[Bug ld/31921] New: [ARM][2.36] Linker produces bad executable

[christoph.franck at arcor dot de]

https://sourceware.org/bugzilla/show_bug.cgi?id=31921

            Bug ID: 31921
           Summary: [ARM][2.36] Linker produces bad executable
           Product: binutils
           Version: 2.36
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: christoph.franck at arcor dot de
  Target Milestone: ---

Created attachment 15591
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15591&action=edit
Code that reproduces the issue

ld appears to produce a bad executable when the section .arm.exidx had
different LMA and VMA.

The attached file contains two linker control files,
STM32H563AIIXQ_FLASH2RAM_GOOD.ld and STM32H563AIIXQ_FLASH2RAM_BAD.ld. The
difference between the two files is that in _GOOD, .arm.exidx is in an output
section with identical LMA and VMA (>FLASH) while in _BAD, .arm.exidx is in an
output section with different LMA and VMA  (>RAM AT> FLASH).

Building with the two linker control file yields /debug/linker_bug_GOOD.elf and
linker_bug_BAD.elf respectively.

In linker_bug_GOOD.elf, the _init and _fini functions are functional as
expected:

arm-none-eabi-objdump Linker_Bug_GOOD.elf -D --start-address=0x2000049C
--stop-address=0x200004b4

Linker_Bug_GOOD.elf:     file format elf32-littlearm


Disassembly of section .data:

2000049c <_init>:
2000049c:       b5f8            push    {r3, r4, r5, r6, r7, lr}
2000049e:       bf00            nop
200004a0:       bcf8            pop     {r3, r4, r5, r6, r7}
200004a2:       bc08            pop     {r3}
200004a4:       469e            mov     lr, r3
200004a6:       4770            bx      lr

200004a8 <_fini>:
200004a8:       b5f8            push    {r3, r4, r5, r6, r7, lr}
200004aa:       bf00            nop
200004ac:       bcf8            pop     {r3, r4, r5, r6, r7}
200004ae:       bc08            pop     {r3}
200004b0:       469e            mov     lr, r3
200004b2:       4770            bx      lr


In linker_bug_BAD.elf, _init appears to be incomplete and program execution
falls through into _fini. The stack is left in an inconsistent state when the
code execution "returns" from a call to _init. The CPU produces a hard fault
shortly after the return.

arm-none-eabi-objdump Linker_Bug_BAD.elf -D --start-address=0x200004A4
--stop-address=0x200004b4

Linker_Bug_BAD.elf:     file format elf32-littlearm


Disassembly of section .data:

200004a4 <_init>:
200004a4:       b5f8            push    {r3, r4, r5, r6, r7, lr}
200004a6:       bf00            nop

200004a8 <_fini>:
200004a8:       b5f8            push    {r3, r4, r5, r6, r7, lr}
200004aa:       bf00            nop
200004ac:       bcf8            pop     {r3, r4, r5, r6, r7}
200004ae:       bc08            pop     {r3}
200004b0:       469e            mov     lr, r3
200004b2:       4770            bx      lr


Depending on the rest of the code, it looks like the issue can also affect
other functions than _init/_fini.

ld version:
arm-none-eabi-ld --version
GNU ld (GNU Tools for STM32 10.3-2021.10.20230912-2000) 2.36.1.20210621

This issue does not occur with more recent versions of binutils, but I did not
find a corresponding bug report for ld version 2.36.

-- 
You are receiving this mail because:
You are on the CC list for the bug.