Make basic lazy PLT stuff work

.got is now separated into .got and .got.plt.

.plt is now separated into .plt and .plt.got.

The naming of these sections is super-confusing, but matches what GNU ld does.

There's a bunch of things where we don't do the same as GNU ld. In particular,
we still generate .got.plt and .plt.got in cases when GNU ld doesn't. But
fixing those is left for later, since this change is big enough as-is.

ifuncs aren't yet done correctly, since it turns out it's hard to do that
without breaking ifuncs for non-pie static binaries.

Issue #70

Author: davidlattimore

linker-diff/src/asm_diff.rs

@@ -829,6 +829,9 @@ pub(crate) struct AddressIndex<'data> {
     tls_segment_size: u64,
     load_offset: u64,
 
+    /// GOT addresses for each JMPREL relocation by their index.
+    jmprel_got_addresses: Vec<u64>,
+
     /// The address of the start of the .got section.
     got_base_address: Option<u64>,
 
@@ -887,6 +890,7 @@ impl<'data> AddressIndex<'data> {
             verneed: Default::default(),
             load_offset: decide_load_offset(object),
             dynamic_symbol_names: Default::default(),
+            jmprel_got_addresses: Vec::new(),
         };
 
         if let Err(error) = info.build_indexes(object) {
@@ -1084,29 +1088,38 @@ impl<'data> AddressIndex<'data> {
                 if let Ok(Some((relocations, _))) =
                     elf_section_header.rela(LittleEndian, elf_file.data())
                 {
+                    let mut jmprel_got_addresses = (Some(elf_section_header.sh_addr(LittleEndian))
+                        == self.jmprel_address)
+                        .then(|| Vec::with_capacity(relocations.len()));
                     for rel in relocations {
-                        self.index_dynamic_relocation(rel, elf_file);
+                        let address = self.index_dynamic_relocation(rel, elf_file);
+                        if let Some(j) = jmprel_got_addresses.as_mut() {
+                            j.push(address);
+                        }
+                    }
+                    if let Some(j) = jmprel_got_addresses {
+                        self.jmprel_got_addresses = j;
                     }
                 }
             }
         }
     }
 
-    fn index_dynamic_relocation(&mut self, rel: &Rela64, elf_file: &ElfFile64) {
+    fn index_dynamic_relocation(&mut self, rel: &Rela64, elf_file: &ElfFile64) -> u64 {
         let e = LittleEndian;
         let r_type = rel.r_type(e, false);
         let address = self.load_offset + rel.r_offset(e);
         let symbol_index = rel.r_sym(e, false);
         if symbol_index != 0 {
             let Some(symbol_name) = self.dynamic_symbol_names.get(symbol_index as usize) else {
-                return;
+                return address;
             };
             let basic = match r_type {
                 object::elf::R_X86_64_COPY => BasicResolution::Copy(*symbol_name),
                 _ => BasicResolution::Dynamic(*symbol_name),
             };
             self.add_resolution(address, AddressResolution::Basic(basic));
-            return;
+            return address;
         }
         match r_type {
             object::elf::R_X86_64_DTPMOD64 => {
@@ -1144,6 +1157,7 @@ impl<'data> AddressIndex<'data> {
             }
             _ => {}
         }
+        address
     }
 
     fn index_plt_sections(&mut self, elf_file: &ElfFile64<'data>) -> Result {
@@ -1176,7 +1190,6 @@ impl<'data> AddressIndex<'data> {
             if let Some(got_address) = PltEntry::decode(chunk, plt_base, plt_offset)
                 .map(|entry| self.got_address(entry))
                 .transpose()?
-                .map(|o| self.load_offset + o)
             {
                 for res in self.resolve(got_address) {
                     if let AddressResolution::Basic(got_resolution) = res {
@@ -1234,11 +1247,17 @@ impl<'data> AddressIndex<'data> {
 
     fn got_address(&self, plt_entry: PltEntry) -> Result<u64> {
         match plt_entry {
-            PltEntry::DerefJmp(address) => Ok(address),
-            PltEntry::GotIndex(got_index) => Ok(self
-                .got_plt_address
-                .context("Index-based PLT entry with no DT_PLTGOT")?
-                + u64::from(got_index) * 8),
+            PltEntry::DerefJmp(address) => Ok(address + self.load_offset),
+            PltEntry::JumpSlot(index) => self
+                .jmprel_got_addresses
+                .get(index as usize)
+                .copied()
+                .with_context(|| {
+                    format!(
+                        "Invalid jump slot index {index} out of {}",
+                        self.jmprel_got_addresses.len()
+                    )
+                }),
         }
     }
 
@@ -1475,9 +1494,8 @@ enum PltEntry {
     /// PLT entry then jumped to.
     DerefJmp(u64),
 
-    /// The parameter is an index into the GOT. This is used by PLT entries that are going to be
-    /// lazily evaluated.
-    GotIndex(u32),
+    /// The parameter is an index into .rela.plt.
+    JumpSlot(u32),
 }
 
 impl PltEntry {
@@ -1539,7 +1557,7 @@ impl PltEntry {
             // instructions, so that we support these variants.
             if plt_entry[..5] == PLT_ENTRY_TEMPLATE[..5] {
                 let index = u32::from_le_bytes(*plt_entry[5..].first_chunk::<4>().unwrap());
-                return Some(PltEntry::GotIndex(index));
+                return Some(PltEntry::JumpSlot(index));
             }
         }
 

linker-diff/src/lib.rs

@@ -130,6 +130,11 @@ impl Config {
                 ".dynamic.DT_JMPREL",
                 ".dynamic.DT_PLTGOT",
                 ".dynamic.DT_PLTREL",
+                // We currently produce a .got.plt whenever we produce .plt, but GNU ld doesn't
+                "section.got.plt",
+                ".got.plt",
+                // We don't currently produce a separate .plt.sec section.
+                "section.plt.sec",
                 // We don't yet write this.
                 ".dynamic.DT_HASH",
                 // We do support this. TODO: Should definitely look into why we're seeing this missing

wild/tests/sources/libc-integration.c

@@ -63,6 +63,14 @@
 //#LinkArgs:--cc=gcc -dynamic -Wl,--strip-debug -Wl,--gc-sections -Wl,-z,now
 //#Shared:libc-integration-0.c
 
+//#Config:clang-lazy:default
+//#CompArgs:-g -fPIC -ftls-model=global-dynamic -DDYNAMIC_DEP
+//#LinkArgs:--cc=clang -fPIC -dynamic -Wl,--strip-debug -Wl,--gc-sections -Wl,-rpath,$ORIGIN -Wl,-z,lazy
+//#EnableLinker:lld
+//#Shared:libc-integration-0.c
+//#DiffIgnore:.dynamic.DT_NEEDED
+//#DiffIgnore:section.relro_padding
+
 #include <stdlib.h>
 #include <string.h>
 #include <pthread.h>

wild_lib/src/args.rs

@@ -500,6 +500,19 @@ impl Args {
         let should_trace = self.print_allocations == Some(file_id);
         should_trace.then(|| tracing::trace_span!(crate::debug_trace::TRACE_SPAN_NAME).entered())
     }
+
+    /// Returns whether we should use a separate .got.plt section. This is required if we're using
+    /// lazy PLT entries.
+    pub(crate) fn should_use_got_plt(&self) -> bool {
+        // If we're statically linking, then we can't use jump slots for PLT entries. A jump slot is
+        // used when the PLT flag is set but not the GOT flag. So for static linking, we set the GOT
+        // flag whenever the PLT flag is set. Ideally we should perhaps do this when `-z now` is set
+        // too, but the other linkers don't, so we don't too.
+        if self.output_kind.is_static_executable() {
+            return false;
+        }
+        !self.bind_now
+    }
 }
 
 fn parse_number(s: &str) -> Result<u64> {

wild_lib/src/elf.rs

@@ -346,10 +346,28 @@ pub(crate) const PLT_ENTRY_TEMPLATE: &[u8] = &[
     0x0f, 0x1f, 0x44, 0x0, 0x0, // nopl   0x0(%rax,%rax,1)
 ];
 
+/// The first entry in the PLT when we're using lazy loading. All the other entries jump to this
+/// one, which then jumps to the loader function that the runtime put into
+/// _GLOBAL_OFFSET_TABLE_+0x10.
+pub(crate) const PLT_LAZY_HEADER_TEMPLATE: &[u8] = &[
+    0xff, 0x35, 0, 0, 0, 0, // push {_GLOBAL_OFFSET_TABLE_+0x8}(%rip)
+    0xf2, 0xff, 0x25, 0, 0, 0, 0, // bnd jmp *{_GLOBAL_OFFSET_TABLE_+0x10}(%rip)
+    0x0f, 0x1f, 0, // nopl (%rax)
+];
+
+pub(crate) const JUMP_SLOT_TEMPLATE: &[u8] = &[
+    0xf3, 0x0f, 0x1e, 0xfa, // endbr64
+    0x68, 0, 0, 0, 0, // push ${index}
+    0xf2, 0xe9, 0, 0, 0, 0,    // bnd jmp {PLT base address}(%rip)
+    0x90, // nop
+];
+
 const _ASSERTS: () = {
     assert!(FILE_HEADER_SIZE as usize == std::mem::size_of::<FileHeader>());
     assert!(PROGRAM_HEADER_SIZE as usize == std::mem::size_of::<ProgramHeader>());
     assert!(SECTION_HEADER_SIZE as usize == std::mem::size_of::<SectionHeader>());
+    assert!(PLT_LAZY_HEADER_TEMPLATE.len() == PLT_ENTRY_TEMPLATE.len());
+    assert!(JUMP_SLOT_TEMPLATE.len() == PLT_ENTRY_TEMPLATE.len());
 };
 
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]