Bug 24355 - segmentation fault in functions called from ppc_finish_symbols
Summary: segmentation fault in functions called from ppc_finish_symbols
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: ld (show other bugs)
Version: 2.32
: P2 normal
Target Milestone: ---
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-18 05:58 UTC by Arseny Solokha
Modified: 2019-03-18 13:09 UTC (History)
0 users

See Also:
Host:
Target: powerpc-*-linux-gnu
Build:
Last reconfirmed: 2019-03-18 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arseny Solokha 2019-03-18 05:58:32 UTC
ld.bfd 2.32.0 segfaults when invoked by the 9.0.0-alpha20190310 snapshot on the following testcase:

int q0lf, pqcl, g4ru, a0jg, y855, e2ys, wmuc, razx, xnxl, lfnp, zt9p, txqa,
  aq33, sypu, g7kn;

__attribute__ ((longcall)) int
n4nxhz9u (void)
{
  return 0;
}

int
wygieoga (void)
{
  return n4nxhz9u () + q0lf;
}

int
y41zsu7m (void)
{
  return 0;
}

int
main (void)
{
  return wygieoga () + y41zsu7m ();
}

% powerpc-e300c3-linux-gnu-gcc-9.0.0-alpha20190310 -flto -fuse-ld=bfd mp5vu7b1.c
collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped
compilation terminated.

I don't have a usable backtrace at hand immediately, though I can obtain it if necessary. The unusable one:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fad69162b00 in bfd_putb32 ()
   from /usr/lib64/binutils/powerpc-e300c3-linux-gnu/2.31.1/libbfd-2.31.1.gentoo-cross-powerpc-e300c3-linux-gnu-binutils-st.so
(gdb) where
#0  0x00007fad69162b00 in bfd_putb32 ()
   from /usr/lib64/binutils/powerpc-e300c3-linux-gnu/2.31.1/libbfd-2.31.1.gentoo-cross-powerpc-e300c3-linux-gnu-binutils-st.so
#1  0x00007fad691772a3 in ?? ()
   from /usr/lib64/binutils/powerpc-e300c3-linux-gnu/2.31.1/libbfd-2.31.1.gentoo-cross-powerpc-e300c3-linux-gnu-binutils-st.so
#2  0x00007fad69181cc6 in ppc_finish_symbols ()
   from /usr/lib64/binutils/powerpc-e300c3-linux-gnu/2.31.1/libbfd-2.31.1.gentoo-cross-powerpc-e300c3-linux-gnu-binutils-st.so
#3  0x00005626ce8084ba in ?? ()
#4  0x00005626ce7fafff in ?? ()
#5  0x00005626ce7e8d29 in ?? ()
#6  0x00007fad68f901bb in __libc_start_main () from /lib64/libc.so.6
#7  0x00005626ce7e92fa in ?? ()
Comment 1 Sourceware Commits 2019-03-18 12:15:12 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8cd1fe1bf525b59f4d07e5790d11d49eee7e8494

commit 8cd1fe1bf525b59f4d07e5790d11d49eee7e8494
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Mar 18 21:38:36 2019 +1030

    PR24355, segmentation fault in function called from ppc_finish_symbols
    
    This one looks to be a bug going back to 2009, git commit e054468f6c
    "STT_GNU_IFUNC support for PowerPC".  That bug was carried over with
    git commit 49c09209d0 "Rearrange PLT reloc output on powerpc".
    
    If the refcount for an ifunc local sym plt entry was zero,
    ppc_elf_size_dynamic_sections would correctly set plt.offset to -1 but
    leave glink_offset uninitialized.  That leads to occasional segfaults
    (which can be made solid with MALLOC_PERTURB_=1 when using glibc).
    So, guard the write_glink_stub call with plt.offset != -1.  Also,
    remove the totally ineffective attempt at writing multiple-use glink
    stubs only once.
    
    	PR 24355
    	* elf32-ppc.c (ppc_finish_symbols): Don't call write_glink_stub
    	for local iplt syms with ent->plt.offset == -1.  Remove ineffective
    	attempt at writing glink stubs only once.
Comment 2 Sourceware Commits 2019-03-18 12:21:45 UTC
The binutils-2_32-branch branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7efcedf2b5871d455bc8a24bac3ebe28c7d8e470

commit 7efcedf2b5871d455bc8a24bac3ebe28c7d8e470
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Mar 18 21:38:36 2019 +1030

    PR24355, segmentation fault in function called from ppc_finish_symbols
    
    This one looks to be a bug going back to 2009, git commit e054468f6c
    "STT_GNU_IFUNC support for PowerPC".  That bug was carried over with
    git commit 49c09209d0 "Rearrange PLT reloc output on powerpc".
    
    If the refcount for an ifunc local sym plt entry was zero,
    ppc_elf_size_dynamic_sections would correctly set plt.offset to -1 but
    leave glink_offset uninitialized.  That leads to occasional segfaults
    (which can be made solid with MALLOC_PERTURB_=1 when using glibc).
    So, guard the write_glink_stub call with plt.offset != -1.  Also,
    remove the totally ineffective attempt at writing multiple-use glink
    stubs only once.
    
    	PR 24355
    	* elf32-ppc.c (ppc_finish_symbols): Don't call write_glink_stub
    	for local iplt syms with ent->plt.offset == -1.  Remove ineffective
    	attempt at writing glink stubs only once.
    
    (cherry picked from commit 8cd1fe1bf525b59f4d07e5790d11d49eee7e8494)
Comment 3 Sourceware Commits 2019-03-18 12:26:38 UTC
The binutils-2_31-branch branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dba17838ab20a814e6c8ba51afe6962d1c400227

commit dba17838ab20a814e6c8ba51afe6962d1c400227
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Mar 18 21:38:36 2019 +1030

    PR24355, segmentation fault in function called from ppc_finish_symbols
    
    This one looks to be a bug going back to 2009, git commit e054468f6c
    "STT_GNU_IFUNC support for PowerPC".  That bug was carried over with
    git commit 49c09209d0 "Rearrange PLT reloc output on powerpc".
    
    If the refcount for an ifunc local sym plt entry was zero,
    ppc_elf_size_dynamic_sections would correctly set plt.offset to -1 but
    leave glink_offset uninitialized.  That leads to occasional segfaults
    (which can be made solid with MALLOC_PERTURB_=1 when using glibc).
    So, guard the write_glink_stub call with plt.offset != -1.  Also,
    remove the totally ineffective attempt at writing multiple-use glink
    stubs only once.
    
    	PR 24355
    	* elf32-ppc.c (ppc_finish_symbols): Don't call write_glink_stub
    	for local iplt syms with ent->plt.offset == -1.  Remove ineffective
    	attempt at writing glink stubs only once.
    
    (cherry picked from commit 8cd1fe1bf525b59f4d07e5790d11d49eee7e8494)
Comment 4 Sourceware Commits 2019-03-18 13:08:44 UTC
The binutils-2_30-branch branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a4839f89446137089f2b45e17ddb28793262629

commit 1a4839f89446137089f2b45e17ddb28793262629
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Mar 18 23:32:22 2019 +1030

    PR24355, segmentation fault in function called from ppc_finish_symbols
    
    Backport to 2.30, where the problem might be triggered by gc-sections
    rather than inline PLT optimization as in the PR.
    
    	PR 24355
    	* elf32-ppc.c (ppc_elf_relocate_section): Don't call write_glink_stub
    	for local iplt syms with ent->plt.offset == -1.  Remove ineffective
    	attempt at writing glink stubs only once.  Correct plt.offset mask.
Comment 5 Alan Modra 2019-03-18 13:09:28 UTC
Fixed.