This is an archive of the discontinued LLVM Phabricator instance.

Differential D110217

[ELF][AArch64] Refine and fix the condition when BTI/PAC PLT needs bti c
ClosedPublic

Authored by MaskRay on Sep 21 2021, 8:15 PM.

Details

Reviewers
peter.smith
Commits
rG19d53d45f270: [ELF][AArch64] Refine and fix the condition when BTI/PAC PLT needs bti c
Summary

(As I mentioned in https://reviews.llvm.org/D62609#1534158 ,
the condition for using bti c for executable can be loosened.)

In two cases the address of a PLT may escape:

  • canonical PLT entry for a STT_FUNC
  • non-preemptible STT_GNU_IFUNC which is converted to STT_FUNC

The first case can be detected with needsPltAddr.

The second case is not straightforward to detect because for the Relocations.cpp
created directSym, it's difficult to know whether the associated sym has
exercised the !needsPlt(expr) code path. Just use the conservative isInIplt
condition. A non-preemptible ifunc not referenced by non-GOT-generating
non-PLT-generating relocations will have an unneeded bti c, but the cost is acceptable.

The second case fixes a bug as well: a -shared link may have non-preemptible ifunc.
Before the patch we did not emit bti c and could be wrong if the PLT address escaped.
GNU ld doesn't handle the case: relocation R_AARCH64_ADR_PREL_PG_HI21 against STT_GNU_IFUNC symbol 'ifunc2' isn't handled by elf64_aarch64_final_link_relocate (https://sourceware.org/bugzilla/show_bug.cgi?id=28370)

For -shared, if BTI is enabled but PAC is disabled, the PLT entry size increases
from 16 to 24 because we have to select the PLT scheme early, but the cost is
acceptable.

Diff Detail

Event Timeline

MaskRay created this revision.Sep 21 2021, 8:15 PM
Herald added subscribers: kristof.beyls, arichardson, emaste. · View Herald TranscriptSep 21 2021, 8:15 PM
MaskRay requested review of this revision.Sep 21 2021, 8:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptSep 21 2021, 8:15 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
MaskRay edited the summary of this revision. (Show Details)Sep 21 2021, 8:22 PM
Harbormaster completed remote builds in B125035: Diff 374101.Sep 21 2021, 8:30 PM
MaskRay edited the summary of this revision. (Show Details)Sep 21 2021, 9:18 PM
peter.smith added a comment.Sep 22 2021, 3:02 AM

Will check the test cases later tonight, but at first glance this looks good to me.

peter.smith accepted this revision.Sep 22 2021, 11:11 AM

LGTM thanks for implementing the optimisation.

This revision is now accepted and ready to land.Sep 22 2021, 11:11 AM
Closed by commit rG19d53d45f270: [ELF][AArch64] Refine and fix the condition when BTI/PAC PLT needs bti c (authored by MaskRay). · Explain WhySep 22 2021, 11:51 AM
This revision was automatically updated to reflect the committed changes.
MaskRay added a commit: rG19d53d45f270: [ELF][AArch64] Refine and fix the condition when BTI/PAC PLT needs bti c.
abrachet added a subscriber: abrachet.Jul 14 2022, 1:42 PM
abrachet added inline comments.
lld/test/ELF/aarch64-ifunc-bti.s
10

I've just noticed this while doing something unrelated to this patch, but I think that this should be %t.so? Looks like it'll just work with that change

Herald added a project: Restricted Project. · View Herald TranscriptJul 14 2022, 1:42 PM
Herald added a subscriber: StephenFan. · View Herald Transcript
MaskRay added inline comments.Jul 14 2022, 1:44 PM
lld/test/ELF/aarch64-ifunc-bti.s
10

Thanks for spotting this! I'll fix it.

MaskRay mentioned this in rG889c6f399676: [ELF][test] Fix a typo in aarch64-ifunc-bti.s to actually test what was intended.Jul 14 2022, 1:46 PM

Revision Contents

PathSize
lld/
ELF/
Arch/
21 lines
test/
ELF/
Inputs/
5 lines
47 lines
17 lines
62 lines

Diff 374313

lld/ELF/Arch/AArch64.cpp

Show First 20 LinesShow All 608 Lines▼ Show 20 Lines
class AArch64BtiPac final : public AArch64 { class AArch64BtiPac final : public AArch64 {
public: public:
AArch64BtiPac(); AArch64BtiPac();
void writePltHeader(uint8_t *buf) const override; void writePltHeader(uint8_t *buf) const override;
void writePlt(uint8_t *buf, const Symbol &sym, void writePlt(uint8_t *buf, const Symbol &sym,
uint64_t pltEntryAddr) const override; uint64_t pltEntryAddr) const override;
private: private:
bool btiHeader; // bti instruction needed in PLT Header bool btiHeader; // bti instruction needed in PLT Header and Entry
bool btiEntry; // bti instruction needed in PLT Entry
bool pacEntry; // autia1716 instruction needed in PLT Entry bool pacEntry; // autia1716 instruction needed in PLT Entry
}; };
} // namespace } // namespace
AArch64BtiPac::AArch64BtiPac() { AArch64BtiPac::AArch64BtiPac() {
btiHeader = (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI); btiHeader = (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI);
// A BTI (Branch Target Indicator) Plt Entry is only required if the // A BTI (Branch Target Indicator) Plt Entry is only required if the
// address of the PLT entry can be taken by the program, which permits an // address of the PLT entry can be taken by the program, which permits an
// indirect jump to the PLT entry. This can happen when the address // indirect jump to the PLT entry. This can happen when the address
// of the PLT entry for a function is canonicalised due to the address of // of the PLT entry for a function is canonicalised due to the address of
// the function in an executable being taken by a shared library. // the function in an executable being taken by a shared library, or
// FIXME: There is a potential optimization to omit the BTI if we detect // non-preemptible ifunc referenced by non-GOT-generating, non-PLT-generating
// that the address of the PLT entry isn't taken. // relocations.
// The PAC PLT entries require dynamic loader support and this isn't known // The PAC PLT entries require dynamic loader support and this isn't known
// from properties in the objects, so we use the command line flag. // from properties in the objects, so we use the command line flag.
btiEntry = btiHeader && !config->shared;
pacEntry = config->zPacPlt; pacEntry = config->zPacPlt;
if (btiEntry || pacEntry) { if (btiHeader || pacEntry) {
pltEntrySize = 24; pltEntrySize = 24;
ipltEntrySize = 24; ipltEntrySize = 24;
} }
} }
void AArch64BtiPac::writePltHeader(uint8_t *buf) const { void AArch64BtiPac::writePltHeader(uint8_t *buf) const {
const uint8_t btiData[] = { 0x5f, 0x24, 0x03, 0xd5 }; // bti c const uint8_t btiData[] = { 0x5f, 0x24, 0x03, 0xd5 }; // bti c
const uint8_t pltData[] = { const uint8_t pltData[] = {
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Lines const uint8_t pacBr[] = {
0x20, 0x02, 0x1f, 0xd6 // br x17 0x20, 0x02, 0x1f, 0xd6 // br x17
}; };
const uint8_t stdBr[] = { const uint8_t stdBr[] = {
0x20, 0x02, 0x1f, 0xd6, // br x17 0x20, 0x02, 0x1f, 0xd6, // br x17
0x1f, 0x20, 0x03, 0xd5 // nop 0x1f, 0x20, 0x03, 0xd5 // nop
}; };
const uint8_t nopData[] = { 0x1f, 0x20, 0x03, 0xd5 }; // nop const uint8_t nopData[] = { 0x1f, 0x20, 0x03, 0xd5 }; // nop
if (btiEntry) { // needsPltAddr indicates a non-ifunc canonical PLT entry whose address may
// escape to shared objects. isInIplt indicates a non-preemptible ifunc. Its
// address may escape if referenced by a direct relocation. The condition is
// conservative.
bool hasBti = btiHeader && (sym.needsPltAddr || sym.isInIplt);
if (hasBti) {
memcpy(buf, btiData, sizeof(btiData)); memcpy(buf, btiData, sizeof(btiData));
buf += sizeof(btiData); buf += sizeof(btiData);
pltEntryAddr += sizeof(btiData); pltEntryAddr += sizeof(btiData);
} }
uint64_t gotPltEntryAddr = sym.getGotPltVA(); uint64_t gotPltEntryAddr = sym.getGotPltVA();
memcpy(buf, addrInst, sizeof(addrInst)); memcpy(buf, addrInst, sizeof(addrInst));
relocateNoSym(buf, R_AARCH64_ADR_PREL_PG_HI21, relocateNoSym(buf, R_AARCH64_ADR_PREL_PG_HI21,
getAArch64Page(gotPltEntryAddr) - getAArch64Page(pltEntryAddr)); getAArch64Page(gotPltEntryAddr) - getAArch64Page(pltEntryAddr));
relocateNoSym(buf + 4, R_AARCH64_LDST64_ABS_LO12_NC, gotPltEntryAddr); relocateNoSym(buf + 4, R_AARCH64_LDST64_ABS_LO12_NC, gotPltEntryAddr);
relocateNoSym(buf + 8, R_AARCH64_ADD_ABS_LO12_NC, gotPltEntryAddr); relocateNoSym(buf + 8, R_AARCH64_ADD_ABS_LO12_NC, gotPltEntryAddr);
if (pacEntry) if (pacEntry)
memcpy(buf + sizeof(addrInst), pacBr, sizeof(pacBr)); memcpy(buf + sizeof(addrInst), pacBr, sizeof(pacBr));
else else
memcpy(buf + sizeof(addrInst), stdBr, sizeof(stdBr)); memcpy(buf + sizeof(addrInst), stdBr, sizeof(stdBr));
if (!btiEntry) if (!hasBti)
// We didn't add the BTI c instruction so round out size with NOP. // We didn't add the BTI c instruction so round out size with NOP.
memcpy(buf + sizeof(addrInst) + sizeof(stdBr), nopData, sizeof(nopData)); memcpy(buf + sizeof(addrInst) + sizeof(stdBr), nopData, sizeof(nopData));
} }
static TargetInfo *getTargetInfo() { static TargetInfo *getTargetInfo() {
if (config->andFeatures & (GNU_PROPERTY_AARCH64_FEATURE_1_BTI | if (config->andFeatures & (GNU_PROPERTY_AARCH64_FEATURE_1_BTI |
GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) { GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) {
static AArch64BtiPac t; static AArch64BtiPac t;
return &t; return &t;
} }
static AArch64 t; static AArch64 t;
return &t; return &t;
} }
TargetInfo *elf::getAArch64TargetInfo() { return getTargetInfo(); } TargetInfo *elf::getAArch64TargetInfo() { return getTargetInfo(); }

lld/test/ELF/Inputs/aarch64-addrifunc.s

.text .text
.globl myfunc
.globl func1 .globl func1
.type func1, %function .type func1, %function
func1: func1:
adrp x8, :got: myfunc adrp x8, :got: ifunc2
ldr x8, [x8, :got_lo12: myfunc] ldr x8, [x8, :got_lo12: ifunc2]
ret ret

lld/test/ELF/aarch64-feature-bti.s

# REQUIRES: aarch64 # REQUIRES: aarch64
# RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %s -o %t.o # RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %s -o %t.o
# RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu --defsym CANONICAL_PLT=1 %s -o %tcanon.o
# RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %p/Inputs/aarch64-bti1.s -o %t1.o # RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %p/Inputs/aarch64-bti1.s -o %t1.o
# RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %p/Inputs/aarch64-func3.s -o %t2.o # RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %p/Inputs/aarch64-func3.s -o %t2.o
# RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %p/Inputs/aarch64-func3-bti.s -o %t3.o # RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %p/Inputs/aarch64-func3-bti.s -o %t3.o
# RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %p/Inputs/aarch64-func2.s -o %tno.o # RUN: llvm-mc -filetype=obj -triple=aarch64-linux-gnu %p/Inputs/aarch64-func2.s -o %tno.o
## We do not add BTI support when the inputs don't have the .note.gnu.property ## We do not add BTI support when the inputs don't have the .note.gnu.property
## field. ## field.
▲ Show 20 LinesShow All 49 Lines▼ Show 20 Lines
# BTISO-NEXT: ret # BTISO-NEXT: ret
# BTISO: 0000000000010350 <func3>: # BTISO: 0000000000010350 <func3>:
# BTISO-NEXT: 10350: ret # BTISO-NEXT: 10350: ret
# BTISO: Disassembly of section .plt: # BTISO: Disassembly of section .plt:
# BTISO: 0000000000010360 <.plt>: # BTISO: 0000000000010360 <.plt>:
# BTISO-NEXT: 10360: bti c # BTISO-NEXT: 10360: bti c
# BTISO-NEXT: stp x16, x30, [sp, #-16]! # BTISO-NEXT: stp x16, x30, [sp, #-16]!
# BTISO-NEXT: adrp x16, 0x30000 # BTISO-NEXT: adrp x16, 0x30000
# BTISO-NEXT: ldr x17, [x16, #1136] # BTISO-NEXT: ldr x17, [x16, #1144]
# BTISO-NEXT: add x16, x16, #1136 # BTISO-NEXT: add x16, x16, #1144
# BTISO-NEXT: br x17 # BTISO-NEXT: br x17
# BTISO-NEXT: nop # BTISO-NEXT: nop
# BTISO-NEXT: nop # BTISO-NEXT: nop
# BTISO: 0000000000010380 <func3@plt>: # BTISO: 0000000000010380 <func3@plt>:
# BTISO-NEXT: 10380: adrp x16, 0x30000 # BTISO-NEXT: 10380: adrp x16, 0x30000
# BTISO-NEXT: ldr x17, [x16, #1144] # BTISO-NEXT: ldr x17, [x16, #1152]
# BTISO-NEXT: add x16, x16, #1144 # BTISO-NEXT: add x16, x16, #1152
# BTISO-NEXT: br x17 # BTISO-NEXT: br x17
# SOGOTPLT2: Hex dump of section '.got.plt' # SOGOTPLT2: Hex dump of section '.got.plt'
# SOGOTPLT2-NEXT: 0x00030460 00000000 00000000 00000000 00000000 # SOGOTPLT2-NEXT: 0x00030468 00000000 00000000 00000000 00000000
# SOGOTPLT2-NEXT: 0x00030470 00000000 00000000 60030100 00000000 # SOGOTPLT2-NEXT: 0x00030478 00000000 00000000 60030100 00000000
## Build an executable with all relocatable inputs having the BTI ## Build an executable with all relocatable inputs having the BTI
## .note.gnu.property. We expect a bti c in front of all PLT entries as the ## .note.gnu.property.
## address of a PLT entry can escape an executable.
# RUN: ld.lld %t2.o --shared --soname=t2.so -o %t2.so # RUN: ld.lld %t2.o --shared --soname=t2.so -o %t2.so
# RUN: ld.lld %t.o %t.so %t2.so -o %t.exe # RUN: ld.lld %t.o %t.so %t2.so -o %t.exe
# RUN: llvm-readelf --dynamic-table -n %t.exe | FileCheck --check-prefix=BTIPROP %s # RUN: llvm-readelf --dynamic-table -n %t.exe | FileCheck --check-prefix=BTIPROP %s
# RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %t.exe | FileCheck --check-prefix=EXECBTI %s # RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %t.exe | FileCheck --check-prefix=EXECBTI %s
# EXECBTI: Disassembly of section .text: # EXECBTI: Disassembly of section .text:
# EXECBTI: 0000000000210348 <func1>: # EXECBTI: 0000000000210348 <func1>:
# EXECBTI-NEXT: 210348: bl 0x210370 <func2@plt> # EXECBTI-NEXT: 210348: bl 0x210370 <func2@plt>
# EXECBTI-NEXT: ret # EXECBTI-NEXT: ret
# EXECBTI: Disassembly of section .plt: # EXECBTI: Disassembly of section .plt:
# EXECBTI: 0000000000210350 <.plt>: # EXECBTI: 0000000000210350 <.plt>:
# EXECBTI-NEXT: 210350: bti c # EXECBTI-NEXT: 210350: bti c
# EXECBTI-NEXT: stp x16, x30, [sp, #-16]! # EXECBTI-NEXT: stp x16, x30, [sp, #-16]!
# EXECBTI-NEXT: adrp x16, 0x230000 # EXECBTI-NEXT: adrp x16, 0x230000
# EXECBTI-NEXT: ldr x17, [x16, #1160] # EXECBTI-NEXT: ldr x17, [x16, #1160]
# EXECBTI-NEXT: add x16, x16, #1160 # EXECBTI-NEXT: add x16, x16, #1160
# EXECBTI-NEXT: br x17 # EXECBTI-NEXT: br x17
# EXECBTI-NEXT: nop # EXECBTI-NEXT: nop
# EXECBTI-NEXT: nop # EXECBTI-NEXT: nop
# EXECBTI: 0000000000210370 <func2@plt>: # EXECBTI: 0000000000210370 <func2@plt>:
# EXECBTI-NEXT: 210370: bti c # EXECBTI-NEXT: 210370: adrp x16, 0x230000
# EXECBTI-NEXT: adrp x16, 0x230000
# EXECBTI-NEXT: ldr x17, [x16, #1168] # EXECBTI-NEXT: ldr x17, [x16, #1168]
# EXECBTI-NEXT: add x16, x16, #1168 # EXECBTI-NEXT: add x16, x16, #1168
# EXECBTI-NEXT: br x17 # EXECBTI-NEXT: br x17
# EXECBTI-NEXT: nop # EXECBTI-NEXT: nop
# EXECBTI-NEXT: nop
## We expect a bti c in front of a canonical PLT entry because its address
## can escape the executable.
# RUN: ld.lld %tcanon.o %t.so %t2.so -o %t2.exe
# RUN: llvm-readelf --dynamic-table -n %t2.exe | FileCheck --check-prefix=BTIPROP %s
# RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %t2.exe | FileCheck --check-prefix=EXECBTI2 %s
# EXECBTI2: 0000000000210380 <func2@plt>:
# EXECBTI2-NEXT: 210380: bti c
# EXECBTI2-NEXT: adrp x16, 0x230000
# EXECBTI2-NEXT: ldr x17, [x16, #1184]
# EXECBTI2-NEXT: add x16, x16, #1184
# EXECBTI2-NEXT: br x17
# EXECBTI2-NEXT: nop
## We expect the same for PIE, as the address of an ifunc can escape ## We expect the same for PIE, as the address of an ifunc can escape
# RUN: ld.lld --pie %t.o %t.so %t2.so -o %tpie.exe # RUN: ld.lld --pie %t.o %t.so %t2.so -o %tpie.exe
# RUN: llvm-readelf -n %tpie.exe | FileCheck --check-prefix=BTIPROP %s # RUN: llvm-readelf -n %tpie.exe | FileCheck --check-prefix=BTIPROP %s
# RUN: llvm-readelf --dynamic-table -n %tpie.exe | FileCheck --check-prefix=BTIPROP %s # RUN: llvm-readelf --dynamic-table -n %tpie.exe | FileCheck --check-prefix=BTIPROP %s
# RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %tpie.exe | FileCheck --check-prefix=PIE %s # RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %tpie.exe | FileCheck --check-prefix=PIE %s
# PIE: Disassembly of section .text: # PIE: Disassembly of section .text:
# PIE: 0000000000010348 <func1>: # PIE: 0000000000010348 <func1>:
# PIE-NEXT: 10348: bl 0x10370 <func2@plt> # PIE-NEXT: 10348: bl 0x10370 <func2@plt>
# PIE-NEXT: ret # PIE-NEXT: ret
# PIE: Disassembly of section .plt: # PIE: Disassembly of section .plt:
# PIE: 0000000000010350 <.plt>: # PIE: 0000000000010350 <.plt>:
# PIE-NEXT: 10350: bti c # PIE-NEXT: 10350: bti c
# PIE-NEXT: stp x16, x30, [sp, #-16]! # PIE-NEXT: stp x16, x30, [sp, #-16]!
# PIE-NEXT: adrp x16, 0x30000 # PIE-NEXT: adrp x16, 0x30000
# PIE-NEXT: ldr x17, [x16, #1176] # PIE-NEXT: ldr x17, [x16, #1176]
# PIE-NEXT: add x16, x16, #1176 # PIE-NEXT: add x16, x16, #1176
# PIE-NEXT: br x17 # PIE-NEXT: br x17
# PIE-NEXT: nop # PIE-NEXT: nop
# PIE-NEXT: nop # PIE-NEXT: nop
# PIE: 0000000000010370 <func2@plt>: # PIE: 0000000000010370 <func2@plt>:
# PIE-NEXT: 10370: bti c # PIE-NEXT: 10370: adrp x16, 0x30000
# PIE-NEXT: adrp x16, 0x30000
# PIE-NEXT: ldr x17, [x16, #1184] # PIE-NEXT: ldr x17, [x16, #1184]
# PIE-NEXT: add x16, x16, #1184 # PIE-NEXT: add x16, x16, #1184
# PIE-NEXT: br x17 # PIE-NEXT: br x17
# PIE-NEXT: nop # PIE-NEXT: nop
# PIE-NEXT: nop
## Build and executable with not all relocatable inputs having the BTI ## Build and executable with not all relocatable inputs having the BTI
## .note.property, expect no bti c and no .note.gnu.property entry ## .note.property, expect no bti c and no .note.gnu.property entry
# RUN: ld.lld %t.o %t2.o %t.so -o %tnobti.exe # RUN: ld.lld %t.o %t2.o %t.so -o %tnobti.exe
# RUN: llvm-readelf --dynamic-table %tnobti.exe | FileCheck --check-prefix NOBTIDYN %s # RUN: llvm-readelf --dynamic-table %tnobti.exe | FileCheck --check-prefix NOBTIDYN %s
# RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %tnobti.exe | FileCheck --check-prefix=NOEX %s # RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %tnobti.exe | FileCheck --check-prefix=NOEX %s
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Lines
# FORCE-NEXT: stp x16, x30, [sp, #-16]! # FORCE-NEXT: stp x16, x30, [sp, #-16]!
# FORCE-NEXT: adrp x16, 0x230000 # FORCE-NEXT: adrp x16, 0x230000
# FORCE-NEXT: ldr x17, [x16, #1192] # FORCE-NEXT: ldr x17, [x16, #1192]
# FORCE-NEXT: add x16, x16, #1192 # FORCE-NEXT: add x16, x16, #1192
# FORCE-NEXT: br x17 # FORCE-NEXT: br x17
# FORCE-NEXT: nop # FORCE-NEXT: nop
# FORCE-NEXT: nop # FORCE-NEXT: nop
# FORCE: 00000000002103a0 <func2@plt>: # FORCE: 00000000002103a0 <func2@plt>:
# FORCE-NEXT: 2103a0: bti c # FORCE-NEXT: 2103a0: adrp x16, 0x230000
# FORCE-NEXT: adrp x16, 0x230000
# FORCE-NEXT: ldr x17, [x16, #1200] # FORCE-NEXT: ldr x17, [x16, #1200]
# FORCE-NEXT: add x16, x16, #1200 # FORCE-NEXT: add x16, x16, #1200
# FORCE-NEXT: br x17 # FORCE-NEXT: br x17
# FORCE-NEXT: nop # FORCE-NEXT: nop
# FORCE-NEXT: nop
.section ".note.gnu.property", "a" .section ".note.gnu.property", "a"
.long 4 .long 4
.long 0x10 .long 0x10
.long 0x5 .long 0x5
.asciz "GNU" .asciz "GNU"
.long 0xc0000000 // GNU_PROPERTY_AARCH64_FEATURE_1_AND .long 0xc0000000 // GNU_PROPERTY_AARCH64_FEATURE_1_AND
.long 4 .long 4
.long 1 // GNU_PROPERTY_AARCH64_FEATURE_1_BTI .long 1 // GNU_PROPERTY_AARCH64_FEATURE_1_BTI
.long 0 .long 0
.text .text
.globl _start .globl _start
.type func1,%function .type func1,%function
func1: func1:
.ifdef CANONICAL_PLT
adrp x0, func2
add x0, x0, :lo12:func2
.else
bl func2 bl func2
.endif
ret ret

lld/test/ELF/aarch64-feature-btipac.s

Show All 19 Lines
# BTIPACSO-NEXT: ret # BTIPACSO-NEXT: ret
# BTIPACSO: 0000000000010350 <func3>: # BTIPACSO: 0000000000010350 <func3>:
# BTIPACSO-NEXT: 10350: ret # BTIPACSO-NEXT: 10350: ret
# BTIPACSO: Disassembly of section .plt: # BTIPACSO: Disassembly of section .plt:
# BTIPACSO: 0000000000010360 <.plt>: # BTIPACSO: 0000000000010360 <.plt>:
# BTIPACSO-NEXT: 10360: bti c # BTIPACSO-NEXT: 10360: bti c
# BTIPACSO-NEXT: stp x16, x30, [sp, #-16]! # BTIPACSO-NEXT: stp x16, x30, [sp, #-16]!
# BTIPACSO-NEXT: adrp x16, 0x30000 # BTIPACSO-NEXT: adrp x16, 0x30000
# BTIPACSO-NEXT: ldr x17, [x16, #1136] # BTIPACSO-NEXT: ldr x17, [x16, #1144]
# BTIPACSO-NEXT: add x16, x16, #1136 # BTIPACSO-NEXT: add x16, x16, #1144
# BTIPACSO-NEXT: br x17 # BTIPACSO-NEXT: br x17
# BTIPACSO-NEXT: nop # BTIPACSO-NEXT: nop
# BTIPACSO-NEXT: nop # BTIPACSO-NEXT: nop
# BTIPACSO: 0000000000010380 <func3@plt>: # BTIPACSO: 0000000000010380 <func3@plt>:
# BTIPACSO-NEXT: 10380: adrp x16, 0x30000 # BTIPACSO-NEXT: 10380: adrp x16, 0x30000
# BTIPACSO-NEXT: ldr x17, [x16, #1144] # BTIPACSO-NEXT: ldr x17, [x16, #1152]
# BTIPACSO-NEXT: add x16, x16, #1144 # BTIPACSO-NEXT: add x16, x16, #1152
# BTIPACSO-NEXT: br x17 # BTIPACSO-NEXT: br x17
# BTIPACPROP: Properties: aarch64 feature: BTI, PAC # BTIPACPROP: Properties: aarch64 feature: BTI, PAC
# BTIPACDYN: 0x0000000070000001 (AARCH64_BTI_PLT) # BTIPACDYN: 0x0000000070000001 (AARCH64_BTI_PLT)
# BTIPACDYN-NOT: 0x0000000070000003 (AARCH64_PAC_PLT) # BTIPACDYN-NOT: 0x0000000070000003 (AARCH64_PAC_PLT)
## Make an executable with both BTI and PAC properties. Expect: ## Make an executable with both BTI and PAC properties. Expect:
Show All 18 Lines
# BTIPACEX-NEXT: stp x16, x30, [sp, #-16]! # BTIPACEX-NEXT: stp x16, x30, [sp, #-16]!
# BTIPACEX-NEXT: adrp x16, 0x230000 # BTIPACEX-NEXT: adrp x16, 0x230000
# BTIPACEX-NEXT: ldr x17, [x16, #1192] # BTIPACEX-NEXT: ldr x17, [x16, #1192]
# BTIPACEX-NEXT: add x16, x16, #1192 # BTIPACEX-NEXT: add x16, x16, #1192
# BTIPACEX-NEXT: br x17 # BTIPACEX-NEXT: br x17
# BTIPACEX-NEXT: nop # BTIPACEX-NEXT: nop
# BTIPACEX-NEXT: nop # BTIPACEX-NEXT: nop
# BTIPACEX: 00000000002103a0 <func2@plt>: # BTIPACEX: 00000000002103a0 <func2@plt>:
# BTIPACEX-NEXT: 2103a0: bti c # BTIPACEX-NEXT: 2103a0: adrp x16, 0x230000
# BTIPACEX-NEXT: adrp x16, 0x230000
# BTIPACEX-NEXT: ldr x17, [x16, #1200] # BTIPACEX-NEXT: ldr x17, [x16, #1200]
# BTIPACEX-NEXT: add x16, x16, #1200 # BTIPACEX-NEXT: add x16, x16, #1200
# BTIPACEX-NEXT: br x17 # BTIPACEX-NEXT: br x17
# BTIPACEX-NEXT: nop
# BTIPACEX-NEXT: nop
# BTIPACDYNEX: 0x0000000070000001 (AARCH64_BTI_PLT) # BTIPACDYNEX: 0x0000000070000001 (AARCH64_BTI_PLT)
# BTIPACDYNEX-NOT: 0x0000000070000003 (AARCH64_PAC_PLT) # BTIPACDYNEX-NOT: 0x0000000070000003 (AARCH64_PAC_PLT)
## Check that combinations of BTI+PAC with 0 properties results in standard PLT ## Check that combinations of BTI+PAC with 0 properties results in standard PLT
# RUN: ld.lld %t.o %t3.o %t.so -o %t.exe # RUN: ld.lld %t.o %t3.o %t.so -o %t.exe
# RUN: llvm-objdump -d --mattr=+v8.5a --no-show-raw-insn %t.exe | FileCheck --check-prefix EX %s # RUN: llvm-objdump -d --mattr=+v8.5a --no-show-raw-insn %t.exe | FileCheck --check-prefix EX %s
▲ Show 20 LinesShow All 73 Lines▼ Show 20 Lines
# BTIPACEX2-NEXT: stp x16, x30, [sp, #-16]! # BTIPACEX2-NEXT: stp x16, x30, [sp, #-16]!
# BTIPACEX2-NEXT: adrp x16, 0x230000 # BTIPACEX2-NEXT: adrp x16, 0x230000
# BTIPACEX2-NEXT: ldr x17, [x16, #1208] # BTIPACEX2-NEXT: ldr x17, [x16, #1208]
# BTIPACEX2-NEXT: add x16, x16, #1208 # BTIPACEX2-NEXT: add x16, x16, #1208
# BTIPACEX2-NEXT: br x17 # BTIPACEX2-NEXT: br x17
# BTIPACEX2-NEXT: nop # BTIPACEX2-NEXT: nop
# BTIPACEX2-NEXT: nop # BTIPACEX2-NEXT: nop
# BTIPACEX2: 00000000002103a0 <func2@plt>: # BTIPACEX2: 00000000002103a0 <func2@plt>:
# BTIPACEX2-NEXT: 2103a0: bti c # BTIPACEX2-NEXT: 2103a0: adrp x16, 0x230000
# BTIPACEX2-NEXT: adrp x16, 0x230000
# BTIPACEX2-NEXT: ldr x17, [x16, #1216] # BTIPACEX2-NEXT: ldr x17, [x16, #1216]
# BTIPACEX2-NEXT: add x16, x16, #1216 # BTIPACEX2-NEXT: add x16, x16, #1216
# BTIPACEX2-NEXT: autia1716 # BTIPACEX2-NEXT: autia1716
# BTIPACEX2-NEXT: br x17 # BTIPACEX2-NEXT: br x17
# BTIPACEX2-NEXT: nop
# BTIPACDYN2: 0x0000000070000001 (AARCH64_BTI_PLT) # BTIPACDYN2: 0x0000000070000001 (AARCH64_BTI_PLT)
# BTIPACDYN2-NEXT: 0x0000000070000003 (AARCH64_PAC_PLT) # BTIPACDYN2-NEXT: 0x0000000070000003 (AARCH64_PAC_PLT)

lld/test/ELF/aarch64-ifunc-bti.s

# REQUIRES: aarch64 # REQUIRES: aarch64
# RUN: llvm-mc -filetype=obj -triple=aarch64-none-linux-gnu %s -o %t.o # RUN: llvm-mc -filetype=obj -triple=aarch64-none-linux-gnu %s -o %t.o
# RUN: llvm-mc -filetype=obj -triple=aarch64-none-linux-gnu %p/Inputs/aarch64-addrifunc.s -o %t1.o # RUN: llvm-mc -filetype=obj -triple=aarch64-none-linux-gnu %p/Inputs/aarch64-addrifunc.s -o %t1.o
# RUN: ld.lld --shared --soname=t1.so %t1.o -o %t1.so # RUN: ld.lld --shared --soname=t1.so %t1.o -o %t1.so
# RUN: ld.lld --pie %t1.so %t.o -o %t # RUN: ld.lld --pie %t1.so %t.o -o %t
# RUN: llvm-objdump -d --no-show-raw-insn --mattr=+bti --triple=aarch64-linux-gnu %t | FileCheck %s # RUN: llvm-objdump -d --no-show-raw-insn --mattr=+bti --triple=aarch64-linux-gnu %t | FileCheck %s
# RUN: ld.lld -shared -Bsymbolic %t1.so %t.o -o %t.so
# RUN: llvm-objdump -d --no-show-raw-insn --mattr=+bti %t | FileCheck %s --check-prefix=SHARED
abrachetUnsubmitted
Not Done
ReplyInline Actions
# RUN: ld.lld -shared -Bsymbolic %t1.so %t.o -o %t.so
- # RUN: llvm-objdump -d --no-show-raw-insn --mattr=+bti %t | FileCheck %s --check-prefix=SHARED
+ # RUN: llvm-objdump -d --no-show-raw-insn --mattr=+bti %t.so | FileCheck %s --check-prefix=SHARED
# When the address of an ifunc is taken using a non-got reference which clang

I've just noticed this while doing something unrelated to this patch, but I think that this should be %t.so? Looks like it'll just work with that change

abrachet: I've just noticed this while doing something unrelated to this patch, but I think that this…
MaskRayAuthorUnsubmitted
Done
ReplyInline Actions

Thanks for spotting this! I'll fix it.

MaskRay: Thanks for spotting this! I'll fix it.
# When the address of an ifunc is taken using a non-got reference which clang # When the address of an ifunc is taken using a non-got reference which clang
# can do, LLD exports a canonical PLT entry that may have its address taken so # can do, LLD exports a canonical PLT entry that may have its address taken so
# we must use bti c. # we must use bti c.
# CHECK: Disassembly of section .plt: # CHECK: Disassembly of section .plt:
# CHECK: 0000000000010380 <.plt>: # CHECK: 00000000000103a0 <.plt>:
# CHECK-NEXT: 10380: bti c # CHECK-NEXT: 103a0: bti c
# CHECK-NEXT: stp x16, x30, [sp, #-16]! # CHECK-NEXT: stp x16, x30, [sp, #-16]!
# CHECK-NEXT: adrp x16, 0x30000 # CHECK-NEXT: adrp x16, 0x30000
# CHECK-NEXT: ldr x17, [x16, #1288] # CHECK-NEXT: ldr x17, [x16, #1344]
# CHECK-NEXT: add x16, x16, #1288 # CHECK-NEXT: add x16, x16, #1344
# CHECK-NEXT: br x17 # CHECK-NEXT: br x17
# CHECK-NEXT: nop # CHECK-NEXT: nop
# CHECK-NEXT: nop # CHECK-NEXT: nop
# CHECK: 00000000000103a0 <func1@plt>: # CHECK: 00000000000103c0 <func1@plt>:
# CHECK-NEXT: 103a0: bti c # CHECK-NEXT: 103c0: adrp x16, 0x30000
# CHECK-NEXT: adrp x16, 0x30000 # CHECK-NEXT: ldr x17, [x16, #1352]
# CHECK-NEXT: ldr x17, [x16, #1296] # CHECK-NEXT: add x16, x16, #1352
# CHECK-NEXT: add x16, x16, #1296
# CHECK-NEXT: br x17 # CHECK-NEXT: br x17
# CHECK-NEXT: nop # CHECK-NEXT: nop
# CHECK-NEXT: nop
# CHECK-EMPTY: # CHECK-EMPTY:
# CHECK: Disassembly of section .iplt: # CHECK: Disassembly of section .iplt:
# CHECK-EMPTY: # CHECK-EMPTY:
# CHECK-NEXT: 00000000000103c0 <myfunc>: ## The address of ifunc1@plt does not escape so it does not need `bti c`,
# CHECK-NEXT: 103c0: bti c ## but having bti is not wrong.
# CHECK-NEXT: 00000000000103e0 <.iplt>:
# CHECK-NEXT: 103e0: bti c
# CHECK-NEXT: adrp x16, 0x30000 # CHECK-NEXT: adrp x16, 0x30000
# CHECK-NEXT: ldr x17, [x16, #1304] # CHECK-NEXT: ldr x17, [x16, #1360]
# CHECK-NEXT: add x16, x16, #1304 # CHECK-NEXT: add x16, x16, #1360
# CHECK-NEXT: br x17 # CHECK-NEXT: br x17
# CHECK-NEXT: nop # CHECK-NEXT: nop
# CHECK-EMPTY:
## The address of ifunc2 (STT_FUNC) escapes, so it must have `bti c`.
# CHECK-NEXT: 00000000000103f8 <ifunc2>:
# CHECK-NEXT: 103f8: bti c
# CHECK-NEXT: adrp x16, 0x30000
# CHECK-NEXT: ldr x17, [x16, #1368]
# CHECK-NEXT: add x16, x16, #1368
# CHECK-NEXT: br x17
# CHECK-NEXT: nop
# SHARED: <.iplt>:
# SHARED-NEXT: bti c
# SHARED: <ifunc2>:
# SHARED-NEXT: bti c
.section ".note.gnu.property", "a" .section ".note.gnu.property", "a"
.long 4 .long 4
.long 0x10 .long 0x10
.long 0x5 .long 0x5
.asciz "GNU" .asciz "GNU"
.long 0xc0000000 // GNU_PROPERTY_AARCH64_FEATURE_1_AND .long 0xc0000000 // GNU_PROPERTY_AARCH64_FEATURE_1_AND
.long 4 .long 4
.long 1 // GNU_PROPERTY_AARCH64_FEATURE_1_BTI .long 1 // GNU_PROPERTY_AARCH64_FEATURE_1_BTI
.long 0 .long 0
.text .text
.globl myfunc .globl ifunc1
.type myfunc,@gnu_indirect_function .type ifunc1,@gnu_indirect_function
myfunc: ifunc1:
ret
.globl ifunc2
.type ifunc2,@gnu_indirect_function
ifunc2:
ret ret
.globl func1 .globl func1
.text .text
.globl _start .globl _start
.type _start, %function .type _start, %function
_start: _start:
bl func1 bl func1
adrp x8, myfunc bl ifunc1
add x8, x8, :lo12:myfunc adrp x8, ifunc2
add x8, x8, :lo12:ifunc2
ret ret