Artem Dinaburg via llvm-dev
2017-Feb-04 07:02 UTC
[llvm-dev] Wrong relocation emitted when building shared libraries with Control Flow Integrity
Hello,
I am encountering a linking failure when using Control Flow Integrity while
building a shared library. It looks like the wrong relocation type is being
emitted for functions referenced via the PLT. I am using clang 3.9.
The error message I get is:
/usr/bin/ld.gold: error: /tmp/lto-llvm-df723d.o: requires dynamic R_X86_64_PC32
reloc against 'free' which may overflow at runtime; recompile with -fPIC
Recompiling with -fPIC does not actually help. I've managed to create a
minimal reproducible testcase. Full command line and code to reproduce are
below.
--- hello.c ---
#include <stdio.h>
#include <stdlib.h>
typedef void(*freeptr)(void*);
int getval(freeptr fp) {
void *m = malloc(sizeof(int));
if(m) {
fp(m);
}
return 42;
}
int export() {
printf("Test: %d\n", getval(free));
return 0;
}
---
--- command line ---
clang-3.9 -shared -fuse-ld=gold -flto -fsanitize=cfi-icall -fPIC -o libhello.so
hello.c
---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3970 bytes
Desc: not available
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20170204/f942d372/attachment.bin>
Peter Collingbourne via llvm-dev
2017-Feb-04 22:04 UTC
[llvm-dev] Wrong relocation emitted when building shared libraries with Control Flow Integrity
Hi Artem, Can you please try LLVM trunk (or the upcoming 4.0 release)? I believe that your bug was fixed by r286611. Peter On Fri, Feb 3, 2017 at 11:02 PM, Artem Dinaburg via llvm-dev < llvm-dev at lists.llvm.org> wrote:> Hello, > > I am encountering a linking failure when using Control Flow Integrity > while building a shared library. It looks like the wrong relocation type is > being emitted for functions referenced via the PLT. I am using clang 3.9. > > The error message I get is: > > /usr/bin/ld.gold: error: /tmp/lto-llvm-df723d.o: requires dynamic > R_X86_64_PC32 reloc against 'free' which may overflow at runtime; recompile > with -fPIC > > Recompiling with -fPIC does not actually help. I've managed to create a > minimal reproducible testcase. Full command line and code to reproduce are > below. > > --- hello.c --- > #include <stdio.h> > #include <stdlib.h> > > typedef void(*freeptr)(void*); > > int getval(freeptr fp) { > void *m = malloc(sizeof(int)); > if(m) { > fp(m); > } > return 42; > } > > int export() { > printf("Test: %d\n", getval(free)); > return 0; > } > --- > > --- command line --- > clang-3.9 -shared -fuse-ld=gold -flto -fsanitize=cfi-icall -fPIC -o > libhello.so hello.c > --- > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev > >-- -- Peter -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170204/98bbc131/attachment.html>
Artem Dinaburg via llvm-dev
2017-Feb-05 05:53 UTC
[llvm-dev] Wrong relocation emitted when building shared libraries with Control Flow Integrity
Hi Peter, Thanks for the help! I can confirm its fixed in the 4.0 release (tested with clang version 4.0.0-svn293947-1~exp1). Thanks, Artem> On Feb 4, 2017, at 5:04 PM, Peter Collingbourne <peter at pcc.me.uk> wrote: > > Hi Artem, > > Can you please try LLVM trunk (or the upcoming 4.0 release)? I believe that your bug was fixed by r286611. > > Peter > > On Fri, Feb 3, 2017 at 11:02 PM, Artem Dinaburg via llvm-dev <llvm-dev at lists.llvm.org <mailto:llvm-dev at lists.llvm.org>> wrote: > Hello, > > I am encountering a linking failure when using Control Flow Integrity while building a shared library. It looks like the wrong relocation type is being emitted for functions referenced via the PLT. I am using clang 3.9. > > The error message I get is: > > /usr/bin/ld.gold: error: /tmp/lto-llvm-df723d.o: requires dynamic R_X86_64_PC32 reloc against 'free' which may overflow at runtime; recompile with -fPIC > > Recompiling with -fPIC does not actually help. I've managed to create a minimal reproducible testcase. Full command line and code to reproduce are below. > > --- hello.c --- > #include <stdio.h> > #include <stdlib.h> > > typedef void(*freeptr)(void*); > > int getval(freeptr fp) { > void *m = malloc(sizeof(int)); > if(m) { > fp(m); > } > return 42; > } > > int export() { > printf("Test: %d\n", getval(free)); > return 0; > } > --- > > --- command line --- > clang-3.9 -shared -fuse-ld=gold -flto -fsanitize=cfi-icall -fPIC -o libhello.so hello.c > --- > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org <mailto:llvm-dev at lists.llvm.org> > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev <http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev> > > > > > -- > -- > Peter-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170205/c45752a6/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3970 bytes Desc: not available URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170205/c45752a6/attachment.bin>