Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rust BPF: Rustc/LLVM creating invalid relocations #3108

Closed
jackcmay opened this issue Mar 4, 2019 · 2 comments · Fixed by #6088
Closed

Rust BPF: Rustc/LLVM creating invalid relocations #3108

jackcmay opened this issue Mar 4, 2019 · 2 comments · Fixed by #6088
Milestone
Cloud Nine v0.20.0

Comments

@jackcmay
Copy link
Contributor

jackcmay commented Mar 4, 2019

Problem

When building Rust modules w/ BPF there are R_BPF_64_RELATIVE relocations that cannot be relocated.

R_BPF_64_RELATIVE relocations refer to 64-bit virtual memory accesses that need to be "fixed-up" when the module is loaded to reflect the actual physical address they were loaded at. The vast majority of the relocations seem reasonable but there are a few that are not. Test cases performed on the Rust module have not executed the code used by these relocations and therefore it may be code that should have been optimized away is not actually part of the flow. More investigation required.

R_BPF_64_RELATIVE relocation entries contain a virtual address of the instruction that needs to be fixed up. During run-time the relocated instruction will attempt to read/write memory from/to 64-bit address. The existing instructions imm field contains the virtual address of the memory it will be accessing. To process a R_BPF_64_RELATIVE relocation the loader locates the instruction being fixed-up, reads the virtual memory address from the instruction's imm field, converts that virtual address into a physical address, and writes the physical address back into the instruction's imm field. Checks are made during this process to ensure that the virtual address in the imm field points to a valid and loadable section in the ELF. In the case of the invalid relocations, the imm field in the instruction is zero but the ELF contains no valid virtual address of zero. The best we could do is interpret it as a raw file offset but that would point the ELF header. Maybe that is what is intended but unlikely and highly irregular. More investigation needs to be done to determine where these invalid relocations are being generated, what original rust source code they are tied to, and why the imm fields are zero.

Proposed Solution
@jackcmay jackcmay mentioned this issue Mar 4, 2019
Closed
@mvines mvines added this to the The Future! milestone Apr 8, 2019
@jackcmay
Copy link
Contributor Author

jackcmay commented May 14, 2019
edited
Loading

As noted earlier there are no known instances where these relocations are being referenced at run-time. Failing due to these bad relocations causes otherwise functional programs to not load. Therefore these bad relocations will be ignored

@jackcmay jackcmay mentioned this issue May 14, 2019
Merged
@mvines mvines modified the milestones: The Future!, Sultans v0.21.0 Sep 3, 2019
@jackcmay
Copy link
Contributor Author

Found a use-case that recreates this issue. In libstd's panic! macro the file, line, and column are passed as a triple. The triple is stored in the .data.rel.ro section as (ptr to a string, size as u64, line as u64 number, column number as u64). The ptr to a string is currently zero when instead it should contain a file offset to the string in the .rodata section and used during relocation to fixup the pointer to string to point to the final virtual address. Why the ptr to string is zero looks to be a question for the linker. Next step dig into the linker to find out why zero is written.

This was referenced Sep 25, 2019
Merged
Merged
@snyk-bot snyk-bot mentioned this issue Jun 25, 2021
Open
@snyk-bot snyk-bot mentioned this issue Dec 8, 2021
Open
@snyk-bot snyk-bot mentioned this issue Dec 27, 2021
Open
@Kashuhackerone Kashuhackerone mentioned this issue May 13, 2022
Open
@adamlaska adamlaska mentioned this issue May 14, 2022
Closed
@Kashuhackerone Kashuhackerone mentioned this issue Oct 26, 2022
Open
yihau pushed a commit to yihau/solana that referenced this issue Oct 8, 2024
@dependabot
build(deps): bump bytemuck_derive from 1.7.1 to 1.8.0 (solana-labs#3108)
dc6a1b3 
* build(deps): bump bytemuck_derive from 1.7.1 to 1.8.0

Bumps [bytemuck_derive](https://github.com/Lokathor/bytemuck) from 1.7.1 to 1.8.0.
- [Changelog](https://github.com/Lokathor/bytemuck/blob/main/changelog.md)
- [Commits](Lokathor/bytemuck@bytemuck_derive-v1.7.1...bytemuck_derive-v1.8.0)

---
updated-dependencies:
- dependency-name: bytemuck_derive
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update all Cargo files

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Cloud Nine v0.20.0
Development

Successfully merging a pull request may close this issue.

BPF programs use single threaded LLD jackcmay/solana
3 participants
@garious @mvines @jackcmay