[PATCH] x86: prevent undue use of GOT32X and alike relocations

Jan Beulich jbeulich@suse.com
Thu Jan 30 10:49:00 GMT 2020


Comparison of i.tm.base_opcode against particular but not sufficiently
specific values needs to be accompanied by other qualification. Exclude
VEX and alike encodings here, and also exclude all forms of prefixes
explicitly specified in the opcodes table. While using @GOT with such
insns may not be very useful, it also isn't with e.g. ADC and SBB, yet
these get explicitly listed in comments as supported.

gas/
2020-01-XX  Jan Beulich  <jbeulich@suse.com>

	* config/tc-i386.c (output_disp): Tighten base_opcode check.
	* testsuite/gas/i386/got.s: Add LSL, MOVLPS, and BNDCN cases.
	* testsuite/gas/i386/got-no-relax.d, testsuite/gas/i386/got.d:
	Adjust expectations.

--- a/gas/config/tc-i386.c
+++ b/gas/config/tc-i386.c
@@ -9061,13 +9061,14 @@ output_disp (fragS *insn_start_frag, off
 			  && i.rm.regmem == 5))
 		  && (i.rm.mode == 2
 		      || (i.rm.mode == 0 && i.rm.regmem == 5))
+		  && !is_any_vex_encoding(&i.tm)
 		  && ((i.operands == 1
 		       && i.tm.base_opcode == 0xff
 		       && (i.rm.reg == 2 || i.rm.reg == 4))
 		      || (i.operands == 2
 			  && (i.tm.base_opcode == 0x8b
 			      || i.tm.base_opcode == 0x85
-			      || (i.tm.base_opcode & 0xc7) == 0x03))))
+			      || (i.tm.base_opcode & ~0x38) == 0x03))))
 		{
 		  if (object_64bit)
 		    {
--- a/gas/testsuite/gas/i386/got-no-relax.d
+++ b/gas/testsuite/gas/i386/got-no-relax.d
@@ -14,18 +14,27 @@ Disassembly of section .text:
 [ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	12: R_386_GOT32	foo
 [ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	18: R_386_GOT32X	foo
 [ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	1e: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	24: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	2a: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	30: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	36: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	b8 00 00 00 00       	mov    \$0x0,%eax	3b: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	8b 05 00 00 00 00    	mov    0x0,%eax	41: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	8b 80 00 00 00 00    	mov    0x0\(%eax\),%eax	47: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	4c: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	52: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	58: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	5e: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	64: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	6a: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	70: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	a9 00 00 00 00       	test   \$0x0,%eax	23: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	85 05 00 00 00 00    	test   %eax,0x0	29: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	85 80 00 00 00 00    	test   %eax,0x0\(%eax\)	2f: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	35: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	3b: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	41: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	47: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 03 05 00 00 00 00 	lsl    0x0,%eax	4e: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 03 80 00 00 00 00 	lsl    0x0\(%eax\),%eax	55: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	f2 0f 1b 05 00 00 00 00 	bndcn  0x0,%bnd0	5d: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	f2 0f 1b 80 00 00 00 00 	bndcn  0x0\(%eax\),%bnd0	65: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 13 05 00 00 00 00 	movlps %xmm0,0x0	6c: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 13 80 00 00 00 00 	movlps %xmm0,0x0\(%eax\)	73: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	b8 00 00 00 00       	mov    \$0x0,%eax	78: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	8b 05 00 00 00 00    	mov    0x0,%eax	7e: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	8b 80 00 00 00 00    	mov    0x0\(%eax\),%eax	84: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	89: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	8f: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	95: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	9b: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	a1: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	a7: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	ad: R_386_GOT32X	foo
 #pass
--- a/gas/testsuite/gas/i386/got.d
+++ b/gas/testsuite/gas/i386/got.d
@@ -13,18 +13,27 @@ Disassembly of section .text:
 [ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	12: R_386_GOT32	foo
 [ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	18: R_386_GOT32X	foo
 [ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	1e: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	24: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	2a: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	30: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	36: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	b8 00 00 00 00       	mov    \$0x0,%eax	3b: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	8b 05 00 00 00 00    	mov    0x0,%eax	41: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	8b 80 00 00 00 00    	mov    0x0\(%eax\),%eax	47: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	4c: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	52: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	58: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	5e: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	64: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	6a: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	70: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	a9 00 00 00 00       	test   \$0x0,%eax	23: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	85 05 00 00 00 00    	test   %eax,0x0	29: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	85 80 00 00 00 00    	test   %eax,0x0\(%eax\)	2f: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	35: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	3b: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	41: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	47: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	0f 03 05 00 00 00 00 	lsl    0x0,%eax	4e: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 03 80 00 00 00 00 	lsl    0x0\(%eax\),%eax	55: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	f2 0f 1b 05 00 00 00 00 	bndcn  0x0,%bnd0	5d: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	f2 0f 1b 80 00 00 00 00 	bndcn  0x0\(%eax\),%bnd0	65: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 13 05 00 00 00 00 	movlps %xmm0,0x0	6c: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 13 80 00 00 00 00 	movlps %xmm0,0x0\(%eax\)	73: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	b8 00 00 00 00       	mov    \$0x0,%eax	78: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	8b 05 00 00 00 00    	mov    0x0,%eax	7e: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	8b 80 00 00 00 00    	mov    0x0\(%eax\),%eax	84: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	89: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	8f: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	95: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	9b: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	a1: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	a7: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	ad: R_386_GOT32X	foo
 #pass
--- a/gas/testsuite/gas/i386/got.s
+++ b/gas/testsuite/gas/i386/got.s
@@ -8,11 +8,24 @@ _start:
 	addl	foo@GOT, %eax
 	addl	foo@GOT(%eax), %eax
 
+	testl	$foo@GOT, %eax
+	testl	foo@GOT, %eax
+	testl	foo@GOT(%eax), %eax
+
 	call	*foo@GOT
 	call	*foo@GOT(%eax)
 	jmp	*foo@GOT
 	jmp	*foo@GOT(%eax)
 
+	lsll	foo@GOT, %eax
+	lsll	foo@GOT(%eax), %eax
+
+	bndcn	foo@GOT, %bnd0
+	bndcn	foo@GOT(%eax), %bnd0
+
+	movlps	%xmm0, foo@GOT
+	movlps	%xmm0, foo@GOT(%eax)
+
 	.intel_syntax noprefix
 
 	mov	eax, offset foo@got



More information about the Binutils mailing list