[ELF] Error if a section address is smaller than image base

When using `-no-pie` without a `SECTIONS` command, the linker uses the target's default image base. If `-Ttext=` or `--section-start` specifies an output section address below this base, the result is likely unintended. - With `--no-rosegment`, the PT_LOAD segment covering the ELF header cannot include `.text` if `.text`'s address is too low, causing an `error: output file too large`. - With default `--rosegment`: - If a read-only section (e.g., `.rodata`) exists, a similar `error: output file too large` occurs. - Without read-only sections, the PT_LOAD segment covering the ELF header and program headers includes no sections, which is unusual and likely undesired. This also causes non-ascending PT_LOAD `p_vaddr` values related to the PT_LOAD that overlaps with PT_PHDR (#138584). To prevent these issues, report an error if a section address is below the image base and suggest `--image-base`. This check also applies when `--image-base` is explicitly set but is skipped when a `SECTIONS` command is used. Pull Request: https://github.com/llvm/llvm-project/pull/140187
2025-05-21 09:19:47 -07:00 · 2025-05-21 09:19:47 -07:00 · 0edc8b59ab
commit 0edc8b59ab
parent 81b81354f8
6 changed files with 65 additions and 19 deletions
--- a/lld/ELF/Writer.cpp
+++ b/lld/ELF/Writer.cpp
@ -1614,18 +1614,33 @@ template <class ELFT> void Writer<ELFT>::finalizeAddressDependentContent() {
    for (OutputSection *sec : ctx.outputSections)
      sec->addr = 0;

-  // If addrExpr is set, the address may not be a multiple of the alignment.
-  // Warn because this is error-prone.
-  for (SectionCommand *cmd : ctx.script->sectionCommands)
-    if (auto *osd = dyn_cast<OutputDesc>(cmd)) {
-      OutputSection *osec = &osd->osec;
-      if (osec->addr % osec->addralign != 0)
-        Warn(ctx) << "address (0x" << Twine::utohexstr(osec->addr)
-                  << ") of section " << osec->name
-                  << " is not a multiple of alignment (" << osec->addralign
-                  << ")";
+  uint64_t imageBase = ctx.script->hasSectionsCommand || ctx.arg.relocatable
+                           ? 0
+                           : ctx.target->getImageBase();
+  for (SectionCommand *cmd : ctx.script->sectionCommands) {
+    auto *osd = dyn_cast<OutputDesc>(cmd);
+    if (!osd)
+      continue;
+    OutputSection *osec = &osd->osec;
+    // Error if the address is below the image base when SECTIONS is absent
+    // (e.g. when -Ttext is specified and smaller than the default target image
+    // base for no-pie).
+    if (osec->addr < imageBase && (osec->flags & SHF_ALLOC)) {
+      Err(ctx) << "section '" << osec->name << "' address (0x"
+               << Twine::utohexstr(osec->addr)
+               << ") is smaller than image base (0x"
+               << Twine::utohexstr(imageBase) << "); specify --image-base";
    }

+    // If addrExpr is set, the address may not be a multiple of the alignment.
+    // Warn because this is error-prone.
+    if (osec->addr % osec->addralign != 0)
+      Warn(ctx) << "address (0x" << Twine::utohexstr(osec->addr)
+                << ") of section " << osec->name
+                << " is not a multiple of alignment (" << osec->addralign
+                << ")";
+  }
+
  // Sizes are no longer allowed to grow, so all allowable spills have been
  // taken. Remove any leftover potential spills.
  ctx.script->erasePotentialSpillSections();
--- a/lld/docs/ReleaseNotes.rst
+++ b/lld/docs/ReleaseNotes.rst
@ -64,6 +64,12 @@ Breaking changes
  in the same segment by default. Pass ``--xosegment`` to lld in order to get
  the old behavior back.

+* When using ``--no-pie`` without a ``SECTIONS`` command, the linker uses the
+  target's default image base. If ``-Ttext=`` or ``--section-start`` specifies
+  an output section address below this base, there will now be an error.
+  ``--image-base`` can be set at a lower address to fix the error.
+  (`#140187 <https://github.com/llvm/llvm-project/pull/140187>`_)
+
 COFF Improvements
 -----------------

--- a/lld/test/ELF/linkerscript/out-of-order.s
+++ b/lld/test/ELF/linkerscript/out-of-order.s
@ -31,6 +31,18 @@
 # CHECK-NEXT:   5 .hash         00000010 000000000000201c
 # CHECK-NEXT:   6 .text         00000008 000000000000202c

+# RUN: ld.lld -e 0 -o %t --script %t.script %t.o --fatal-warnings
+# RUN: llvm-readelf -Sl %t | FileCheck %s --check-prefix=CHECK1
+
+# CHECK1:       Name              Type            Address          Off    Size   ES Flg Lk Inf Al
+# CHECK1-NEXT:                    NULL            0000000000000000 000000 000000 00      0   0  0
+# CHECK1-NEXT:  .text             PROGBITS        0000000000000000 001000 000008 00  AX  0   0  4
+# CHECK1-NEXT:  .data             PROGBITS        0000000000004000 002000 000008 00  WA  0   0  1
+# CHECK1:     Program Headers:
+# CHECK1-NEXT:  Type           Offset   VirtAddr           PhysAddr           FileSiz  MemSiz   Flg Align
+# CHECK1-NEXT:  LOAD           0x001000 0x0000000000000000 0x0000000000000000 0x000008 0x000008 R E 0x1000
+# CHECK1-NEXT:  LOAD           0x002000 0x0000000000004000 0x0000000000004000 0x000008 0x000008 RW  0x1000
+
 .quad 0
 .data
 .quad 0
--- a/lld/test/ELF/linkerscript/section-align2.test
+++ b/lld/test/ELF/linkerscript/section-align2.test
@ -10,7 +10,7 @@
 # RUN: llvm-readelf -S %t | FileCheck %s

 ## Check we don't warn in the absence of SECTIONS.
-# RUN: ld.lld --fatal-warnings -Ttext=0x10000 %t.o -o /dev/null
+# RUN: ld.lld --fatal-warnings -Ttext=0x10000 --image-base=0x10000 %t.o -o /dev/null

 # WARN: warning: address (0x10004) of section .data.rel.ro is not a multiple of alignment (16)
 # WARN: warning: address (0x20001) of section .data2 is not a multiple of alignment (8)
--- a/lld/test/ELF/sectionstart.s
+++ b/lld/test/ELF/sectionstart.s
@ -1,9 +1,15 @@
 # REQUIRES: x86
 # RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t.o
+# RUN: not ld.lld %t.o --section-start .text=0x100000 \
+# RUN:   --section-start=.data=0x110000 --section-start .bss=0x200000 
 # RUN: ld.lld %t.o --section-start .text=0x100000 \
-# RUN:   --section-start=.data=0x110000 --section-start .bss=0x200000 -o %t
+# RUN:   --section-start=.data=0x110000 --section-start .bss=0x200000 --noinhibit-exec -o %t 2>&1 | \
+# RUN:   FileCheck %s --check-prefix=LINK --implicit-check-not=warning:
 # RUN: llvm-objdump --section-headers %t | FileCheck %s

+# LINK:      warning: section '.text' address (0x100000) is smaller than image base (0x200000); specify --image-base
+# LINK-NEXT: warning: section '.data' address (0x110000) is smaller than image base (0x200000); specify --image-base
+
 # CHECK:      Sections:
 # CHECK-NEXT:  Idx Name          Size     VMA              Type
 # CHECK-NEXT:    0               00000000 0000000000000000
@ -11,21 +17,26 @@
 # CHECK-NEXT:    2 .data         00000004 0000000000110000 DATA
 # CHECK-NEXT:    3 .bss          00000004 0000000000200000 BSS

-## The same, but dropped "0x" prefix.
-# RUN: ld.lld %t.o --section-start .text=100000 \
-# RUN:   --section-start .data=110000 --section-start .bss=0x200000 -o %t1
+## The errors go away when the image base is 0.
+# RUN: ld.lld %t.o -pie --section-start .text=0x100000 \
+# RUN:   --section-start=.data=0x110000 --section-start .bss=0x200000 -o %t 2>&1 | count 0
+# RUN: llvm-objdump --section-headers %t | FileCheck %s
+
+## The same, but dropped "0x" prefix. Specify a smaller --image-base to suppress warnings.
+# RUN: ld.lld %t.o --image-base=0x90000 --section-start .text=100000 \
+# RUN:   --section-start .data=110000 --section-start .bss=0x200000 -o %t1 2>&1 | count 0
 # RUN: llvm-objdump --section-headers %t1 | FileCheck %s

 ## Use -Ttext, -Tdata, -Tbss as replacement for --section-start:
-# RUN: ld.lld %t.o -Ttext=0x100000 -Tdata=0x110000 -Tbss=0x200000 -o %t4
+# RUN: ld.lld %t.o --image-base=0x90000 -Ttext=0x100000 -Tdata=0x110000 -Tbss=0x200000 -o %t4
 # RUN: llvm-objdump --section-headers %t4 | FileCheck %s

 ## The same, but dropped "0x" prefix.
-# RUN: ld.lld %t.o -Ttext=100000 -Tdata=110000 -Tbss=200000 -o %t5
+# RUN: ld.lld %t.o --image-base=0x90000 -Ttext=100000 -Tdata=110000 -Tbss=200000 -o %t5
 # RUN: llvm-objdump --section-headers %t5 | FileCheck %s

 ## Check form without assignment:
-# RUN: ld.lld %t.o -Ttext 0x100000 -Tdata 0x110000 -Tbss 0x200000 -o %t4
+# RUN: ld.lld %t.o --image-base=0x90000 -Ttext 0x100000 -Tdata 0x110000 -Tbss 0x200000 -o %t4
 # RUN: llvm-objdump --section-headers %t4 | FileCheck %s

 ## Errors:
--- a/lld/test/ELF/ttext-tdata-tbss.s
+++ b/lld/test/ELF/ttext-tdata-tbss.s
@ -16,8 +16,10 @@
 ## If -Ttext is smaller than the image base (which defaults to 0x200000 for -no-pie),
 ## the headers will still be allocated, but mapped at a higher address,
 ## which may look strange.
-# RUN: ld.lld -Ttext 0x0 -Tdata 0x4000 -Tbss 0x8000 %t.o -o %t2
+# RUN: ld.lld -Ttext 0x0 -Tdata 0x4000 -Tbss 0x8000 %t.o --noinhibit-exec -o %t2 2>&1 | FileCheck %s --check-prefix=LINK1
 # RUN: llvm-readelf -S -l %t2 | FileCheck %s --check-prefix=USER1
+# LINK1:      warning: section '.text' address (0x0) is smaller than image base (0x200000); specify --image-base
+# LINK1-NEXT: warning: section '.data' address (0x4000) is smaller than image base (0x200000); specify --image-base
 # USER1:      .text   PROGBITS 0000000000000000 001000 000001
 # USER1-NEXT: .data   PROGBITS 0000000000004000 002000 000008
 # USER1-NEXT: .bss    NOBITS   0000000000008000 002008 000008