From 2ae4c7035cd77006e43c88f45f26f9a728026669 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 30 Jan 2020 17:03:22 +0100
Subject: [PATCH] x86: prevent undue use of GOT32X and alike relocations

Comparison of i.tm.base_opcode against particular but not sufficiently
specific values needs to be accompanied by other qualification. Exclude
VEX and alike encodings here, and also exclude all forms of prefixes
explicitly specified in the opcodes table. While using @GOT with such
insns may not be very useful, it also isn't with e.g. ADC and SBB, yet
these get explicitly listed in comments as supported.
---
 gas/ChangeLog                         |  7 +++++
 gas/config/tc-i386.c                  |  3 ++-
 gas/testsuite/gas/i386/got-no-relax.d | 37 +++++++++++++++++----------
 gas/testsuite/gas/i386/got.d          | 37 +++++++++++++++++----------
 gas/testsuite/gas/i386/got.s          | 13 ++++++++++
 5 files changed, 68 insertions(+), 29 deletions(-)

diff --git a/gas/ChangeLog b/gas/ChangeLog
index ef3a47cd8c9..8bad416a307 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,10 @@
+2020-01-30  Jan Beulich  <jbeulich@suse.com>
+
+	* config/tc-i386.c (output_disp): Tighten base_opcode check.
+	* testsuite/gas/i386/got.s: Add LSL, MOVLPS, and BNDCN cases.
+	* testsuite/gas/i386/got-no-relax.d, testsuite/gas/i386/got.d:
+	Adjust expectations.
+
 2020-01-30  Jose E. Marchesi  <jose.marchesi@oracle.com>
 
 	* testsuite/gas/bpf/alu.d: Update expected opcode for `neg'.
diff --git a/gas/config/tc-i386.c b/gas/config/tc-i386.c
index 4f102a3de3d..945ceb28d69 100644
--- a/gas/config/tc-i386.c
+++ b/gas/config/tc-i386.c
@@ -9061,13 +9061,14 @@ output_disp (fragS *insn_start_frag, offsetT insn_start_off)
 			  && i.rm.regmem == 5))
 		  && (i.rm.mode == 2
 		      || (i.rm.mode == 0 && i.rm.regmem == 5))
+		  && !is_any_vex_encoding(&i.tm)
 		  && ((i.operands == 1
 		       && i.tm.base_opcode == 0xff
 		       && (i.rm.reg == 2 || i.rm.reg == 4))
 		      || (i.operands == 2
 			  && (i.tm.base_opcode == 0x8b
 			      || i.tm.base_opcode == 0x85
-			      || (i.tm.base_opcode & 0xc7) == 0x03))))
+			      || (i.tm.base_opcode & ~0x38) == 0x03))))
 		{
 		  if (object_64bit)
 		    {
diff --git a/gas/testsuite/gas/i386/got-no-relax.d b/gas/testsuite/gas/i386/got-no-relax.d
index 6bf138a5cb2..41b4adfc431 100644
--- a/gas/testsuite/gas/i386/got-no-relax.d
+++ b/gas/testsuite/gas/i386/got-no-relax.d
@@ -14,18 +14,27 @@ Disassembly of section .text:
 [ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	12: R_386_GOT32	foo
 [ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	18: R_386_GOT32X	foo
 [ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	1e: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	24: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	2a: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	30: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	36: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	b8 00 00 00 00       	mov    \$0x0,%eax	3b: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	8b 05 00 00 00 00    	mov    0x0,%eax	41: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	8b 80 00 00 00 00    	mov    0x0\(%eax\),%eax	47: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	4c: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	52: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	58: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	5e: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	64: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	6a: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	70: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	a9 00 00 00 00       	test   \$0x0,%eax	23: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	85 05 00 00 00 00    	test   %eax,0x0	29: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	85 80 00 00 00 00    	test   %eax,0x0\(%eax\)	2f: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	35: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	3b: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	41: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	47: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 03 05 00 00 00 00 	lsl    0x0,%eax	4e: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 03 80 00 00 00 00 	lsl    0x0\(%eax\),%eax	55: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	f2 0f 1b 05 00 00 00 00 	bndcn  0x0,%bnd0	5d: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	f2 0f 1b 80 00 00 00 00 	bndcn  0x0\(%eax\),%bnd0	65: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 13 05 00 00 00 00 	movlps %xmm0,0x0	6c: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 13 80 00 00 00 00 	movlps %xmm0,0x0\(%eax\)	73: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	b8 00 00 00 00       	mov    \$0x0,%eax	78: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	8b 05 00 00 00 00    	mov    0x0,%eax	7e: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	8b 80 00 00 00 00    	mov    0x0\(%eax\),%eax	84: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	89: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	8f: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	95: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	9b: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	a1: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	a7: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	ad: R_386_GOT32X	foo
 #pass
diff --git a/gas/testsuite/gas/i386/got.d b/gas/testsuite/gas/i386/got.d
index 7621cdf0700..351da27e046 100644
--- a/gas/testsuite/gas/i386/got.d
+++ b/gas/testsuite/gas/i386/got.d
@@ -13,18 +13,27 @@ Disassembly of section .text:
 [ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	12: R_386_GOT32	foo
 [ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	18: R_386_GOT32X	foo
 [ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	1e: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	24: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	2a: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	30: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	36: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	b8 00 00 00 00       	mov    \$0x0,%eax	3b: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	8b 05 00 00 00 00    	mov    0x0,%eax	41: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	8b 80 00 00 00 00    	mov    0x0\(%eax\),%eax	47: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	4c: R_386_GOT32	foo
-[ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	52: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	58: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	5e: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	64: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	6a: R_386_GOT32X	foo
-[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	70: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	a9 00 00 00 00       	test   \$0x0,%eax	23: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	85 05 00 00 00 00    	test   %eax,0x0	29: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	85 80 00 00 00 00    	test   %eax,0x0\(%eax\)	2f: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	35: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	3b: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	41: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	47: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	0f 03 05 00 00 00 00 	lsl    0x0,%eax	4e: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 03 80 00 00 00 00 	lsl    0x0\(%eax\),%eax	55: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	f2 0f 1b 05 00 00 00 00 	bndcn  0x0,%bnd0	5d: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	f2 0f 1b 80 00 00 00 00 	bndcn  0x0\(%eax\),%bnd0	65: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 13 05 00 00 00 00 	movlps %xmm0,0x0	6c: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	0f 13 80 00 00 00 00 	movlps %xmm0,0x0\(%eax\)	73: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	b8 00 00 00 00       	mov    \$0x0,%eax	78: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	8b 05 00 00 00 00    	mov    0x0,%eax	7e: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	8b 80 00 00 00 00    	mov    0x0\(%eax\),%eax	84: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	05 00 00 00 00       	add    \$0x0,%eax	89: R_386_GOT32	foo
+[ 	]*[a-f0-9]+:	03 05 00 00 00 00    	add    0x0,%eax	8f: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	03 80 00 00 00 00    	add    0x0\(%eax\),%eax	95: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 90 00 00 00 00    	call   \*0x0\(%eax\)	9b: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 15 00 00 00 00    	call   \*0x0	a1: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff a0 00 00 00 00    	jmp    \*0x0\(%eax\)	a7: R_386_GOT32X	foo
+[ 	]*[a-f0-9]+:	ff 25 00 00 00 00    	jmp    \*0x0	ad: R_386_GOT32X	foo
 #pass
diff --git a/gas/testsuite/gas/i386/got.s b/gas/testsuite/gas/i386/got.s
index 10fa881aa6f..47194115bc8 100644
--- a/gas/testsuite/gas/i386/got.s
+++ b/gas/testsuite/gas/i386/got.s
@@ -8,11 +8,24 @@ _start:
 	addl	foo@GOT, %eax
 	addl	foo@GOT(%eax), %eax
 
+	testl	$foo@GOT, %eax
+	testl	foo@GOT, %eax
+	testl	foo@GOT(%eax), %eax
+
 	call	*foo@GOT
 	call	*foo@GOT(%eax)
 	jmp	*foo@GOT
 	jmp	*foo@GOT(%eax)
 
+	lsll	foo@GOT, %eax
+	lsll	foo@GOT(%eax), %eax
+
+	bndcn	foo@GOT, %bnd0
+	bndcn	foo@GOT(%eax), %bnd0
+
+	movlps	%xmm0, foo@GOT
+	movlps	%xmm0, foo@GOT(%eax)
+
 	.intel_syntax noprefix
 
 	mov	eax, offset foo@got
-- 
2.30.2