File pr33502.diff of Package binutils

commit 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Tue Sep 30 08:18:29 2025 +0800

    x86: Disallow TLS relocation in non executable section
    
    Since TLS relocations are applied to executable machine instructions,
    disallow TLS relocation in non-SHT_PROGBITS, non-SHF_EXECINSTR section.
    
            PR ld/33451
            PR ld/33502
            * elf32-i386.c (elf_i386_tls_transition): Disallow TLS relocation
            in non-SHT_PROGBITS, non-SHF_EXECINSTR section.
            (elf_i386_scan_relocs): Likewise.
            * elf64-x86-64.c (elf_x86_64_tls_transition): Likewise.
            (elf_x86_64_scan_relocs): Likewise.
            * elfxx-x86.c (_bfd_x86_elf_link_report_tls_invalid_section_error):
            New.
            * elfxx-x86.h (_bfd_x86_elf_link_report_tls_invalid_section_error):
            Likewise.
    
    Signed-off-by: H.J. Lu <hjl.tools@gmail.com>

diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index 507a0762aff..0d60eded701 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -1166,6 +1166,15 @@ elf_i386_tls_transition (struct bfd_link_info *info, bfd *abfd,
       return true;
     }
 
+  if ((elf_section_type (sec) != SHT_PROGBITS
+       || (sec->flags & SEC_CODE) == 0))
+    {
+      reloc_howto_type *howto = elf_i386_rtype_to_howto (from_type);
+      _bfd_x86_elf_link_report_tls_invalid_section_error
+	(abfd, sec, symtab_hdr, h, sym, howto);
+      return false;
+    }
+
   /* Return TRUE if there is no transition.  */
   if (from_type == to_type)
     return true;
@@ -1733,6 +1742,16 @@ elf_i386_scan_relocs (bfd *abfd,
 		tls_type = GOT_TLS_IE_POS; break;
 	      }
 
+	    if (tls_type >= GOT_TLS_GD
+		&& tls_type <= GOT_TLS_GDESC
+		&& (elf_section_type (sec) != SHT_PROGBITS
+		    || (sec->flags & SEC_CODE) == 0))
+	      {
+		_bfd_x86_elf_link_report_tls_invalid_section_error
+		  (abfd, sec, symtab_hdr, h, isym, howto);
+		goto error_return;
+	      }
+
 	    if (h != NULL)
 	      {
 		h->got.refcount = 1;
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index 620b6a380cd..59b43149897 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -1626,6 +1626,16 @@ elf_x86_64_tls_transition (struct bfd_link_info *info, bfd *abfd,
       return true;
     }
 
+  if ((elf_section_type (sec) != SHT_PROGBITS
+       || (sec->flags & SEC_CODE) == 0))
+    {
+      reloc_howto_type *howto = elf_x86_64_rtype_to_howto (abfd,
+							   from_type);
+      _bfd_x86_elf_link_report_tls_invalid_section_error
+	(abfd, sec, symtab_hdr, h, sym, howto);
+      return false;
+    }
+
   /* Return TRUE if there is no transition.  */
   if (from_type == to_type
       || (from_type == R_X86_64_CODE_4_GOTTPOFF
@@ -2757,6 +2767,16 @@ need_got:
 		break;
 	      }
 
+	    if (tls_type >= GOT_TLS_GD
+		&& tls_type <= GOT_TLS_GDESC
+		&& (elf_section_type (sec) != SHT_PROGBITS
+		    || (sec->flags & SEC_CODE) == 0))
+	      {
+		_bfd_x86_elf_link_report_tls_invalid_section_error
+		  (abfd, sec, symtab_hdr, h, isym, howto);
+		goto error_return;
+	      }
+
 	    if (h != NULL)
 	      {
 		h->got.refcount = 1;
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index 0d389968c91..d8c653a9ad2 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -3365,6 +3365,26 @@ _bfd_x86_elf_link_report_tls_transition_error
   bfd_set_error (bfd_error_bad_value);
 }
 
+/* Report TLS invalid section error.  */
+
+void
+_bfd_x86_elf_link_report_tls_invalid_section_error
+  (bfd *abfd, asection *sec, Elf_Internal_Shdr *symtab_hdr,
+   struct elf_link_hash_entry *h, Elf_Internal_Sym *sym,
+   reloc_howto_type *howto)
+{
+  const char *name;
+  if (h)
+    name = h->root.root.string;
+  else
+    name = bfd_elf_sym_name (abfd, symtab_hdr, sym, NULL);
+  _bfd_error_handler
+    /* xgettext:c-format */
+    (_("%pB: relocation %s against thread local symbol `%s' in "
+       "invalid section `%pA'"), abfd, howto->name, name, sec);
+  bfd_set_error (bfd_error_bad_value);
+}
+
 /* Return TRUE if symbol should be hashed in the `.gnu.hash' section.  */
 
 bool
diff --git a/bfd/elfxx-x86.h b/bfd/elfxx-x86.h
index 1ebc9d2f2e5..f8a24a77577 100644
--- a/bfd/elfxx-x86.h
+++ b/bfd/elfxx-x86.h
@@ -951,6 +951,10 @@ extern void _bfd_x86_elf_link_report_tls_transition_error
    const Elf_Internal_Rela *, const char *, const char *,
    enum elf_x86_tls_error_type);
 
+extern void _bfd_x86_elf_link_report_tls_invalid_section_error
+  (bfd *, asection *, Elf_Internal_Shdr *, struct elf_link_hash_entry *,
+   Elf_Internal_Sym *, reloc_howto_type *);
+
 #define bfd_elf64_mkobject \
   _bfd_x86_elf_mkobject
 #define bfd_elf32_mkobject \