Avoid targeting mapping symbols on relocations

Author: Tarcisio Fischer

lld/ELF/AArch64ErrataFix.cpp

@@ -370,7 +370,7 @@ static uint64_t scanCortexA53Errata843419(InputSection *isec, uint64_t &off,
 
 class elf::Patch843419Section final : public SyntheticSection {
 public:
-  Patch843419Section(Ctx &, InputSection *p, uint64_t off, Symbol* patcheeCodeSym);
+  Patch843419Section(Ctx &, InputSection *p, uint64_t off, Defined* patcheeCodeSym);
 
   void writeTo(uint8_t *buf) override;
 
@@ -390,7 +390,7 @@ class elf::Patch843419Section final : public SyntheticSection {
   Symbol *patchSym;
 };
 
-Patch843419Section::Patch843419Section(Ctx &ctx, InputSection *p, uint64_t off, Symbol* patcheeCodeSym)
+Patch843419Section::Patch843419Section(Ctx &ctx, InputSection *p, uint64_t off, Defined* patcheeCodeSym)
     : SyntheticSection(ctx, ".text.patch", SHT_PROGBITS,
                        SHF_ALLOC | SHF_EXECINSTR, 4),
       patchee(p), patcheeOffset(off) {
@@ -399,7 +399,7 @@ Patch843419Section::Patch843419Section(Ctx &ctx, InputSection *p, uint64_t off,
       ctx, ctx.saver.save("__CortexA53843419_" + utohexstr(getLDSTAddr())),
       STT_FUNC, 0, getSize(), *this);
   addSyntheticLocal(ctx, ctx.saver.save("$x"), STT_NOTYPE, 0, 0, *this);
-  int64_t retToPatcheeSymOffset = (getLDSTAddr() - p->getVA(dyn_cast<Defined>(patcheeCodeSym)->value)) + 4;
+  int64_t retToPatcheeSymOffset = (getLDSTAddr() - p->getVA(patcheeCodeSym->value)) + 4;
   addReloc({R_PC, R_AARCH64_JUMP26, 4, retToPatcheeSymOffset, patcheeCodeSym});
 }
 
@@ -440,19 +440,22 @@ void AArch64Err843419Patcher::init() {
       auto *def = dyn_cast<Defined>(b);
       if (!def)
         continue;
-      if (!isCodeMapSymbol(def) && !isDataMapSymbol(def))
+      if (!def->isSection() && !isCodeMapSymbol(def) && !isDataMapSymbol(def))
         continue;
-      if (auto *sec = dyn_cast_or_null<InputSection>(def->section))
-        if (sec->flags & SHF_EXECINSTR)
-          sectionMap[sec].push_back(def);
+      if (auto *sec = dyn_cast_or_null<InputSection>(def->section)) {
+        if (def->isSection())
+          sectionMap[sec].first = def;
+        else if (sec->flags & SHF_EXECINSTR)
+          sectionMap[sec].second.push_back(def);
+      }
     }
   }
   // For each InputSection make sure the mapping symbols are in sorted in
   // ascending order and free from consecutive runs of mapping symbols with
   // the same type. For example we must remove the redundant $d.1 from $x.0
   // $d.0 $d.1 $x.1.
   for (auto &kv : sectionMap) {
-    std::vector<Defined *> &mapSyms = kv.second;
+    std::vector<Defined *> &mapSyms = kv.second.second;
     llvm::stable_sort(mapSyms, [](const Defined *a, const Defined *b) {
       return a->value < b->value;
     });
@@ -527,7 +530,7 @@ void AArch64Err843419Patcher::insertPatches(
 static void implementPatch(Ctx &ctx, uint64_t adrpAddr, uint64_t patcheeOffset,
                            InputSection *isec,
                            std::vector<Patch843419Section *> &patches,
-                           Symbol* patcheeCodeSym) {
+                           Defined* patcheeCodeSym) {
   // There may be a relocation at the same offset that we are patching. There
   // are four cases that we need to consider.
   // Case 1: R_AARCH64_JUMP26 branch relocation. We have already patched this
@@ -582,7 +585,10 @@ AArch64Err843419Patcher::patchInputSectionDescription(
     // mapping symbols of the same type. Our range of executable instructions to
     // scan is therefore [codeSym->value, dataSym->value) or [codeSym->value,
     // section size).
-    std::vector<Defined *> &mapSyms = sectionMap[isec];
+    auto &[sectionSym, mapSyms] = sectionMap[isec];
+    if (sectionSym == nullptr)
+      sectionSym = addSyntheticLocal(ctx, "", STT_SECTION, 0, 0, *isec);
+
 
     auto codeSym = mapSyms.begin();
     while (codeSym != mapSyms.end()) {
@@ -595,7 +601,7 @@ AArch64Err843419Patcher::patchInputSectionDescription(
         uint64_t startAddr = isec->getVA(off);
         if (uint64_t patcheeOffset =
                 scanCortexA53Errata843419(isec, off, limit))
-          implementPatch(ctx, startAddr, patcheeOffset, isec, patches, dyn_cast<Symbol>(*codeSym));
+          implementPatch(ctx, startAddr, patcheeOffset, isec, patches, sectionSym);
       }
       if (dataSym == mapSyms.end())
         break;

lld/ELF/AArch64ErrataFix.h

@@ -36,10 +36,11 @@ class AArch64Err843419Patcher {
   void init();
 
   Ctx &ctx;
-  // A cache of the mapping symbols defined by the InputSection sorted in order
-  // of ascending value with redundant symbols removed. These describe
-  // the ranges of code and data in an executable InputSection.
-  llvm::DenseMap<InputSection *, std::vector<Defined *>> sectionMap;
+  // A cache mapping InputSections to pairs of section symbols (first) and
+  // the mapping symbols (second) defined by the InputSection sorted in order
+  // of ascending value with redundant symbols removed. These describe the
+  // ranges of code and data in an executable InputSection.
+  llvm::DenseMap<InputSection *, std::pair<Defined*, std::vector<Defined *>>> sectionMap;
 
   bool initialized = false;
 };

lld/test/ELF/aarch64-cortex-a53-843419-thunk-relocation-crash.s

@@ -69,7 +69,7 @@ dat:    .quad 0
 // CHECK-NEXT:                br      x16
 // CHECK-NEXT: 8010028: 34 10 01 10   .word   0x10011034
 
-// CHECK: <__AArch64BTIThunk_$x>:
+// CHECK: <__AArch64BTIThunk_>:
 // CHECK-NEXT: 8010030:       bti     c
 // CHECK-NEXT:                b       0x8011028 <far_away_no_bti+0xff0>
 
@@ -84,14 +84,14 @@ dat:    .quad 0
 // Check that the errata thunk does NOT contain a landing pad
 // CHECK: <__CortexA53843419_8011004>:
 // CHECK-NEXT: 1001102c:       ldr     x0, [x0, #64]
-// CHECK-NEXT:                 b       0x10011040 <__AArch64AbsLongThunk_$x>
+// CHECK-NEXT:                 b       0x10011040 <__AArch64AbsLongThunk_>
 
 // Rest of generated code for readability
 // CHECK: <__AArch64BTIThunk___CortexA53843419_8011004>:
 // CHECK-NEXT: 10011034:       bti     c
 // CHECK-NEXT:                 b       0x1001102c <__CortexA53843419_8011004>
 
-// CHECK: <__AArch64AbsLongThunk_$x>
+// CHECK: <__AArch64AbsLongThunk_>
 // CHECK-NEXT: 10011040:       ldr     x16, 0x10011048
 // CHECK-NEXT:                 br      x16
 // CHECK-NEXT: 10011048: 30 00 01 08   .word   0x08010030