[ELF] Don't emit capreloc for non-preemptible undef weak symbols

jrtc27 · resistor · commit 7829a8b744e8 · 2025-11-04T00:13:15.000+09:00
Currently we rely on cheri_init_globals or equivalent treating a base of
0 as NULL. Historically when caprelocs encoded the absolute base this
was relatively ok, if inefficient, but with caprelocs being implicitly
relative this is ambiguous, as it could instead be a relocation
referring to the start of the object, which we can no longer express. We
could paper over that by checking the length is 0 too (breaking only if
wanting to refer to a 0-byte region at the start of the object), but
it's still inefficient and unnecessary. It also failed to account for
the addend, always giving NULL, not NULL + addend. Since we have a true
static link time constant, we should just write out the bits for a
NULL-derived capability, just as the assembler does for .chericap const.

This is also important downstream for Morello, and will be important
here too, as when PCC bounds are correctly set in the relocations the
base could legitimately be zero for a non-preemptible symbol that isn't
itself zero. Morello therefore does not treat a base of 0 as special,
and so is more broken for non-preemptible undef weak symbols, deriving
real (if representable) capabilities, with an address that isn't even 0
in the case of dynamically-linked binaries.
diff --git a/lld/ELF/Arch/Cheri.cpp b/lld/ELF/Arch/Cheri.cpp
@@ -1030,6 +1030,27 @@ void addCapabilityRelocation(
     }
   }
 
+  // Non-preemptible undef weak symbols are link-time constants
+  if (sym && !sym->isPreemptible && sym->isUndefWeak()) {
+    if (ctx.arg.isLE) {
+      sec->addReloc({R_ABS, ctx.target->symbolicRel, offset, addend, sym});
+      sec->addReloc({R_ADDEND, ctx.target->symbolicRel,
+                     offset + ctx.arg.wordsize, 0, sym});
+    } else {
+      sec->addReloc({R_ADDEND, ctx.target->symbolicRel, offset, 0, sym});
+      sec->addReloc({R_ABS, ctx.target->symbolicRel, offset + ctx.arg.wordsize,
+                     addend, sym});
+    }
+    // Handle deprecated CHERI-256
+    if (ctx.target->getCapabilitySize() == ctx.arg.wordsize * 4) {
+      sec->addReloc({R_ADDEND, ctx.target->symbolicRel,
+                     offset + 2 * ctx.arg.wordsize, 0, sym});
+      sec->addReloc({R_ADDEND, ctx.target->symbolicRel,
+                     offset + 3 * ctx.arg.wordsize, 0, sym});
+    }
+    return;
+  }
+
   // local cap relocs don't need a Elf relocation with a full symbol lookup:
   if (capRelocMode == CapRelocsMode::ElfReloc) {
     assert(sym && "ELF relocs should not be used against sections");
diff --git a/lld/test/ELF/cheri/cap-table/weak-symbols.c b/lld/test/ELF/cheri/cap-table/weak-symbols.c
@@ -46,16 +46,15 @@ int __start(void) {
 // DYNAMIC-EXE: 0000000000030810 g       .got             0000000000000000 _edata
 // DYNAMIC-EXE: 0000000000010728 g     F .text            0000000000000008 __start
 
-// STATIC-EXE: 0000000000030540 l       .preinit_array    0000000000000008 .hidden __preinit_array_start
-// STATIC-EXE: 0000000000030548 l       .preinit_array    0000000000000000 .hidden __preinit_array_end
+// STATIC-EXE: 0000000000030520 l       .preinit_array    0000000000000008 .hidden __preinit_array_start
+// STATIC-EXE: 0000000000030528 l       .preinit_array    0000000000000000 .hidden __preinit_array_end
 // STATIC-EXE: 0000000000010000 l       .MIPS.abiflags             0000000000000000 .hidden __init_array_start
-//                      ^------- Start of .text segment (actual value doesn't matter as long as iteration terminates immediately)
 // STATIC-EXE: 0000000000010000 l       .MIPS.abiflags             0000000000000000 .hidden __init_array_end
-// STATIC-EXE: 0000000000040610 g       .bss              0000000000000000 end
-// STATIC-EXE: 0000000000040610 g       .bss              0000000000000000 _end
-// STATIC-EXE: 0000000000020540 g       .text             0000000000000000 etext
-// STATIC-EXE: 0000000000020540 g       .text             0000000000000000 _etext
-// STATIC-EXE: 0000000000040610 g       .got              0000000000000000 edata
-// STATIC-EXE: 0000000000040610 g       .got              0000000000000000 _edata
+// STATIC-EXE: 00000000000405f0 g       .bss              0000000000000000 end
+// STATIC-EXE: 00000000000405f0 g       .bss              0000000000000000 _end
+// STATIC-EXE: 0000000000020520 g       .text             0000000000000000 etext
+// STATIC-EXE: 0000000000020520 g       .text             0000000000000000 _etext
+// STATIC-EXE: 00000000000405f0 g       .got              0000000000000000 edata
+// STATIC-EXE: 00000000000405f0 g       .got              0000000000000000 _edata
 // STATIC-EXE: 0000000000000000  w      *UND*             0000000000000000 _DYNAMIC
-// STATIC-EXE: 0000000000020538 g     F .text             0000000000000008 __start
+// STATIC-EXE: 0000000000020518 g     F .text             0000000000000008 __start
diff --git a/lld/test/ELF/cheri/mips/undef-weak.s b/lld/test/ELF/cheri/mips/undef-weak.s
@@ -0,0 +1,18 @@
+# REQUIRES: mips
+
+# RUN: llvm-mc -triple=mips64 -mcpu=cheri128 -mattr=+cheri128 -filetype=obj %s -o %t.128.o
+# RUN: ld.lld %t.128.o -o %t.128
+# RUN: llvm-readobj --cap-relocs %t.128 | FileCheck --check-prefix=RELOC %s
+# RUN: llvm-readobj -x .data %t.128 | FileCheck --check-prefix=HEX128 %s
+
+# RELOC: There is no __cap_relocs section in the file.
+
+# HEX128-LABEL: section '.data':
+# HEX128-NEXT:  [[#%x,]] 00000000 00000000 00000000 00000000
+# HEX128-NEXT:  [[#%x,]] 00000000 00000000 00000000 00000003
+
+.weak undef_weak
+
+.data
+.chericap undef_weak
+.chericap undef_weak + 3
diff --git a/lld/test/ELF/cheri/riscv/undef-weak.s b/lld/test/ELF/cheri/riscv/undef-weak.s
@@ -0,0 +1,26 @@
+# REQUIRES: riscv
+
+# RUN: %riscv32_cheri_purecap_llvm-mc -filetype=obj %s -o %t.32.o
+# RUN: ld.lld %t.32.o -o %t.32
+# RUN: llvm-readobj --cap-relocs %t.32 | FileCheck --check-prefix=RELOC %s
+# RUN: llvm-readobj -x .data %t.32 | FileCheck --check-prefix=HEX32 %s
+
+# RUN: %riscv64_cheri_purecap_llvm-mc -filetype=obj %s -o %t.64.o
+# RUN: ld.lld %t.64.o -o %t.64
+# RUN: llvm-readobj --cap-relocs %t.64 | FileCheck --check-prefix=RELOC %s
+# RUN: llvm-readobj -x .data %t.64 | FileCheck --check-prefix=HEX64 %s
+
+# RELOC: There is no __cap_relocs section in the file.
+
+# HEX32-LABEL: section '.data':
+# HEX32-NEXT:  [[#%x,]] 00000000 00000000 03000000 00000000
+
+# HEX64-LABEL: section '.data':
+# HEX64-NEXT:  [[#%x,]] 00000000 00000000 00000000 00000000
+# HEX64-NEXT:  [[#%x,]] 03000000 00000000 00000000 00000000
+
+.weak undef_weak
+
+.data
+.chericap undef_weak
+.chericap undef_weak + 3
