Created attachment 11406 [details] test case seen with the 2.31 branch on aarch64-linux-gnu, reproducible with a cross linker: $ aarch64-linux-gnu-ld --build-id --eh-frame-hdr --hash-style=gnu -dynamic-linker /lib/ld-linux-aarch64.so.1 -X -EL -maarch64linux --fix-cortex-a53-843419 -pie system/Scrt1.o system/crti.o system/crtbeginS.o vmem_create_in_region.o libvmem.a libut.a -lgcc --push-state --as-needed -lgcc_s --pop-state -lpthread -lc -lgcc --push-state --as-needed -lgcc_s --pop-state system/crtendS.o system/crtn.o -Lsystem/ aarch64-linux-gnu-ld: BFD (GNU Binutils for Debian) 2.31.1 internal error, aborting at ../../bfd/elfnn-aarch64.c:5078 in _bfd_aarch64_erratum_843419_branch_to_stub aarch64-linux-gnu-ld: Please report this bug.
Confirmed . Not very helpfully, I see the assertion failure appear somewhere between binutils-2.28 and binutils-2.30 regards Ramana
Tamar, Could you take a look at this please when you get in ? Ramana
Sure, taking a look now.
Patch for fix submitted upstream for review.
The master branch has been updated by Tamar Christina <tnfchris@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9fca35fc3486283562a7fcd9eb0ff845b0152d98 commit 9fca35fc3486283562a7fcd9eb0ff845b0152d98 Author: Tamar Christina <tamar.christina@arm.com> Date: Tue Nov 27 12:33:21 2018 +0000 AArch64: Fix regression in Cortex A53 erratum when PIE. (PR ld/23904) The fix for PR ld/22263 causes TLS relocations using ADRP to be relaxed into MOVZ, however this causes issues for the erratum code. The erratum code scans the input sections looking for ADRP instructions and notes their location in the stream. It then later tries to find them again in order to generate the linker stubs. Due to the relaxation it instead finds a MOVZ and hard aborts. Since this relaxation is a valid one, and in which case the erratum no longer applies, it shouldn't abort but instead just continue. This changes the TLS relaxation code such that when it finds an ADRP and it relaxes it, it removes the erratum entry from the work list by changing the stub type into none so the stub is ignored. The entry is not actually removed as removal is a more expensive operation and we have already allocated the memory anyway. The clearing is done for IE->LE and GD->LE relaxations, and a testcase is added for the IE case. The GD case I believe to be impossible to get together with the erratum sequence due to the required BL which would break the sequence. However to cover all basis I have added the guard there as well. build on native hardware and regtested on aarch64-none-elf, aarch64-none-elf (32 bit host), aarch64-none-linux-gnu, aarch64-none-linux-gnu (32 bit host) Cross-compiled and regtested on aarch64-none-linux-gnu, aarch64_be-none-linux-gnu Testcase in PR23940 tested and works as expected now and benchmarks ran on A53 showing no regressions and no issues. bfd/ChangeLog: PR ld/23904 * elfnn-aarch64.c (_bfd_aarch64_adrp_p): Use existing constants. (_bfd_aarch64_erratum_843419_branch_to_stub): Use _bfd_aarch64_adrp_p. (struct erratum_835769_branch_to_stub_clear_data): New. (_bfd_aarch64_erratum_843419_clear_stub): New. (clear_erratum_843419_entry): New. (elfNN_aarch64_tls_relax): Use it. (elfNN_aarch64_relocate_section): Pass input_section. (aarch64_map_one_stub): Handle branch type none as valid. ld/ChangeLog: PR ld/23904 * testsuite/ld-aarch64/aarch64-elf.exp: Add erratum843419_tls_ie. * testsuite/ld-aarch64/erratum843419_tls_ie.d: New test. * testsuite/ld-aarch64/erratum843419_tls_ie.s: New test.
The binutils-2_31-branch branch has been updated by Tamar Christina <tnfchris@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=513092d696472fc06cf7812e14160e16b2da5286 commit 513092d696472fc06cf7812e14160e16b2da5286 Author: Tamar Christina <tamar.christina@arm.com> Date: Tue Nov 27 12:33:21 2018 +0000 AArch64: Fix regression in Cortex A53 erratum when PIE. (PR ld/23904) The fix for PR ld/22263 causes TLS relocations using ADRP to be relaxed into MOVZ, however this causes issues for the erratum code. The erratum code scans the input sections looking for ADRP instructions and notes their location in the stream. It then later tries to find them again in order to generate the linker stubs. Due to the relaxation it instead finds a MOVZ and hard aborts. Since this relaxation is a valid one, and in which case the erratum no longer applies, it shouldn't abort but instead just continue. This changes the TLS relaxation code such that when it finds an ADRP and it relaxes it, it removes the erratum entry from the work list by changing the stub type into none so the stub is ignored. The entry is not actually removed as removal is a more expensive operation and we have already allocated the memory anyway. The clearing is done for IE->LE and GD->LE relaxations, and a testcase is added for the IE case. The GD case I believe to be impossible to get together with the erratum sequence due to the required BL which would break the sequence. However to cover all basis I have added the guard there as well. build on native hardware and regtested on aarch64-none-elf, aarch64-none-elf (32 bit host), aarch64-none-linux-gnu, aarch64-none-linux-gnu (32 bit host) Cross-compiled and regtested on aarch64-none-linux-gnu, aarch64_be-none-linux-gnu Testcase in PR23940 tested and works as expected now and benchmarks ran on A53 showing no regressions and no issues. bfd/ChangeLog: PR ld/23904 * elfnn-aarch64.c (_bfd_aarch64_adrp_p): Use existing constants. (_bfd_aarch64_erratum_843419_branch_to_stub): Use _bfd_aarch64_adrp_p. (struct erratum_835769_branch_to_stub_clear_data): New. (_bfd_aarch64_erratum_843419_clear_stub): New. (clear_erratum_843419_entry): New. (elfNN_aarch64_tls_relax): Use it. (elfNN_aarch64_relocate_section): Pass input_section. (aarch64_map_one_stub): Handle branch type none as valid. ld/ChangeLog: PR ld/23904 * testsuite/ld-aarch64/aarch64-elf.exp: Add erratum843419_tls_ie. * testsuite/ld-aarch64/erratum843419_tls_ie.d: New test. * testsuite/ld-aarch64/erratum843419_tls_ie.s: New test. (cherry picked from commit 9fca35fc3486283562a7fcd9eb0ff845b0152d98)
Fixed in mainline and backported to binutils 2.31.