM_386, ELFCLASS32, ELFDATA2LSB);
53 }
54 
55 
56 /* Process relocations for the output in a relocatable file.  This
57    only means adjusting offset and symbol indices.  */
58 static void
elf_i386_relocate_section(struct ld_state * statep,Elf_Scn * outscn,struct scninfo * firstp,const Elf32_Word * dblindirect)59 elf_i386_relocate_section (struct ld_state *statep __attribute__ ((unused)),
60 			   Elf_Scn *outscn, struct scninfo *firstp,
61 			   const Elf32_Word *dblindirect)
62 {
63   struct scninfo *runp;
64   Elf_Data *data;
65 
66   /* Iterate over all the input sections.  Appropriate data buffers in the
67      output sections were already created.  */
68   runp = firstp;
69   data = NULL;
70   do
71     {
72       Elf_Data *reltgtdata;
73       Elf_Data *insymdata;
74       Elf_Data *inxndxdata = NULL;
75       size_t maxcnt;
76       size_t cnt;
77       const Elf32_Word *symindirect;
78       struct symbol **symref;
79       struct usedfiles *file = runp->fileinfo;
80       XElf_Shdr *shdr = &SCNINFO_SHDR (runp->shdr);
81 
82       /* Get the output section data buffer for this input section.  */
83       data = elf_getdata (outscn, data);
84       assert (data != NULL);
85 
86       /* Get the data for section in the input file this relocation
87 	 section is relocating.  Since these buffers are reused in the
88 	 output modifying these buffers has the correct result.  */
89       reltgtdata = elf_getdata (file->scninfo[shdr->sh_info].scn, NULL);
90 
91       /* Get the data for the input section symbol table for this
92 	 relocation section.  */
93       insymdata = elf_getdata (file->scninfo[shdr->sh_link].scn, NULL);
94       assert (insymdata != NULL);
95 
96       /* And the extended section index table.  */
97       inxndxdata = runp->fileinfo->xndxdata;
98 
99       /* Number of relocations.  */
100       maxcnt = shdr->sh_size / shdr->sh_entsize;
101 
102       /* Array directing local symbol table offsets to output symbol
103 	 table offsets.  */
104       symindirect = file->symindirect;
105 
106       /* References to the symbol records.  */
107       symref = file->symref;
108 
109       /* Iterate over all the relocations in the section.  */
110       for (cnt = 0; cnt < maxcnt; ++cnt)
111 	{
112 	  XElf_Rel_vardef (rel);
113 	  Elf32_Word si;
114 	  XElf_Sym_vardef (sym);
115 	  Elf32_Word xndx;
116 
117 	  /* Get the relocation data itself.  x86 uses Rel
118 	     relocations.  In case we have to handle Rela as well the
119 	     whole loop probably should be duplicated.  */
120 	  xelf_getrel (data, cnt, rel);
121 	  assert (rel != NULL);
122 
123 	  /* Compute the symbol index in the output file.  */
124 	  si = symindirect[XELF_R_SYM (rel->r_info)];
125 	  if (si == 0)
126 	    {
127 	      /* This happens if the symbol is locally undefined or
128 		 superceded by some other definition.  */
129 	      assert (symref[XELF_R_SYM (rel->r_info)] != NULL);
130 	      si = symref[XELF_R_SYM (rel->r_info)]->outsymidx;
131 	    }
132 	  /* Take reordering performed to sort the symbol table into
133 	     account.  */
134 	  si = dblindirect[si];
135 
136 	  /* Get the symbol table entry.  */
137 	  xelf_getsymshndx (insymdata, inxndxdata, XELF_R_SYM (rel->r_info),
138 			    sym, xndx);
139 	  if (sym->st_shndx != SHN_XINDEX)
140 	    xndx = sym->st_shndx;
141 	  assert (xndx < SHN_LORESERVE || xndx > SHN_HIRESERVE);
142 
143 	  /* We fortunately don't have to do much.  The relocations
144 	     mostly get only updates of the offset.  Only for a
145 	     relocation referring to a section do we have to do
146 	     something.  In this case the reference to the sections
147 	     has no direct equivalent since the part the input section
148 	     contributes need not start at the same offset as in the
149 	     input file.  Therefore we have to adjust the addend which
150 	     in the case of Rel relocations is in the target section
151 	     itself.  */
152 	  if (XELF_ST_TYPE (sym->st_info) == STT_SECTION)
153 	    {
154 	      /* We expect here only R_386_32 relocations.  */
155 	      assert (XELF_R_TYPE (rel->r_info) == R_386_32);
156 
157 	      /* Avoid writing to the section memory if this is
158 		 effectively a no-op since it might save a
159 		 copy-on-write operation.  */
160 	      Elf32_Word toadd = file->scninfo[xndx].offset;
161 	      if (toadd != 0)
162 		add_4ubyte_unaligned (reltgtdata->d_buf + rel->r_offset,
163 				      toadd);
164 	    }
165 
166 	  /* Adjust the offset for the position of the input section
167 	     content in the output section.  */
168 	  rel->r_offset += file->scninfo[shdr->sh_info].offset;
169 
170 	  /* And finally adjust the index of the symbol in the output
171 	     symbol table.  */
172 	  rel->r_info = XELF_R_INFO (si, XELF_R_TYPE (rel->r_info));
173 
174 	  /* Store the result.  */
175 	  (void) xelf_update_rel (data, cnt, rel);
176 	}
177 
178       runp = runp->next;
179     }
180   while (runp != firstp);
181 }
182 
183 
184 /* Each PLT entry has 16 bytes.  We need one entry as overhead for
185    the code to set up the call into the runtime relocation.  */
186 #define PLT_ENTRY_SIZE 16
187 
188 static void
elf_i386_initialize_plt(struct ld_state * statep,Elf_Scn * scn)189 elf_i386_initialize_plt (struct ld_state *statep, Elf_Scn *scn)
190 {
191   Elf_Data *data;
192   XElf_Shdr_vardef (shdr);
193 
194   /* Change the entry size in the section header.  */
195   xelf_getshdr (scn, shdr);
196   assert (shdr != NULL);
197   shdr->sh_entsize = PLT_ENTRY_SIZE;
198   (void) xelf_update_shdr (scn, shdr);
199 
200   data = elf_newdata (scn);
201   if (data == NULL)
202     error (EXIT_FAILURE, 0, gettext ("cannot allocate PLT section: %s"),
203 	   elf_errmsg (-1));
204 
205   /* We need one special PLT entry (performing the jump to the runtime
206      relocation routines) and one for each function we call in a DSO.  */
207   data->d_size = (1 + statep->nplt) * PLT_ENTRY_SIZE;
208   data->d_buf = xcalloc (1, data->d_size);
209   assert (data->d_type == ELF_T_BYTE);
210   data->d_off = 0;
211   data->d_align = 8;
212 
213   statep->nplt_used = 1;
214 }
215 
216 
217 static void
elf_i386_initialize_pltrel(struct ld_state * statep,Elf_Scn * scn)218 elf_i386_initialize_pltrel (struct ld_state *statep, Elf_Scn *scn)
219 {
220   Elf_Data *data;
221 
222   data = elf_newdata (scn);
223   if (data == NULL)
224     error (EXIT_FAILURE, 0, gettext ("cannot allocate PLTREL section: %s"),
225 	   elf_errmsg (-1));
226 
227   /* One relocation per PLT entry.  */
228   size_t size = statep->nplt * sizeof (Elf32_Rel);
229   data->d_buf = xcalloc (1, size);
230   data->d_type = ELF_T_REL;
231   data->d_size = size;
232   data->d_align = 4;
233   data->d_off = 0;
234 }
235 
236 
237 static void
elf_i386_initialize_got(struct ld_state * statep,Elf_Scn * scn)238 elf_i386_initialize_got (struct ld_state *statep, Elf_Scn *scn)
239 {
240   /* If we come here we better need a GOT.  */
241   assert (statep->ngot != 0);
242 
243   Elf_Data *data = elf_newdata (scn);
244   if (data == NULL)
245     error (EXIT_FAILURE, 0, gettext ("cannot allocate GOT section: %s"),
246 	   elf_errmsg (-1));
247 
248   /* Just a single word per GOT entry is needed.  */
249   size_t size = statep->ngot * sizeof (Elf32_Addr);
250   data->d_buf = xcalloc (1, size);
251   data->d_size = size;
252   data->d_type = ELF_T_WORD;
253   data->d_off = 0;
254   data->d_align = sizeof (Elf32_Addr);
255 }
256 
257 
258 static void
elf_i386_initialize_gotplt(struct ld_state * statep,Elf_Scn * scn)259 elf_i386_initialize_gotplt (struct ld_state *statep, Elf_Scn *scn)
260 {
261   /* If we come here we better need a PLT.  */
262   assert (statep->nplt != 0);
263 
264   Elf_Data *data = elf_newdata (scn);
265   if (data == NULL)
266     error (EXIT_FAILURE, 0, gettext ("cannot allocate GOTPLT section: %s"),
267 	   elf_errmsg (-1));
268 
269   /* We construct the .got.plt section in pieces.  Here we only add the data
270      structures which are used by the PLT.  This includes three reserved
271      entries at the beginning (the first will contain a pointer to the
272      .dynamic section), and one word for each PLT entry.  */
273   size_t size = (3 + statep->nplt) * sizeof (Elf32_Addr);
274   data->d_buf = xcalloc (1, size);
275   data->d_type = ELF_T_WORD;
276   data->d_size = size;
277   data->d_off = 0;
278   data->d_align = sizeof (Elf32_Addr);
279 }
280 
281 
282 /* The first entry in an absolute procedure linkage table looks like
283    this.  See the SVR4 ABI i386 supplement to see how this works.  */
284 static const unsigned char elf_i386_plt0_entry[PLT_ENTRY_SIZE] =
285 {
286   0xff, 0x35,	/* pushl contents of address */
287   0, 0, 0, 0,	/* replaced with address of .got + 4.  */
288   0xff, 0x25,	/* jmp indirect */
289   0, 0, 0, 0,	/* replaced with address of .got + 8.  */
290   0x0f, 0x0b,	/* ud2a, to prevent further decoding.  */
291   0, 0		/* pad out to 16 bytes.  */
292 };
293 
294 /* Type describing the first PLT entry in non-PIC.  */
295 struct plt0_entry
296 {
297   /* First a 'push' of the second GOT entry.  */
298   unsigned char push_instr[2];
299   uint32_t gotp4_addr;
300   /* Second, a 'jmp indirect' to the third GOT entry.  */
301   unsigned char jmp_instr[2];
302   uint32_t gotp8_addr;
303   /* Padding.  */
304   unsigned char padding[4];
305 } __attribute__ ((packed));
306 
307 /* The first entry in a PIC procedure linkage table look like this.  */
308 static const unsigned char elf_i386_pic_plt0_entry[PLT_ENTRY_SIZE] =
309 {
310   0xff, 0xb3, 4, 0, 0, 0,	/* pushl 4(%ebx) */
311   0xff, 0xa3, 8, 0, 0, 0,	/* jmp *8(%ebx) */
312   0x0f, 0x0b,			/* ud2a, to prevent further decoding.  */
313   0, 0				/* pad out to 16 bytes.  */
314 };
315 
316 /* Contents of all but the first PLT entry in executable.  */
317 static const unsigned char elf_i386_plt_entry[PLT_ENTRY_SIZE] =
318 {
319   0xff, 0x25,   /* jmp indirect */
320   0, 0, 0, 0,   /* replaced with address of this symbol in .got.  */
321   0x68,         /* pushl immediate */
322   0, 0, 0, 0,   /* replaced with offset into relocation table.  */
323   0xe9,         /* jmp relative */
324   0, 0, 0, 0    /* replaced with offset to start of .plt.  */
325 };
326 
327 /* Contents of all but the first PLT entry in DSOs.  */
328 static const unsigned char elf_i386_pic_plt_entry[PLT_ENTRY_SIZE] =
329 {
330   0xff, 0xa3,	/* jmp *offset(%ebx) */
331   0, 0, 0, 0,	/* replaced with offset of this symbol in .got.  */
332   0x68,		/* pushl immediate */
333   0, 0, 0, 0,	/* replaced with offset into relocation table.  */
334   0xe9,		/* jmp relative */
335   0, 0, 0, 0	/* replaced with offset to start of .plt.  */
336 };
337 
338 /* Type describing a PLT entry.  */
339 struct plt_entry
340 {
341   /* The first instruction is 'jmp indirect' or 'jmp *offset(%ebs)'.  */
342   unsigned char jmp_instr[2];
343   uint32_t offset_got;
344   /* The second instruction is 'push immediate'.  */
345   unsigned char push_instr;
346   uint32_t push_imm;
347   /* Finally a 'jmp relative'.  */
348   unsigned char jmp_instr2;
349   uint32_t plt0_offset;
350 } __attribute__ ((packed));
351 
352 
353 static void
elf_i386_finalize_plt(struct ld_state * statep,size_t nsym,size_t nsym_local,struct symbol ** ndxtosym)354 elf_i386_finalize_plt (struct ld_state *statep, size_t nsym,
355 		       size_t nsym_local, struct symbol **ndxtosym)
356 {
357   if (unlikely (statep->nplt + statep->ngot == 0))
358     /* Nothing to be done.  */
359     return;
360 
361   Elf_Scn *scn;
362   XElf_Shdr_vardef (shdr);
363   Elf_Data *data;
364   const bool build_dso = statep->file_type == dso_file_type;
365 
366   /* Get the address of the .got.plt section.  */
367   scn = elf_getscn (statep->outelf, statep->gotpltscnidx);
368   xelf_getshdr (scn, shdr);
369   data = elf_getdata (scn, NULL);
370   assert (shdr != NULL && data != NULL);
371   /* The address points to the .got.plt section, not the .got section.  */
372   Elf32_Addr gotaddr = shdr->sh_addr;
373 
374   /* Now create the initial values for the .got.plt section.  The
375      first word contains the address of the .dynamic section.  The
376      second and third entry are left empty for use by the dynamic
377      linker.  The following entries are pointers to the instructions
378      following the initial jmp instruction in the corresponding PLT
379      entry.  */
380   xelf_getshdr (elf_getscn (statep->outelf, statep->dynamicscnidx), shdr);
381   assert (shdr != NULL);
382   ((Elf32_Word *) data->d_buf)[0] = shdr->sh_addr;
383 
384   /* The PLT contains code which a user of a function jumps to.  The first
385      PLT entry is special, so the first used one has the index 1.  */
386   scn = elf_getscn (statep->outelf, statep->pltscnidx);
387   XElf_Shdr_vardef (pltshdr);
388   xelf_getshdr (scn, pltshdr);
389   assert (pltshdr != NULL);
390 
391   Elf_Data *dynsymdata = elf_getdata (elf_getscn (statep->outelf,
392 						  statep->dynsymscnidx), NULL);
393   assert (dynsymdata != NULL);
394 
395   Elf_Data *symdata = NULL;
396   if (statep->symscnidx != 0)
397     {
398       symdata = elf_getdata (elf_getscn (statep->outelf, statep->symscnidx),
399 			     NULL);
400       assert (symdata != NULL);
401     }
402 
403   /* Create the .plt section.  */
404   scn = elf_getscn (statep->outelf, statep->pltscnidx);
405   Elf_Data *pltdata = elf_getdata (scn, NULL);
406   assert (pltdata != NULL);
407 
408   /* Also create the .rel.plt section data.  It simply means relocations
409      addressing the corresponding entry in the .got.plt section.  The
410      section name is misleading.  */
411   scn = elf_getscn (statep->outelf, statep->pltrelscnidx);
412   xelf_getshdr (scn, shdr);
413   Elf_Data *reldata = elf_getdata (scn, NULL);
414   assert (shdr != NULL && reldata != NULL);
415 
416   /* Update the sh_link to point to the section being modified.  We
417      point it here (correctly) to the .got.plt section.  Some linkers
418      (e.g., the GNU binutils linker) point to the .plt section.  This
419      is wrong since the .plt section isn't modified even though the
420      name .rel.plt suggests that this is correct.  */
421   shdr->sh_link = statep->dynsymscnidx;
422   shdr->sh_info = statep->gotpltscnidx;
423   (void) xelf_update_shdr (scn, shdr);
424 
425   /* Create the first entry of the .plt section.  */
426   assert (pltdata->d_size >= PLT_ENTRY_SIZE);
427   if (build_dso)
428     /* Copy the entry.  It's complete, no relocation needed.  */
429     memcpy (pltdata->d_buf, elf_i386_pic_plt0_entry, PLT_ENTRY_SIZE);
430   else
431     {
432       /* Copy the skeleton.  */
433       memcpy (pltdata->d_buf, elf_i386_plt0_entry, PLT_ENTRY_SIZE);
434 
435       /* And fill in the addresses.  */
436       struct plt0_entry *addr = (struct plt0_entry *) pltdata->d_buf;
437       addr->gotp4_addr = target_bswap_32 (gotaddr + 4);
438       addr->gotp8_addr = target_bswap_32 (gotaddr + 8);
439     }
440 
441   /* For DSOs we need GOT offsets, otherwise the GOT address.  */
442   Elf32_Addr gotaddr_off = build_dso ? 0 : gotaddr;
443 
444   /* Create the remaining entries.  */
445   const unsigned char *plt_template
446     = build_dso ? elf_i386_pic_plt_entry : elf_i386_plt_entry;
447 
448   for (size_t idx = nsym_local; idx < nsym; ++idx)
449     {
450       struct symbol *symbol = ndxtosym[idx];
451       if (symbol == NULL || symbol->type != STT_FUNC
452 	  || ndxtosym[idx]->outdynsymidx == 0
453 	  // XXX is the following test correct?
454 	  || ! ndxtosym[idx]->in_dso)
455 	continue;
456 
457       size_t pltidx = symbol->merge.value;
458 
459       assert (pltidx > 0);
460       assert ((3 + pltidx) * sizeof (Elf32_Word) <= data->d_size);
461 
462       /* Address in the PLT.  */
463       Elf32_Addr pltentryaddr = (pltshdr->sh_addr + pltidx * PLT_ENTRY_SIZE);
464 
465       /* Point the GOT entry at the PLT entry, after the initial jmp.  */
466       ((Elf32_Word *) data->d_buf)[2 + pltidx] = pltentryaddr + 6;
467 
468       /* If the symbol is defined, adjust the address.  */
469       if (((Elf32_Sym *) dynsymdata->d_buf)[ndxtosym[idx]->outdynsymidx].st_shndx != SHN_UNDEF)
470 	{
471 	  /* The value of the symbol is the address of the corresponding PLT
472 	     entry.  Store the address, also for the normal symbol table if
473 	     this is necessary.  */
474 	  ((Elf32_Sym *) dynsymdata->d_buf)[pltidx].st_value = pltentryaddr;
475 
476 	  if (symdata != NULL)
477  {
478    assert(nsym - statep->nplt + (pltidx - 1) == idx);
479 	    ((Elf32_Sym *) symdata->d_buf)[nsym - statep->nplt
480 					   + (pltidx - 1)].st_value
481 	      = pltentryaddr;
482  }
483 	}
484 
485       /* Copy the PLT entry template.  */
486       assert (pltdata->d_size >= (1 + pltidx) * PLT_ENTRY_SIZE);
487       struct plt_entry *addr = (struct plt_entry *) ((char *) pltdata->d_buf
488 						     + (pltidx
489 							* PLT_ENTRY_SIZE));
490       memcpy (addr, plt_template, PLT_ENTRY_SIZE);
491 
492       /* And once more, fill in the addresses.  First the address of
493 	 this symbol in .got.  */
494       addr->offset_got = target_bswap_32 (gotaddr_off
495 					  + (2 + pltidx) * sizeof (Elf32_Addr));
496       /* Offset into relocation table.  */
497       addr->push_imm = target_bswap_32 ((pltidx - 1) * sizeof (Elf32_Rel));
498       /* Offset to start of .plt.  */
499       addr->plt0_offset = target_bswap_32 (-(1 + pltidx) * PLT_ENTRY_SIZE);
500 
501 
502       XElf_Rel_vardef (rel);
503       assert (pltidx * sizeof (Elf32_Rel) <= reldata->d_size);
504       xelf_getrel_ptr (reldata, pltidx - 1, rel);
505       rel->r_offset = gotaddr + (2 + pltidx) * sizeof (Elf32_Addr);
506       /* The symbol table entries for the functions from DSOs are at
507 	 the beginning of the symbol table.  */
508       rel->r_info = XELF_R_INFO (ndxtosym[idx]->outdynsymidx, R_386_JMP_SLOT);
509       (void) xelf_update_rel (reldata, pltidx - 1, rel);
510     }
511 }
512 
513 
514 static int
elf_i386_rel_type(struct ld_state * statep)515 elf_i386_rel_type (struct ld_state *statep __attribute__ ((__unused__)))
516 {
517   /* ELF/i386 uses REL.  */
518   return DT_REL;
519 }
520 
521 
522 static void
elf_i386_count_relocations(struct ld_state * statep,struct scninfo * scninfo)523 elf_i386_count_relocations (struct ld_state *statep, struct scninfo *scninfo)
524 {
525   /* We go through the list of input sections and count those relocations
526      which are not handled by the linker.  At the same time we have to
527      see how many GOT entries we need and how much .bss space is needed
528      for copy relocations.  */
529   Elf_Data *data = elf_getdata (scninfo->scn, NULL);
530   XElf_Shdr *shdr = &SCNINFO_SHDR (scninfo->shdr);
531   size_t maxcnt = shdr->sh_size / shdr->sh_entsize;
532   size_t relsize = 0;
533   size_t cnt;
534   struct symbol *sym;
535 
536   assert (shdr->sh_type == SHT_REL);
537 
538   for (cnt = 0; cnt < maxcnt; ++cnt)
539     {
540       XElf_Rel_vardef (rel);
541 
542       xelf_getrel (data, cnt, rel);
543       /* XXX Should we complain about failing accesses?  */
544       if (rel != NULL)
545 	{
546 	  Elf32_Word r_sym = XELF_R_SYM (rel->r_info);
547 
548 	  /* Symbols in COMDAT group sections which are discarded do
549 	     not have to be relocated.  */
550 	  if (r_sym >= scninfo->fileinfo->nlocalsymbols
551 	      && unlikely (scninfo->fileinfo->symref[r_sym] == NULL))
552 	    continue;
553 
554 	  switch (XELF_R_TYPE (rel->r_info))
555 	    {
556 	    case R_386_GOT32:
557 	      if (! scninfo->fileinfo->symref[r_sym]->defined
558 		  || scninfo->fileinfo->symref[r_sym]->in_dso
559 		  || statep->file_type == dso_file_type)
560 		{
561 		  relsize += sizeof (Elf32_Rel);
562 		  ++statep->nrel_got;
563 		}
564 
565 	      /* Even if this relocation is not emitted in the output
566 		 file it requires a GOT entry.  */
567 	      ++statep->ngot;
568 
569 	      /* FALLTHROUGH */
570 
571 	    case R_386_GOTOFF:
572 	    case R_386_GOTPC:
573 	      statep->need_got = true;
574 	      break;
575 
576 	    case R_386_32:
577 	    case R_386_PC32:
578 	      /* These relocations cause text relocations in DSOs.  */
579 	      if (linked_from_dso_p (scninfo, r_sym))
580 		{
581 		  if (statep->file_type == dso_file_type)
582 		    {
583 		      relsize += sizeof (Elf32_Rel);
584 		      // XXX Do we have to check whether the target
585 		      // XXX section is read-only first?
586 		      statep->dt_flags |= DF_TEXTREL;
587 		    }
588 		  else
589 		    {
590 		      /* Non-function objects from a DSO need to get a
591 			 copy relocation.  */
592 		      sym = scninfo->fileinfo->symref[r_sym];
593 
594 		      /* Only do this if we have not requested a copy
595 			 relocation already.  */
596 		      if (unlikely (sym->type != STT_FUNC) && ! sym->need_copy)
597 			{
598 			  sym->need_copy = 1;
599 			  ++statep->ncopy;
600 			  relsize += sizeof (Elf32_Rel);
601 			}
602 		    }
603 		}
604 	      else if (statep->file_type == dso_file_type
605 		       && XELF_R_TYPE (rel->r_info) == R_386_32)
606 		relsize += sizeof (Elf32_Rel);
607 
608 	      break;
609 
610 	    case R_386_PLT32:
611 	      /* We might need a PLT entry.  But we cannot say for sure
612 		 here since one of the symbols might turn up being
613 		 defined in the executable (if we create such a thing).
614 		 If a DSO is created we still might use a local
615 		 definition.
616 
617 		 If the symbol is not defined and we are not creating
618 		 a statically linked binary, then we need in any case
619 		 a PLT entry.  */
620 	      if (! scninfo->fileinfo->symref[r_sym]->defined
621 		  && !statep->statically)
622 		{
623 		  sym = scninfo->fileinfo->symref[r_sym];
624 		  sym->type = STT_FUNC;
625 		  sym->in_dso = 1;
626 		  sym->defined = 1;
627 
628 		  /* Remove from the list of unresolved symbols.  */
629 		  --statep->nunresolved;
630 		  if (! sym->weak)
631 		    --statep->nunresolved_nonweak;
632 		  CDBL_LIST_DEL (statep->unresolved, sym);
633 
634 		  /* Add to the list of symbols we expect from a DSO.  */
635 		  ++statep->nplt;
636 		  ++statep->nfrom_dso;
637 		  CDBL_LIST_ADD_REAR (statep->from_dso, sym);
638 		}
639 	      break;
640 
641 	    case R_386_TLS_LDO_32:
642 	      if (statep->file_type != executable_file_type)
643 		abort ();
644 	      /* We do not need a relocation in the output file.  */
645 	      break;
646 
647 	    case R_386_TLS_LE:
648 	      /* We never need a relocation in the output file.  */
649 	      break;
650 
651 	    case R_386_TLS_IE:
652 	      if (statep->file_type == dso_file_type)
653 		error (EXIT_FAILURE, 0, gettext ("initial-executable TLS relocation cannot be used "));
654 	      if (!scninfo->fileinfo->symref[r_sym]->defined
655 		  || scninfo->fileinfo->symref[r_sym]->in_dso)
656 		{
657 		  abort ();
658 		}
659 	      break;
660 
661 	    case R_386_TLS_GD:
662 	      if (statep->file_type != executable_file_type
663 		  || !scninfo->fileinfo->symref[r_sym]->defined
664 		  || scninfo->fileinfo->symref[r_sym]->in_dso)
665 		{
666 		  abort ();
667 		}
668 	      break;
669 
670 	    case R_386_TLS_GOTIE:
671 	    case R_386_TLS_LDM:
672 	    case R_386_TLS_GD_32:
673 	    case R_386_TLS_GD_PUSH:
674 	    case R_386_TLS_GD_CALL:
675 	    case R_386_TLS_GD_POP:
676 	    case R_386_TLS_LDM_32:
677 	    case R_386_TLS_LDM_PUSH:
678 	    case R_386_TLS_LDM_CALL:
679 	    case R_386_TLS_LDM_POP:
680 	    case R_386_TLS_IE_32:
681 	    case R_386_TLS_LE_32:
682 	      /* XXX */
683 	      abort ();
684 	      break;
685 
686 	    case R_386_NONE:
687 	      /* Nothing to be done.  */
688 	      break;
689 
690 	      /* These relocation should never be generated by an
691 		 assembler.  */
692 	    case R_386_COPY:
693 	    case R_386_GLOB_DAT:
694 	    case R_386_JMP_SLOT:
695 	    case R_386_RELATIVE:
696 	    case R_386_TLS_DTPMOD32:
697 	    case R_386_TLS_DTPOFF32:
698 	    case R_386_TLS_TPOFF32:
699 	      /* Unknown relocation.  */
700 	    default:
701 	      abort ();
702 	    }
703 	}
704     }
705 
706   scninfo->relsize = relsize;
707 }
708 
709 
710 static void
elf_i386_create_relocations(struct ld_state * statep,const Elf32_Word * dblindirect)711 elf_i386_create_relocations (struct ld_state *statep,
712 			     const Elf32_Word *dblindirect __attribute__ ((unused)))
713 {
714   /* Get the address of the got section.  */
715   Elf_Scn *pltscn = elf_getscn (statep->outelf, statep->pltscnidx);
716   Elf32_Shdr *shdr = elf32_getshdr (pltscn);
717   assert (shdr != NULL);
718   Elf32_Addr pltaddr = shdr->sh_addr;
719 
720   Elf_Scn *gotscn = elf_getscn (statep->outelf, statep->gotscnidx);
721   // XXX Adjust the address, if necessary, for relro
722   Elf_Data *gotdata = NULL;
723   if (statep->need_got)
724     {
725       gotdata = elf_getdata (gotscn, NULL);
726       assert (gotdata != NULL);
727     }
728 
729   Elf_Scn *gotpltscn = elf_getscn (statep->outelf, statep->gotpltscnidx);
730   shdr = elf32_getshdr (gotpltscn);
731   assert (shdr != NULL);
732   Elf32_Addr gotaddr = shdr->sh_addr;
733 
734   Elf_Scn *reldynscn = elf_getscn (statep->outelf, statep->reldynscnidx);
735   Elf_Data *reldyndata = elf_getdata (reldynscn, NULL);
736   assert (reldyndata != NULL);
737 
738   size_t nreldyn = 0;
739   size_t ngotconst = statep->nrel_got;
740 
741   struct scninfo *first = statep->rellist->next;
742   struct scninfo *runp = first;
743   do
744     {
745       XElf_Shdr *rshdr = &SCNINFO_SHDR (runp->shdr);
746       Elf_Data *reldata = elf_getdata (runp->scn, NULL);
747       int nrels = rshdr->sh_size / rshdr->sh_entsize;
748 
749       /* We will need the following values a couple of times.  Help
750 	 the compiler and improve readability.  */
751       struct symbol **symref = runp->fileinfo->symref;
752       struct scninfo *scninfo = runp->fileinfo->scninfo;
753 
754       /* This is the offset of the input section we are looking at in
755 	 the output file.  */
756       XElf_Addr inscnoffset = scninfo[rshdr->sh_info].offset;
757 
758       /* The target section.  We use the data from the input file.  */
759       Elf_Data *data = elf_getdata (scninfo[rshdr->sh_info].scn, NULL);
760 
761       /* We cannot handle relocations against merge-able sections.  */
762       assert ((SCNINFO_SHDR (scninfo[rshdr->sh_link].shdr).sh_flags
763 	       & SHF_MERGE) == 0);
764 
765       /* Cache the access to the symbol table data.  */
766       Elf_Data *symdata = elf_getdata (scninfo[rshdr->sh_link].scn, NULL);
767 
768       for (int cnt = 0; cnt < nrels; ++cnt)
769 	{
770 	  XElf_Rel_vardef (rel);
771 	  XElf_Rel *rel2;
772 	  xelf_getrel (reldata, cnt, rel);
773 	  assert (rel != NULL);
774 	  XElf_Addr reladdr = inscnoffset + rel->r_offset;
775 	  XElf_Addr value;
776 
777 	  size_t idx = XELF_R_SYM (rel->r_info);
778 	  if (idx < runp->fileinfo->nlocalsymbols)
779 	    {
780 	      XElf_Sym_vardef (sym);
781 	      xelf_getsym (symdata, idx, sym);
782 
783 	      /* The value only depends on the position of the referenced
784 		 section in the output file and the addend.  */
785 	      value = scninfo[sym->st_shndx].offset + sym->st_value;
786 	    }
787 	  else
788 	    {
789 	      if (symref[idx] == NULL)
790 		/* Symbol in ignored COMDAT group section.  */
791 		continue;
792 
793 	      value = symref[idx]->merge.value;
794 	      if (symref[idx]->in_dso)
795 		{
796 		  /* MERGE.VALUE contains the PLT index.  If this is not for
797 		     a function the actual value will be computed later.  */
798 		  assert (value != 0 || symref[idx]->type != STT_FUNC);
799 		  value = pltaddr + value * PLT_ENTRY_SIZE;
800 		}
801 	    }
802 
803 	  /* Address of the relocated memory in the data buffer.  */
804 	  unsigned char *relloc = (unsigned char *) data->d_buf + rel->r_offset;
805 
806 	  uint32_t thisgotidx;
807 	  switch (XELF_R_TYPE (rel->r_info))
808 	    {
809 	      /* These three cases can be handled together since the
810 		 symbol associated with the R_386_GOTPC relocation is
811 		 _GLOBAL_OFFSET_TABLE_ which has a value corresponding
812 		 to the address of the GOT and the address of the PLT
813 		 entry required for R_386_PLT32 is computed above.  */
814 	    case R_386_PC32:
815 	    case R_386_GOTPC:
816 	    case R_386_PLT32:
817 	      value -= reladdr;
818 	      /* FALLTHROUGH */
819 
820 	    case R_386_32:
821 	      if (linked_from_dso_p (scninfo, idx)
822 		  && statep->file_type != dso_file_type
823 		  && symref[idx]->type != STT_FUNC)
824 		{
825 		  value = (ld_state.copy_section->offset
826 			   + symref[idx]->merge.value);
827 
828 		  if (unlikely (symref[idx]->need_copy))
829 		    {
830 		      /* Add a relocation to initialize the GOT entry.  */
831 		      assert (symref[idx]->outdynsymidx != 0);
832 #if NATIVE_ELF != 0
833 		      xelf_getrel_ptr (reldyndata, nreldyn, rel2);
834 #else
835 		      rel2 = &rel_mem;
836 #endif
837 		      rel2->r_offset = value;
838 		      rel2->r_info
839 			= XELF_R_INFO (symref[idx]->outdynsymidx, R_386_COPY);
840 		      (void) xelf_update_rel (reldyndata, nreldyn, rel2);
841 		      ++nreldyn;
842 		      assert (nreldyn <= statep->nrel_got);
843 
844 		      /* Update the symbol table record for the new
845 			 address.  */
846 		      Elf32_Word symidx = symref[idx]->outdynsymidx;
847 		      Elf_Scn *symscn = elf_getscn (statep->outelf,
848 						    statep->dynsymscnidx);
849 		      Elf_Data *outsymdata = elf_getdata (symscn, NULL);
850 		      assert (outsymdata != NULL);
851 		      XElf_Sym_vardef (sym);
852 		      xelf_getsym (outsymdata, symidx, sym);
853 		      sym->st_value = value;
854 		      sym->st_shndx = statep->copy_section->outscnndx;
855 		      (void) xelf_update_sym (outsymdata, symidx, sym);
856 
857 		      symidx = symref[idx]->outsymidx;
858 		      if (symidx != 0)
859 			{
860 			  symidx = statep->dblindirect[symidx];
861 			  symscn = elf_getscn (statep->outelf,
862 					       statep->symscnidx);
863 			  outsymdata = elf_getdata (symscn, NULL);
864 			  assert (outsymdata != NULL);
865 			  xelf_getsym (outsymdata, symidx, sym);
866 			  sym->st_value = value;
867 			  sym->st_shndx = statep->copy_section->outscnndx;
868 			  (void) xelf_update_sym (outsymdata, symidx, sym);
869 			}
870 
871 		      /* Remember that we set up the copy relocation.  */
872 		      symref[idx]->need_copy = 0;
873 		    }
874 		}
875 	      else if (statep->file_type == dso_file_type
876 		       && XELF_R_TYPE (rel->r_info) == R_386_32)
877 		{
878 #if NATIVE_ELF != 0
879 		  xelf_getrel_ptr (reldyndata, nreldyn, rel2);
880 #else
881 		  rel2 = &rel_mem;
882 #endif
883 		  rel2->r_offset = value;
884 
885 		  /* For symbols we do not export we generate a relative
886 		     relocation.  */
887 		  if (idx < SCNINFO_SHDR (scninfo[rshdr->sh_link].shdr).sh_info
888 		      || symref[idx]->outdynsymidx == 0)
889 		    rel2->r_info = XELF_R_INFO (0, R_386_RELATIVE);
890 		  else
891 		    rel2->r_info
892 		      = XELF_R_INFO (symref[idx]->outdynsymidx, R_386_32);
893 		  (void) xelf_update_rel (reldyndata, nreldyn, rel2);
894 		  ++nreldyn;
895 		  assert (nreldyn <= statep->nrel_got);
896 
897 		  value = 0;
898 		}
899 	      add_4ubyte_unaligned (relloc, value);
900 	      break;
901 
902 	    case R_386_GOT32:
903 	      if (! symref[idx]->defined || symref[idx]->in_dso)
904 		{
905 		  thisgotidx = nreldyn++;
906 		  assert (thisgotidx < statep->nrel_got);
907 
908 		  /* Add a relocation to initialize the GOT entry.  */
909 #if NATIVE_ELF != 0
910 		  xelf_getrel_ptr (reldyndata, thisgotidx, rel2);
911 #else
912 		  rel2 = &rel_mem;
913 #endif
914 		  rel2->r_offset = gotaddr + ((thisgotidx - statep->ngot)
915 					      * sizeof (Elf32_Addr));
916 		  rel2->r_info
917 		    = XELF_R_INFO (symref[idx]->outdynsymidx, R_386_GLOB_DAT);
918 		  (void) xelf_update_rel (reldyndata, thisgotidx, rel2);
919 		}
920 	      else if (statep->file_type != dso_file_type)
921 		{
922 		  thisgotidx = ngotconst++;
923 		  assert (thisgotidx < statep->ngot);
924 
925 		  /* We have to use a GOT since the generated code
926 		     requires it but we know the address and therefore
927 		     do not need a relocation.  */
928 		  ((uint32_t *) gotdata->d_buf)[thisgotidx] = value;
929 		}
930 	      else
931 		{
932 		  thisgotidx = nreldyn++;
933 		  assert (thisgotidx < statep->nrel_got);
934 
935 		  // XXX generate a relative relocation.
936 		  abort ();
937 		}
938 
939 	      store_4ubyte_unaligned (relloc,
940 				      (thisgotidx - statep->ngot)
941 				      * sizeof (Elf32_Addr));
942 	      break;
943 
944 	    case R_386_GOTOFF:
945 	      add_4ubyte_unaligned (relloc, value - gotaddr);
946 	      break;
947 
948 	    case R_386_TLS_LE:
949 	      value = symref[idx]->merge.value - ld_state.tls_tcb;
950 	      store_4ubyte_unaligned (relloc, value);
951 	      break;
952 
953 	    case R_386_TLS_IE:
954 	      if (symref[idx]->defined && !symref[idx]->in_dso)
955 		{
956 		  /* The symbol is defined in the executable.
957 		     Perform the IE->LE optimization.
958 		     There are multiple versions, though.
959 
960 		     First version: mov ADDR,REG.  */
961 		  if (relloc[-2] == 0x8b
962 		      && ((relloc[-1] & 0xc7) == 0x05))
963 		    {
964 		      relloc[-2] = 0xc7;
965 		      relloc[-1] = 0xc0 | ((relloc[-1] >> 3) & 7);
966 		      store_4ubyte_unaligned (relloc, (symref[idx]->merge.value
967 						       - ld_state.tls_tcb));
968 		    }
969 		  else
970 		    {
971 		      abort ();
972 		    }
973 		}
974 	      else
975 		{
976 		  abort ();
977 		}
978 	      break;
979 
980 	    case R_386_TLS_LDO_32:
981 	      value = symref[idx]->merge.value - ld_state.tls_start;
982 	      store_4ubyte_unaligned (relloc, value);
983 	      break;
984 
985 	    case R_386_TLS_GD:
986 	      if (ld_state.file_type == executable_file_type)
987 		{
988 		  if (symref[idx]->defined && !symref[idx]->in_dso)
989 		    {
990 		      /* The symbol is defined in the executable.
991 			 Perform the GD->LE optimization.  */
992 		      static const char gd_to_le[] =
993 			{
994 			  /* mov %gs:0x0,%eax */
995 			  0x65, 0xa1, 0x00, 0x00, 0x00, 0x00,
996 			  /* sub $OFFSET,%eax */
997 			  0x81, 0xe8
998 			};
999 #ifndef NDEBUG
1000 		      static const char gd_text[] =
1001 			{
1002 			  /* lea 0x0(,%ebx,1),%eax */
1003 			  0x8d, 0x04, 0x1d, 0x00, 0x00, 0x00, 0x00,
1004 			  /* call ___tls_get_addr */
1005 			  0xe8
1006 			};
1007 		      assert (memcmp (relloc - 3, gd_text, sizeof (gd_text))
1008 			      == 0);
1009 #endif
1010 		      relloc = mempcpy (relloc - 3, gd_to_le,
1011 					sizeof (gd_to_le));
1012 		      value = ld_state.tls_tcb- symref[idx]->merge.value;
1013 		      store_4ubyte_unaligned (relloc, value);
1014 
1015 		      /* We have to skip over the next relocation which is
1016 			 the matching R_i386_PLT32 for __tls_get_addr.  */
1017 		      ++cnt;
1018 #ifndef NDEBUG
1019 		      assert (cnt < nrels);
1020 		      XElf_Off old_offset = rel->r_offset;
1021 		      xelf_getrel (reldata, cnt, rel);
1022 		      assert (rel != NULL);
1023 		      assert (XELF_R_TYPE (rel->r_info) == R_386_PLT32);
1024 		      idx = XELF_R_SYM (rel->r_info);
1025 		      assert (strcmp (symref[idx]->name, "___tls_get_addr")
1026 			      == 0);
1027 		      assert (old_offset + 5 == rel->r_offset);
1028 #endif
1029 
1030 		      break;
1031 		    }
1032 		}
1033 	      abort ();
1034 	      break;
1035 
1036 	    case R_386_32PLT:
1037 	    case R_386_TLS_TPOFF:
1038 	    case R_386_TLS_GOTIE:
1039 	    case R_386_TLS_LDM:
1040 	    case R_386_16:
1041 	    case R_386_PC16:
1042 	    case R_386_8:
1043 	    case R_386_PC8:
1044 	    case R_386_TLS_GD_32:
1045 	    case R_386_TLS_GD_PUSH:
1046 	    case R_386_TLS_GD_CALL:
1047 	    case R_386_TLS_GD_POP:
1048 	    case R_386_TLS_LDM_32:
1049 	    case R_386_TLS_LDM_PUSH:
1050 	    case R_386_TLS_LDM_CALL:
1051 	    case R_386_TLS_LDM_POP:
1052 	    case R_386_TLS_IE_32:
1053 	    case R_386_TLS_LE_32:
1054 	      // XXX For now fall through
1055 	      break;
1056 
1057 	    case R_386_NONE:
1058 	      /* Nothing to do.  */
1059 	      break;
1060 
1061 	    case R_386_COPY:
1062 	    case R_386_JMP_SLOT:
1063 	    case R_386_RELATIVE:
1064 	    case R_386_GLOB_DAT:
1065 	    case R_386_TLS_DTPMOD32:
1066 	    case R_386_TLS_DTPOFF32:
1067 	    case R_386_TLS_TPOFF32:
1068 	    default:
1069 	      /* Should not happen.  */
1070 	      abort ();
1071 	    }
1072 	}
1073     }
1074   while ((runp = runp->next) != first);
1075 }
1076 
1077 
1078 int
elf_i386_ld_init(struct ld_state * statep)1079 elf_i386_ld_init (struct ld_state *statep)
1080 {
1081   /* We have a few callbacks available.  */
1082   old_open_outfile = statep->callbacks.open_outfile;
1083   statep->callbacks.open_outfile = elf_i386_open_outfile;
1084 
1085   statep->callbacks.relocate_section  = elf_i386_relocate_section;
1086 
1087   statep->callbacks.initialize_plt = elf_i386_initialize_plt;
1088   statep->callbacks.initialize_pltrel = elf_i386_initialize_pltrel;
1089 
1090   statep->callbacks.initialize_got = elf_i386_initialize_got;
1091   statep->callbacks.initialize_gotplt = elf_i386_initialize_gotplt;
1092 
1093   statep->callbacks.finalize_plt = elf_i386_finalize_plt;
1094 
1095   statep->callbacks.rel_type = elf_i386_rel_type;
1096 
1097   statep->callbacks.count_relocations = elf_i386_count_relocations;
1098 
1099   statep->callbacks.create_relocations = elf_i386_create_relocations;
1100 
1101   return 0;
1102 }
1103