[ELF][PPC64] Don't perform toc-indirect to toc-relative relaxation for R_PPC64_TOC16_HA not followed by R_PPC64_TOC16_LO_DS

The current implementation assumes that R_PPC64_TOC16_HA is always followed by R_PPC64_TOC16_LO_DS. This can break with: // Load the address of the TOC entry, instead of the value stored at that address addis 3, 2, .LC0@tloc@ha # R_PPC64_TOC16_HA addi 3, 3, .LC0@tloc@l # R_PPC64_TOC16_LO blr which is used by boringssl's util/fipstools/delocate/delocate.go https://github.com/google/boringssl/blob/master/crypto/fipsmodule/FIPS.md has some documentation. In short, this tool converts an assembly file to avoid any potential relocations. The distance to an input .toc is not a constant after linking, so the assembly cannot use an `addis;ld` pair. Instead, delocate changes the code to jump to a stub (`addis;addi`) which loads the TOC entry address. Reviewed By: sfertile Differential Revision: https://reviews.llvm.org/D78431
2020-04-17 23:08:11 -07:00 · 2020-04-17 23:08:11 -07:00 · 03ffe58605
parent 2a3cf5e583
commit 03ffe58605
2 changed files with 44 additions and 3 deletions
--- a/lld/ELF/InputSection.cpp
+++ b/lld/ELF/InputSection.cpp
@ -949,7 +949,8 @@ void InputSectionBase::relocateAlloc(uint8_t *buf, uint8_t *bufEnd) {
  assert(flags & SHF_ALLOC);
  const unsigned bits = config->wordsize * 8;

-  for (const Relocation &rel : relocations) {
+  for (size_t i = 0, e = relocations.size(); i != e; ++i) {
+    const Relocation &rel = relocations[i];
    if (rel.expr == R_NONE)
      continue;
    uint64_t offset = rel.offset;
@ -969,10 +970,16 @@ void InputSectionBase::relocateAlloc(uint8_t *buf, uint8_t *bufEnd) {
    case R_RELAX_GOT_PC_NOPIC:
      target->relaxGot(bufLoc, rel, targetVA);
      break;
-    case R_PPC64_RELAX_TOC:
-      if (!tryRelaxPPC64TocIndirection(rel, bufLoc))
+    case R_PPC64_RELAX_TOC: {
+      // For R_PPC64_TOC16_HA, if it is not paired with an R_PPC64_TOC16_LO_DS,
+      // don't relax.
+      bool relax =
+          rel.type == R_PPC64_TOC16_LO_DS ||
+          (i + 1 != e && relocations[i + 1].type == R_PPC64_TOC16_LO_DS);
+      if (!relax || !tryRelaxPPC64TocIndirection(rel, bufLoc))
        target->relocate(bufLoc, rel, targetVA);
      break;
+    }
    case R_RELAX_TLS_IE_TO_LE:
      target->relaxTlsIeToLe(bufLoc, rel, targetVA);
      break;
--- a/lld/test/ELF/ppc64-toc-relax2.s
+++ b/lld/test/ELF/ppc64-toc-relax2.s
@ -0,0 +1,34 @@
+# REQUIRES: ppc
+# RUN: llvm-mc -filetype=obj -triple=powerpc64le %s -o %t.o
+# RUN: ld.lld %t.o -o %t
+# RUN: llvm-objdump -d %t | FileCheck %s
+
+# CHECK-LABEL: <_start>:
+.globl _start
+_start:
+## Perform toc-indirect to toc-relative relaxation even if there are unrelated instructions in between.
+# CHECK-NEXT:   addis 3, 2, -1
+# CHECK-NEXT:   li 9, 0
+# CHECK-NEXT:   addi 3, 3, -32768
+# CHECK-NEXT:   lwa 3, 0(3)
+# CHECK-NEXT:   li 9, 0
+  addis 3, 2, .LC0@toc@ha  # R_PPC64_TOC16_HA
+  li    9, 0
+  ld    3, .LC0@toc@l(3)   # R_PPC64_TOC16_LO_DS
+  lwa   3, 0(3)
+  li    9, 0
+
+## The R_PPC64_TOC16_HA is not followed by an R_PPC64_TOC16_LO_DS.
+## Don't perform toc-indirect to toc-relative relaxation.
+# CHECK-NEXT:   nop
+# CHECK-NEXT:   addi 3, 2, -32768
+# CHECK-NEXT:   blr
+  addis 3, 2, .LC0@toc@ha  # R_PPC64_TOC16_HA
+  addi  3, 3, .LC0@toc@l   # R_PPC64_TOC16_LO
+  blr
+
+AES_encrypt:
+
+.section .toc,"aw",@progbits
+.LC0:
+  .tc AES_encrypt[TC], AES_encrypt