This is an archive of the discontinued LLVM Phabricator instance.

Differential D109803

Extract LC_CODE_SIGNATURE related implementation out of LLD
ClosedPublic

Authored by nuriamari on Sep 14 2021, 6:42 PM.

Details

Reviewers
gkm
int3
drodriguez
alexander-shaposhnikov
thakis
oontvoo
Group Reviewers
Restricted Project
Commits
rGcc8229603b67: Extract LC_CODE_SIGNATURE related implementation out of LLD
Summary

Move the functionality in lld that handles writing of the LC_CODE_SIGNATURE load command and associated data section to a central reusable location.

This change is in preparation for another change that modifies llvm-objcopy to reproduce the LC_CODE_SIGNATURE load command and corresponding
data section to maintain the validity of signed macho object files passed through llvm-objcopy.

Diff Detail

Event Timeline

nuriamari created this revision.Sep 14 2021, 6:42 PM
Herald added a reviewer: gkm. · View Herald TranscriptSep 14 2021, 6:42 PM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added a reviewer: Restricted Project. · View Herald Transcript
Herald added subscribers: hiraditya, mgorny. · View Herald Transcript
Harbormaster completed remote builds in B123946: Diff 372614.Sep 14 2021, 7:35 PM
nuriamari edited the summary of this revision. (Show Details)Sep 15 2021, 6:50 AM
nuriamari added reviewers: int3, drodriguez.
Herald added a reviewer: alexander-shaposhnikov. · View Herald TranscriptSep 15 2021, 6:50 AM
nuriamari added a reviewer: thakis.Sep 15 2021, 9:00 AM
nuriamari published this revision for review.Sep 15 2021, 9:06 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 15 2021, 9:06 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
thakis added a comment.Sep 15 2021, 9:10 AM

Move itself looks fine, but why is there a new lld test in here? This should be behavior-preserving, so I wouldn't expect test updates.

If you want to add a new test to lld independently from this change (?), I'd put that in a separate patch.

nuriamari added a comment.Sep 15 2021, 9:19 AM
In D109803#3001863, @thakis wrote:

Move itself looks fine, but why is there a new lld test in here? This should be behavior-preserving, so I wouldn't expect test updates.

If you want to add a new test to lld independently from this change (?), I'd put that in a separate patch.

The new test is to ensure no behavior is broken. The existing code signature related test does not test that the hash was performed properly, just that the load command is included. This test is to make sure the move doesn't break the signature generation.

thakis added a comment.Sep 15 2021, 10:01 AM
In D109803#3001885, @nuriamari wrote:
In D109803#3001863, @thakis wrote:

Move itself looks fine, but why is there a new lld test in here? This should be behavior-preserving, so I wouldn't expect test updates.

If you want to add a new test to lld independently from this change (?), I'd put that in a separate patch.

The new test is to ensure no behavior is broken. The existing code signature related test does not test that the hash was performed properly, just that the load command is included. This test is to make sure the move doesn't break the signature generation.

Can we land that in its own patch? :)

nuriamari updated this revision to Diff 372757.Sep 15 2021, 11:20 AM

Remove new test, now included in separate patch

nuriamari added a comment.Sep 15 2021, 11:22 AM
In D109803#3001996, @thakis wrote:
In D109803#3001885, @nuriamari wrote:
In D109803#3001863, @thakis wrote:

Move itself looks fine, but why is there a new lld test in here? This should be behavior-preserving, so I wouldn't expect test updates.

If you want to add a new test to lld independently from this change (?), I'd put that in a separate patch.

The new test is to ensure no behavior is broken. The existing code signature related test does not test that the hash was performed properly, just that the load command is included. This test is to make sure the move doesn't break the signature generation.

Can we land that in its own patch? :)

Sure :) https://reviews.llvm.org/D109840

Harbormaster completed remote builds in B124051: Diff 372757.Sep 15 2021, 12:00 PM
thevinster added a subscriber: thevinster.Sep 15 2021, 12:15 PM
thevinster added inline comments.
lld/MachO/SyntheticSections.cpp
1148–1149

Any specific reason for not namespacing object? :)

1160–1167

It seems redundant to have both writeTo and writeHashes now that it's combined. Comment makes since in the context of this diff but it doesn't make too much sense outside of the context unless people are referring to this diff. Personally, I would rename all places that were using writeHashes to writeTo and get rid of writeHashes completely from this class (unless there other issues preventing this)

oontvoo added a subscriber: oontvoo.Sep 15 2021, 12:28 PM
oontvoo added inline comments.
lld/MachO/SyntheticSections.cpp
1148–1149

this is now a stray comment?

llvm/include/llvm/Object/MachO.h
737–750

Please consider re-arranging the members. I think the convention is to leave private fields at the end of the class, after private methods. (Also explicit modifier is preferred).

More generally, the order of members are <PUBLIC>, <PROTECTED>, <PRIVATE>, then within each, methods go before fields.

llvm/lib/Object/CodeSignatureSection.cpp
28

not needed - unless you're going to add some text here?

nuriamari updated this revision to Diff 372824.Sep 15 2021, 3:55 PM
nuriamari marked 4 inline comments as done.

Fix stray comment, rearrange type definition and clean up static asserts

lld/MachO/SyntheticSections.cpp
1148–1149

If I namespace object, there is a collision between the CodeSignatureSection defined in SyntheticSections.h and the desired definition in MachO.h.

1160–1167

The base class requires writeTo to be defined and writeTo can't cleanly be used to write the hashes since they can only be written once everything else in the binary is written.

Harbormaster completed remote builds in B124106: Diff 372824.Sep 15 2021, 4:13 PM
oontvoo accepted this revision as: oontvoo.Sep 15 2021, 7:54 PM

LGTM

llvm/lib/Object/CodeSignatureSection.cpp
28

Oops, sorry about this suggestion - I forgot LLVM is still on C++14.

This revision is now accepted and ready to land.Sep 15 2021, 7:54 PM
nuriamari updated this revision to Diff 372858.Sep 15 2021, 8:04 PM
nuriamari marked an inline comment as done.

Satisfy clang-tidy / clang-format

nuriamari updated this revision to Diff 372859.Sep 15 2021, 8:08 PM

Restore static asserts

Harbormaster completed remote builds in B124137: Diff 372859.Sep 15 2021, 8:38 PM
int3 added inline comments.Sep 16 2021, 8:10 AM
lld/MachO/SyntheticSections.cpp
1155–1157

can we construct this once in CodeSignatureSection::finalize()? (so CodeSignatureSection would have a std::unique_ptr<object::CodeSignatureSection> member that can be reused in writeHashes)

nuriamari updated this revision to Diff 372958.Sep 16 2021, 8:29 AM

Construct object::CodeSignature object once

nuriamari marked an inline comment as done.Sep 16 2021, 8:43 AM
int3 accepted this revision.Sep 16 2021, 8:48 AM

lgtm

Harbormaster completed remote builds in B124203: Diff 372958.Sep 16 2021, 9:19 AM
Closed by commit rGcc8229603b67: Extract LC_CODE_SIGNATURE related implementation out of LLD (authored by nuriamari, committed by drodriguez). · Explain WhySep 16 2021, 5:45 PM
This revision was automatically updated to reflect the committed changes.
drodriguez added a commit: rGcc8229603b67: Extract LC_CODE_SIGNATURE related implementation out of LLD.
alexander-shaposhnikov mentioned this in D109972: Regenerate LC_CODE_SIGNATURE during llvm-objcopy operations.Sep 17 2021, 5:03 PM
drodriguez added a reverting change: D110974: Revert "Extract LC_CODE_SIGNATURE related implementation out of LLD".Oct 1 2021, 2:34 PM
drodriguez added a comment.Oct 1 2021, 2:35 PM

Reverted in https://reviews.llvm.org/D110974

drodriguez added a reverting change: rG657f02d45804: Revert "Extract LC_CODE_SIGNATURE related implementation out of LLD".Oct 1 2021, 5:21 PM
nuriamari mentioned this in D111164: Regenerate LC_CODE_SIGNATURE during llvm-objcopy operations.Oct 5 2021, 9:59 AM
drodriguez mentioned this in rGa299b24712cc: Regenerate LC_CODE_SIGNATURE during llvm-objcopy operations.Oct 26 2021, 2:52 PM

Revision Contents

PathSize
lld/
MachO/
18 lines
96 lines
llvm/
include/
llvm/
Object/
38 lines
lib/
Object/
1 line
142 lines

Diff 373116

lld/MachO/SyntheticSections.h

Show All 15 Lines
#include "OutputSegment.h" #include "OutputSegment.h"
#include "Target.h" #include "Target.h"
#include "Writer.h" #include "Writer.h"
#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/Hashing.h" #include "llvm/ADT/Hashing.h"
#include "llvm/ADT/SetVector.h" #include "llvm/ADT/SetVector.h"
#include "llvm/MC/StringTableBuilder.h" #include "llvm/MC/StringTableBuilder.h"
#include "llvm/Object/MachO.h"
#include "llvm/Support/MathExtras.h" #include "llvm/Support/MathExtras.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
#include <unordered_map> #include <unordered_map>
namespace llvm { namespace llvm {
class DWARFUnit; class DWARFUnit;
} // namespace llvm } // namespace llvm
▲ Show 20 LinesShow All 439 Lines▼ Show 20 Linespublic:
} }
bool isNeeded() const override; bool isNeeded() const override;
void writeTo(uint8_t *buf) const override; void writeTo(uint8_t *buf) const override;
}; };
// The code signature comes at the very end of the linked output file. // The code signature comes at the very end of the linked output file.
class CodeSignatureSection final : public LinkEditSection { class CodeSignatureSection final : public LinkEditSection {
public: public:
static constexpr uint8_t blockSizeShift = 12;
static constexpr size_t blockSize = (1 << blockSizeShift); // 4 KiB
static constexpr size_t hashSize = 256 / 8;
static constexpr size_t blobHeadersSize = llvm::alignTo<8>(
sizeof(llvm::MachO::CS_SuperBlob) + sizeof(llvm::MachO::CS_BlobIndex));
static constexpr uint32_t fixedHeadersSize =
blobHeadersSize + sizeof(llvm::MachO::CS_CodeDirectory);
uint32_t fileNamePad = 0;
uint32_t allHeadersSize = 0;
StringRef fileName;
CodeSignatureSection(); CodeSignatureSection();
uint64_t getRawSize() const override; uint64_t getRawSize() const override;
bool isNeeded() const override { return true; } bool isNeeded() const override { return true; }
void writeTo(uint8_t *buf) const override; void writeTo(uint8_t *buf) const override;
uint32_t getBlockCount() const;
void writeHashes(uint8_t *buf) const; void writeHashes(uint8_t *buf) const;
void finalize() override;
private:
std::unique_ptr<llvm::object::CodeSignatureSection> sectionBuilder;
}; };
class BitcodeBundleSection final : public SyntheticSection { class BitcodeBundleSection final : public SyntheticSection {
public: public:
BitcodeBundleSection(); BitcodeBundleSection();
uint64_t getSize() const override { return xarSize; } uint64_t getSize() const override { return xarSize; }
void finalize() override; void finalize() override;
void writeTo(uint8_t *buf) const override; void writeTo(uint8_t *buf) const override;
▲ Show 20 LinesShow All 113 LinesShow Last 20 Lines

lld/MachO/SyntheticSections.cpp

Show All 18 Lines
#include "lld/Common/ErrorHandler.h" #include "lld/Common/ErrorHandler.h"
#include "lld/Common/Memory.h" #include "lld/Common/Memory.h"
#include "llvm/ADT/STLExtras.h" #include "llvm/ADT/STLExtras.h"
#include "llvm/Config/llvm-config.h" #include "llvm/Config/llvm-config.h"
#include "llvm/Support/EndianStream.h" #include "llvm/Support/EndianStream.h"
#include "llvm/Support/FileSystem.h" #include "llvm/Support/FileSystem.h"
#include "llvm/Support/LEB128.h" #include "llvm/Support/LEB128.h"
#include "llvm/Support/Path.h" #include "llvm/Support/Path.h"
#include "llvm/Support/SHA256.h"
#if defined(__APPLE__)
#include <sys/mman.h>
#endif
#ifdef LLVM_HAVE_LIBXAR #ifdef LLVM_HAVE_LIBXAR
#include <fcntl.h> #include <fcntl.h>
#include <xar/xar.h> #include <xar/xar.h>
#endif #endif
using namespace llvm; using namespace llvm;
using namespace llvm::MachO; using namespace llvm::MachO;
▲ Show 20 LinesShow All 1,104 Lines▼ Show 20 Lines
void StringTableSection::writeTo(uint8_t *buf) const { void StringTableSection::writeTo(uint8_t *buf) const {
uint32_t off = 0; uint32_t off = 0;
for (StringRef str : strings) { for (StringRef str : strings) {
memcpy(buf + off, str.data(), str.size()); memcpy(buf + off, str.data(), str.size());
off += str.size() + 1; // account for null terminator off += str.size() + 1; // account for null terminator
} }
} }
static_assert((CodeSignatureSection::blobHeadersSize % 8) == 0, "");
static_assert((CodeSignatureSection::fixedHeadersSize % 8) == 0, "");
CodeSignatureSection::CodeSignatureSection() CodeSignatureSection::CodeSignatureSection()
: LinkEditSection(segment_names::linkEdit, section_names::codeSignature) { : LinkEditSection(segment_names::linkEdit, section_names::codeSignature) {
align = 16; // required by libstuff align = object::CodeSignatureSection::Align; // required by libstuff
thevinsterUnsubmitted
Done
ReplyInline Actions

Any specific reason for not namespacing object? :)

thevinster: Any specific reason for not namespacing object? :)
nuriamariAuthorUnsubmitted
Done
ReplyInline Actions

If I namespace object, there is a collision between the CodeSignatureSection defined in SyntheticSections.h and the desired definition in MachO.h.

nuriamari: If I namespace object, there is a collision between the `CodeSignatureSection` defined in…
oontvooUnsubmitted
Done
ReplyInline Actions

this is now a stray comment?

oontvoo: this is now a stray comment?
// FIXME: Consider using finalOutput instead of outputFile.
fileName = config->outputFile;
size_t slashIndex = fileName.rfind("/");
if (slashIndex != std::string::npos)
fileName = fileName.drop_front(slashIndex + 1);
allHeadersSize = alignTo<16>(fixedHeadersSize + fileName.size() + 1);
fileNamePad = allHeadersSize - fixedHeadersSize - fileName.size();
}
uint32_t CodeSignatureSection::getBlockCount() const {
return (fileOff + blockSize - 1) / blockSize;
} }
uint64_t CodeSignatureSection::getRawSize() const { uint64_t CodeSignatureSection::getRawSize() const {
return allHeadersSize + getBlockCount() * hashSize; return static_cast<uint64_t>(sectionBuilder->getRawSize());
} }
void CodeSignatureSection::writeHashes(uint8_t *buf) const { void CodeSignatureSection::writeHashes(uint8_t *buf) const {
uint8_t *code = buf; sectionBuilder->write(buf);
int3Unsubmitted
Done
ReplyInline Actions

can we construct this once in CodeSignatureSection::finalize()? (so CodeSignatureSection would have a std::unique_ptr<object::CodeSignatureSection> member that can be reused in writeHashes)

int3: can we construct this once in `CodeSignatureSection::finalize()`? (so CodeSignatureSection…
uint8_t *codeEnd = buf + fileOff;
uint8_t *hashes = codeEnd + allHeadersSize;
while (code < codeEnd) {
StringRef block(reinterpret_cast<char *>(code),
std::min(codeEnd - code, static_cast<ssize_t>(blockSize)));
SHA256 hasher;
hasher.update(block);
StringRef hash = hasher.final();
assert(hash.size() == hashSize);
memcpy(hashes, hash.data(), hashSize);
code += blockSize;
hashes += hashSize;
}
#if defined(__APPLE__)
// This is macOS-specific work-around and makes no sense for any
// other host OS. See https://openradar.appspot.com/FB8914231
//
// The macOS kernel maintains a signature-verification cache to
// quickly validate applications at time of execve(2). The trouble
// is that for the kernel creates the cache entry at the time of the
// mmap(2) call, before we have a chance to write either the code to
// sign or the signature header+hashes. The fix is to invalidate
// all cached data associated with the output file, thus discarding
// the bogus prematurely-cached signature.
msync(buf, fileOff + getSize(), MS_INVALIDATE);
#endif
} }
void CodeSignatureSection::writeTo(uint8_t *buf) const { void CodeSignatureSection::writeTo(uint8_t *buf) const {
uint32_t signatureSize = static_cast<uint32_t>(getSize()); // The entire code section including header is written
auto *superBlob = reinterpret_cast<CS_SuperBlob *>(buf); // in CodeSignatureSection::writeHashes above.
write32be(&superBlob->magic, CSMAGIC_EMBEDDED_SIGNATURE); }
write32be(&superBlob->length, signatureSize);
write32be(&superBlob->count, 1); void CodeSignatureSection::finalize() {
auto *blobIndex = reinterpret_cast<CS_BlobIndex *>(&superBlob[1]);
write32be(&blobIndex->type, CSSLOT_CODEDIRECTORY);
write32be(&blobIndex->offset, blobHeadersSize);
auto *codeDirectory =
reinterpret_cast<CS_CodeDirectory *>(buf + blobHeadersSize);
write32be(&codeDirectory->magic, CSMAGIC_CODEDIRECTORY);
write32be(&codeDirectory->length, signatureSize - blobHeadersSize);
write32be(&codeDirectory->version, CS_SUPPORTSEXECSEG);
write32be(&codeDirectory->flags, CS_ADHOC | CS_LINKER_SIGNED);
write32be(&codeDirectory->hashOffset,
sizeof(CS_CodeDirectory) + fileName.size() + fileNamePad);
write32be(&codeDirectory->identOffset, sizeof(CS_CodeDirectory));
codeDirectory->nSpecialSlots = 0;
write32be(&codeDirectory->nCodeSlots, getBlockCount());
write32be(&codeDirectory->codeLimit, fileOff);
codeDirectory->hashSize = static_cast<uint8_t>(hashSize);
codeDirectory->hashType = kSecCodeSignatureHashSHA256;
codeDirectory->platform = 0;
codeDirectory->pageSize = blockSizeShift;
codeDirectory->spare2 = 0;
codeDirectory->scatterOffset = 0;
codeDirectory->teamOffset = 0;
codeDirectory->spare3 = 0;
codeDirectory->codeLimit64 = 0;
OutputSegment *textSeg = getOrCreateOutputSegment(segment_names::text); OutputSegment *textSeg = getOrCreateOutputSegment(segment_names::text);
write64be(&codeDirectory->execSegBase, textSeg->fileOff); // NOTE: ld64 seems to also use outputFile instead of finalOutput
thevinsterUnsubmitted
Done
ReplyInline Actions

It seems redundant to have both writeTo and writeHashes now that it's combined. Comment makes since in the context of this diff but it doesn't make too much sense outside of the context unless people are referring to this diff. Personally, I would rename all places that were using writeHashes to writeTo and get rid of writeHashes completely from this class (unless there other issues preventing this)

thevinster: It seems redundant to have both writeTo and writeHashes now that it's combined. Comment makes…
nuriamariAuthorUnsubmitted
Done
ReplyInline Actions

The base class requires writeTo to be defined and writeTo can't cleanly be used to write the hashes since they can only be written once everything else in the binary is written.

nuriamari: The base class requires `writeTo` to be defined and writeTo can't cleanly be used to write the…
write64be(&codeDirectory->execSegLimit, textSeg->fileSize); sectionBuilder = std::make_unique<object::CodeSignatureSection>(
write64be(&codeDirectory->execSegFlags, fileOff, config->outputFile, config->outputType, textSeg->fileOff,
config->outputType == MH_EXECUTE ? CS_EXECSEG_MAIN_BINARY : 0); textSeg->fileSize);
auto *id = reinterpret_cast<char *>(&codeDirectory[1]);
memcpy(id, fileName.begin(), fileName.size());
memset(id + fileName.size(), 0, fileNamePad);
} }
BitcodeBundleSection::BitcodeBundleSection() BitcodeBundleSection::BitcodeBundleSection()
: SyntheticSection(segment_names::llvm, section_names::bitcodeBundle) {} : SyntheticSection(segment_names::llvm, section_names::bitcodeBundle) {}
class ErrorCodeWrapper { class ErrorCodeWrapper {
public: public:
explicit ErrorCodeWrapper(std::error_code ec) : errorCode(ec.value()) {} explicit ErrorCodeWrapper(std::error_code ec) : errorCode(ec.value()) {}
▲ Show 20 LinesShow All 262 LinesShow Last 20 Lines

llvm/include/llvm/Object/MachO.h

Show First 20 LinesShow All 727 Lines▼ Show 20 Lines
inline DataRefImpl DiceRef::getRawDataRefImpl() const { inline DataRefImpl DiceRef::getRawDataRefImpl() const {
return DicePimpl; return DicePimpl;
} }
inline const ObjectFile *DiceRef::getObjectFile() const { inline const ObjectFile *DiceRef::getObjectFile() const {
return OwningObject; return OwningObject;
} }
class CodeSignatureSection {
public:
uint32_t getRawSize() const;
uint32_t getSize() const;
static constexpr int Align = 16;
static constexpr uint8_t BlockSizeShift = 12;
static constexpr size_t BlockSize = (1 << BlockSizeShift); // 4 KiB
static constexpr size_t HashSize = 256 / 8;
static constexpr size_t BlobHeadersSize =
alignTo<8>(sizeof(MachO::CS_SuperBlob) + sizeof(MachO::CS_BlobIndex));
static constexpr uint32_t FixedHeadersSize =
BlobHeadersSize + sizeof(MachO::CS_CodeDirectory);
CodeSignatureSection(uint64_t FileOff, StringRef OutputFilePath,
oontvooUnsubmitted
Done
ReplyInline Actions

Please consider re-arranging the members. I think the convention is to leave private fields at the end of the class, after private methods. (Also explicit modifier is preferred).

More generally, the order of members are <PUBLIC>, <PROTECTED>, <PRIVATE>, then within each, methods go before fields.

oontvoo: Please consider re-arranging the members. I think the convention is to leave private fields at…
MachO::HeaderFileType OutputFileType,
uint64_t TextSegmentFileOff,
uint64_t TextSegmentFileSize);
void write(uint8_t *Buf) const;
private:
uint32_t getAllHeadersSize() const;
uint32_t getBlockCount() const;
uint32_t getFileNamePad() const;
StringRef stripOutputFilePath(const StringRef OutputFilePath);
// FileOff is the offset relative to the start of the file
// used to access the start of code signature section
// in __LINKEDIT segment
uint64_t FileOff;
StringRef OutputFileName;
MachO::HeaderFileType OutputFileType;
uint64_t TextSegmentFileOff;
uint64_t TextSegmentFileSize;
};
} // end namespace object } // end namespace object
} // end namespace llvm } // end namespace llvm
#endif // LLVM_OBJECT_MACHO_H #endif // LLVM_OBJECT_MACHO_H

llvm/lib/Object/CMakeLists.txt

add_llvm_component_library(LLVMObject add_llvm_component_library(LLVMObject
Archive.cpp Archive.cpp
ArchiveWriter.cpp ArchiveWriter.cpp
Binary.cpp Binary.cpp
CodeSignatureSection.cpp
COFFImportFile.cpp COFFImportFile.cpp
COFFModuleDefinition.cpp COFFModuleDefinition.cpp
COFFObjectFile.cpp COFFObjectFile.cpp
Decompressor.cpp Decompressor.cpp
ELF.cpp ELF.cpp
ELFObjectFile.cpp ELFObjectFile.cpp
Error.cpp Error.cpp
FaultMapParser.cpp FaultMapParser.cpp
Show All 36 Lines

llvm/lib/Object/CodeSignatureSection.cpp

  • This file was added.
//===- CodeSignatureSection.cpp - CodeSignatureSection class definition ---===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file defines the CodeSignatureSection class
//
//===----------------------------------------------------------------------===//
#include "llvm/BinaryFormat/MachO.h"
#include "llvm/Object/MachO.h"
#include "llvm/Support/Endian.h"
#include "llvm/Support/SHA256.h"
#include <cassert>
#if defined(__APPLE__)
#include <sys/mman.h>
#endif
using namespace llvm;
using namespace object;
using namespace support::endian;
static_assert((CodeSignatureSection::BlobHeadersSize % 8) == 0, "");
static_assert((CodeSignatureSection::FixedHeadersSize % 8) == 0, "");
oontvooUnsubmitted
Done
ReplyInline Actions

not needed - unless you're going to add some text here?

oontvoo: not needed - unless you're going to add some text here?
oontvooUnsubmitted
Done
ReplyInline Actions

Oops, sorry about this suggestion - I forgot LLVM is still on C++14.

oontvoo: Oops, sorry about this suggestion - I forgot LLVM is still on C++14.
CodeSignatureSection::CodeSignatureSection(uint64_t FileOff,
StringRef OutputFilePath,
MachO::HeaderFileType OutputFileType,
uint64_t TextSegmentFileOff,
uint64_t TextSegmentFileSize)
: FileOff{FileOff}, OutputFileName{stripOutputFilePath(OutputFilePath)},
OutputFileType{OutputFileType}, TextSegmentFileOff{TextSegmentFileOff},
TextSegmentFileSize{TextSegmentFileSize} {}
StringRef
CodeSignatureSection::stripOutputFilePath(const StringRef OutputFilePath) {
const size_t LastSlashIndex = OutputFilePath.rfind("/");
if (LastSlashIndex == std::string::npos)
return OutputFilePath;
return OutputFilePath.drop_front(LastSlashIndex + 1);
}
uint32_t CodeSignatureSection::getAllHeadersSize() const {
return alignTo<Align>(FixedHeadersSize + OutputFileName.size() + 1);
}
uint32_t CodeSignatureSection::getBlockCount() const {
return (FileOff + BlockSize - 1) / BlockSize;
}
uint32_t CodeSignatureSection::getFileNamePad() const {
return getAllHeadersSize() - FixedHeadersSize - OutputFileName.size();
}
uint32_t CodeSignatureSection::getRawSize() const {
return getAllHeadersSize() + getBlockCount() * HashSize;
}
uint32_t CodeSignatureSection::getSize() const {
return alignTo<Align>(getRawSize());
}
void CodeSignatureSection::write(uint8_t *Buf) const {
const uint32_t AllHeadersSize = getAllHeadersSize();
const uint32_t BlockCount = getBlockCount();
const uint32_t FileNamePad = getFileNamePad();
const uint32_t Size = getSize();
uint8_t *Code = Buf;
uint8_t *CodeEnd = Buf + FileOff;
uint8_t *Hashes = CodeEnd + AllHeadersSize;
// Write code section header.
auto *SuperBlob = reinterpret_cast<MachO::CS_SuperBlob *>(CodeEnd);
write32be(&SuperBlob->magic, MachO::CSMAGIC_EMBEDDED_SIGNATURE);
write32be(&SuperBlob->length, Size);
write32be(&SuperBlob->count, 1);
auto *BlobIndex = reinterpret_cast<MachO::CS_BlobIndex *>(&SuperBlob[1]);
write32be(&BlobIndex->type, MachO::CSSLOT_CODEDIRECTORY);
write32be(&BlobIndex->offset, BlobHeadersSize);
auto *CodeDirectory =
reinterpret_cast<MachO::CS_CodeDirectory *>(CodeEnd + BlobHeadersSize);
write32be(&CodeDirectory->magic, MachO::CSMAGIC_CODEDIRECTORY);
write32be(&CodeDirectory->length, Size - BlobHeadersSize);
write32be(&CodeDirectory->version, MachO::CS_SUPPORTSEXECSEG);
write32be(&CodeDirectory->flags, MachO::CS_ADHOC | MachO::CS_LINKER_SIGNED);
write32be(&CodeDirectory->hashOffset, sizeof(MachO::CS_CodeDirectory) +
OutputFileName.size() +
FileNamePad);
write32be(&CodeDirectory->identOffset, sizeof(MachO::CS_CodeDirectory));
CodeDirectory->nSpecialSlots = 0;
write32be(&CodeDirectory->nCodeSlots, BlockCount);
write32be(&CodeDirectory->codeLimit, FileOff);
CodeDirectory->hashSize = static_cast<uint8_t>(HashSize);
CodeDirectory->hashType = MachO::kSecCodeSignatureHashSHA256;
CodeDirectory->platform = 0;
CodeDirectory->pageSize = BlockSizeShift;
CodeDirectory->spare2 = 0;
CodeDirectory->scatterOffset = 0;
CodeDirectory->teamOffset = 0;
CodeDirectory->spare3 = 0;
CodeDirectory->codeLimit64 = 0;
write64be(&CodeDirectory->execSegBase, TextSegmentFileOff);
write64be(&CodeDirectory->execSegLimit, TextSegmentFileSize);
write64be(&CodeDirectory->execSegFlags, OutputFileType == MachO::MH_EXECUTE
? MachO::CS_EXECSEG_MAIN_BINARY
: 0);
auto *Id = reinterpret_cast<char *>(&CodeDirectory[1]);
memcpy(Id, OutputFileName.begin(), OutputFileName.size());
memset(Id + OutputFileName.size(), 0, FileNamePad);
// Write code section signature.
while (Code < CodeEnd) {
StringRef Block(reinterpret_cast<char *>(Code),
std::min(CodeEnd - Code, static_cast<ssize_t>(BlockSize)));
SHA256 Hasher;
Hasher.update(Block);
StringRef Hash = Hasher.final();
assert(Hash.size() == HashSize);
memcpy(Hashes, Hash.data(), HashSize);
Code += BlockSize;
Hashes += HashSize;
}
#if defined(__APPLE__)
// This is macOS-specific work-around and makes no sense for any
// other host OS. See https://openradar.appspot.com/FB8914231
//
// The macOS kernel maintains a signature-verification cache to
// quickly validate applications at time of execve(2). The trouble
// is that for the kernel creates the cache entry at the time of the
// mmap(2) call, before we have a chance to write either the code to
// sign or the signature header+hashes. The fix is to invalidate
// all cached data associated with the output file, thus discarding
// the bogus prematurely-cached signature.
msync(Buf, FileOff + Size, MS_INVALIDATE);
#endif
}