[probably not for upstream] ELF: Add a -z glibc-228-compat flag for working around an old glibc bug.

pcc · pcc · commit 9bbf4a719b49 · 2025-05-23T18:41:17.000-07:00
The -z glibc-228-compat flag is intended to be used for binaries utilizing IFUNCs which need to be compatible with glibc versions containing a bug that was fixed in commit b5c45e83753b27dc538dff2d55d4410c385cf3a4 which was released in version 2.29. The bug causes glibc to mprotect the .text section as RW while calling ifunc resolvers in binaries linked with -z notext, leading to a SIGSEGV at startup time. By setting the W flag on the executable section we work around the bug by avoiding the code path that does the mprotect. It is recommended that binaries linked with this flag contain startup code (e.g. in .init_array) that remaps the executable section as non-writable. TODO: - Maybe drop this if it isn't needed? - Add tests. - Possibly decide on another mechanism for enabling this besides the -z flag (e.g. examine symbol version data on libc.so.6). Pull Request: llvm#133532
diff --git a/lld/ELF/Config.h b/lld/ELF/Config.h
@@ -367,6 +367,7 @@ struct Config {
   bool zCopyreloc;
   bool zForceBti;
   bool zForceIbt;
+  bool zGlibc228Compat;
   bool zGlobal;
   bool zHazardplt;
   bool zIfuncNoplt;
diff --git a/lld/ELF/Driver.cpp b/lld/ELF/Driver.cpp
@@ -1559,6 +1559,7 @@ static void readConfigs(Ctx &ctx, opt::InputArgList &args) {
   ctx.arg.zForceBti = hasZOption(args, "force-bti");
   ctx.arg.zForceIbt = hasZOption(args, "force-ibt");
   ctx.arg.zGcs = getZGcs(ctx, args);
+  ctx.arg.zGlibc228Compat = hasZOption(args, "glibc-228-compat");
   ctx.arg.zGlobal = hasZOption(args, "global");
   ctx.arg.zGnustack = getZGnuStack(args);
   ctx.arg.zHazardplt = hasZOption(args, "hazardplt");
diff --git a/lld/ELF/Writer.cpp b/lld/ELF/Writer.cpp
@@ -2292,6 +2292,19 @@ static uint64_t computeFlags(Ctx &ctx, uint64_t flags) {
     return PF_R | PF_W | PF_X;
   if (ctx.arg.executeOnly && (flags & PF_X))
     return flags & ~PF_R;
+
+  // The -z glibc-228-compat flag is used for binaries utilizing IFUNCs which
+  // need to be compatible with glibc versions containing a bug that was fixed
+  // in commit b5c45e83753b27dc538dff2d55d4410c385cf3a4 which was released in
+  // version 2.29. The bug causes glibc to mprotect the .text section as RW
+  // while calling ifunc resolvers in binaries linked with -z notext, leading to
+  // a SIGSEGV at startup time. By setting the W flag on the executable section
+  // we work around the bug by avoiding the code path that does the mprotect. It
+  // is recommended that binaries linked with this flag contain startup code
+  // (e.g. in .init_array) that remaps the executable section as non-writable.
+  if (ctx.arg.zGlibc228Compat && !ctx.arg.zText && (flags & PF_X))
+    return flags | PF_W;
+
   return flags;
 }
 
