This is an archive of the discontinued LLVM Phabricator instance.

Differential D113901

[lld] Add cet-report and bti-report flags
ClosedPublic

Authored by danielkiss on Nov 15 2021, 7:53 AM.

Details

Reviewers
peter.smith
MaskRay
ruiu
hjl.tools
tamas.petz
chill
Commits
rG2b4e6052b3bf: [lld] Add cet-report and bti-report flags
Summary

Implement cet-report as supported in binutils.
bti-report has the same behaviour for AArch64-BTI.

Fixes https://github.com/llvm/llvm-project/issues/44828

Diff Detail

Event Timeline

danielkiss created this revision.Nov 15 2021, 7:53 AM
Herald added subscribers: kristof.beyls, arichardson, emaste. · View Herald TranscriptNov 15 2021, 7:53 AM
danielkiss requested review of this revision.Nov 15 2021, 7:53 AM
Harbormaster completed remote builds in B134263: Diff 387264.Nov 15 2021, 8:09 AM
peter.smith added a comment.Nov 16 2021, 4:36 AM

I'm in favour of adding the additional flag. It is useful when an effort has been made to get all input files marked, and we want to make sure that the program stays that way. I think that complements the existing force-bti flag which is useful when transitioning a program into compatibility.

One thought is that this could also be useful for ibt. Is there scope for -z fail-if-not=bti and -z fail-if-not=ibt which might make this more extensible for future property flags?

MaskRay added a comment.EditedNov 16 2021, 9:49 AM

-z force-bti with -Werror has the same behaviour but not always possible to use -Werror and dangerous to rely on it.

GCC/Clang support -Werror. ld.bfd/gold/ld.lld support --fatal-warnings.

In D113901#3134421, @peter.smith wrote:

I'm in favour of adding the additional flag. It is useful when an effort has been made to get all input files marked, and we want to make sure that the program stays that way. I think that complements the existing force-bti flag which is useful when transitioning a program into compatibility.

One thought is that this could also be useful for ibt. Is there scope for -z fail-if-not=bti and -z fail-if-not=ibt which might make this more extensible for future property flags?

Does this have the same semantics as -z cet-report=error? (https://bugs.llvm.org/show_bug.cgi?id=45483)
If yes, we can use a similar tri-state option.

MaskRay added a comment.Nov 16 2021, 6:46 PM

BTW, how do we handle object files created by objcopy -I binary -O elfXXX a.txt a.o or ld -b binary a.txt -o a.o? Such object files don't have .note.gnu.property

peter.smith added a comment.Nov 17 2021, 1:56 AM
In D113901#3135319, @MaskRay wrote:

-z force-bti with -Werror has the same behaviour but not always possible to use -Werror and dangerous to rely on it.

GCC/Clang support -Werror. ld.bfd/gold/ld.lld support --fatal-warnings.

In D113901#3134421, @peter.smith wrote:

I'm in favour of adding the additional flag. It is useful when an effort has been made to get all input files marked, and we want to make sure that the program stays that way. I think that complements the existing force-bti flag which is useful when transitioning a program into compatibility.

One thought is that this could also be useful for ibt. Is there scope for -z fail-if-not=bti and -z fail-if-not=ibt which might make this more extensible for future property flags?

Does this have the same semantics as -z cet-report=error? (https://bugs.llvm.org/show_bug.cgi?id=45483)
If yes, we can use a similar tri-state option.

It does look very similar, the -z cet-report=error also includes a warning state, whereas -z fail-if-not=bti only has an error state. Will have to let Daniel comment on that.

peter.smith added a comment.Nov 17 2021, 2:03 AM
In D113901#3136449, @MaskRay wrote:

BTW, how do we handle object files created by objcopy -I binary -O elfXXX a.txt a.o or ld -b binary a.txt -o a.o? Such object files don't have .note.gnu.property

IIUC this is creating an ELF object from binary or loading a binary directly (ld -b). In those particular cases we would not set the property in the ELF image and BTI would not be enabled, which would mean the program would run but not have the BTI protection. In theory the --force-bti option could be used in that circumstance. I don't have a good suggestion for a more automatic solution right now. My expectation is that incorporating a binary would be rare in a Linux/Android environment.

danielkiss added a comment.Nov 18 2021, 12:40 AM
In D113901#3137065, @peter.smith wrote:
In D113901#3135319, @MaskRay wrote:

-z force-bti with -Werror has the same behaviour but not always possible to use -Werror and dangerous to rely on it.

GCC/Clang support -Werror. ld.bfd/gold/ld.lld support --fatal-warnings.

In D113901#3134421, @peter.smith wrote:

I'm in favour of adding the additional flag. It is useful when an effort has been made to get all input files marked, and we want to make sure that the program stays that way. I think that complements the existing force-bti flag which is useful when transitioning a program into compatibility.

One thought is that this could also be useful for ibt. Is there scope for -z fail-if-not=bti and -z fail-if-not=ibt which might make this more extensible for future property flags?

Does this have the same semantics as -z cet-report=error? (https://bugs.llvm.org/show_bug.cgi?id=45483)
If yes, we can use a similar tri-state option.

It does look very similar, the -z cet-report=error also includes a warning state, whereas -z fail-if-not=bti only has an error state. Will have to let Daniel comment on that.

-z bti-report=[none,warning,error] sounds good to me. I'll add then -z cet-report too.

danielkiss updated this revision to Diff 389567.Nov 24 2021, 11:13 AM
danielkiss retitled this revision from [lld][AArch64] Add -z fail-if-no-bti flag. to [lld] Add cet-report and bti-report flags.
danielkiss edited the summary of this revision. (Show Details)

Hopefully later other reports like lam-report can be added easier.

Harbormaster completed remote builds in B135904: Diff 389567.Nov 24 2021, 12:34 PM
peter.smith added a comment.Nov 25 2021, 8:56 AM

One small comment on the error message for the command line checking, but otherwise looks good to me.

lld/ELF/Driver.cpp
1228

typo: recognized

I think it would be worth reporting option.second in some way so that they know that the option was matched, it just had a bad parameter.

"-z " + toString(reportArg.first) + "=, parameter " + option.second + " is not recognized"

MaskRay added inline comments.Nov 25 2021, 10:40 AM
lld/ELF/Config.h
233
lld/ELF/Driver.cpp
375

remove braces

consider using &&

981
1220

delete blank line

1228

Use Twine to concatenate the message.

2137
2179

This condition is untested.

You may need CHECK-EMPTY: https://llvm.org/docs/CommandGuide/FileCheck.html#the-check-empty-directive

2184–2186

This condition is untested.

danielkiss updated this revision to Diff 390043.Nov 26 2021, 6:55 AM
danielkiss marked 5 inline comments as done.
danielkiss updated this revision to Diff 390046.Nov 26 2021, 7:01 AM
danielkiss marked an inline comment as done.
danielkiss updated this revision to Diff 390047.Nov 26 2021, 7:04 AM
danielkiss marked 2 inline comments as done.
danielkiss marked an inline comment as done.
danielkiss added inline comments.
lld/ELF/Config.h
233

llvm::StringRef -> StringRef could be applied to the whole file.

Harbormaster completed remote builds in B136230: Diff 390047.Nov 26 2021, 7:24 AM
danielkiss updated this revision to Diff 390058.Nov 26 2021, 7:35 AM
danielkiss marked an inline comment as done.
Harbormaster completed remote builds in B136239: Diff 390058.Nov 26 2021, 7:48 AM
MaskRay added inline comments.Nov 26 2021, 10:32 AM
lld/ELF/Config.h
233
lld/ELF/Driver.cpp
375

not addressed

1161

use member initializer to replace assignment here.

1228

The diagnostic is untested.

(So when I mentioned -z cet-report=, I did have a plan to implement the x86 part by myself...)

lld/test/ELF/i386-feature-cet.s
26

-o /dev/null if the output is unused

lld/test/ELF/x86-64-feature-cet.s
29

# REPORT_FORCE-EMPTY:

34

Add # CE_REPORT_WARN-EMPTY: below

danielkiss updated this revision to Diff 390312.Nov 29 2021, 5:29 AM
danielkiss marked 7 inline comments as done.
danielkiss edited the summary of this revision. (Show Details)Nov 29 2021, 5:38 AM
Harbormaster completed remote builds in B136413: Diff 390312.Nov 29 2021, 5:45 AM
danielkiss added a comment.Dec 13 2021, 8:51 AM

ping?

MaskRay accepted this revision.EditedDec 13 2021, 12:19 PM

Out of town for ~10 days. Sorry for the long delay.
LGTM.

lld/ELF/Config.h
233

Seems better to group the two options with other llvm::StringRef (above).

lld/ELF/Driver.cpp
981
1220

If you swap the two loops you can call split only once for each -z option.

for (opt::Arg *arg : args.filtered(OPT_z)) {
  .. split
  if (option.first == "bti-report" || option.first == "cet-report") {
    if (!isValidReportString(option.second)) ...
    if (option.first == "bti-report")
      config->zBtiReport = ...
    else
      ...
  }
}

Perhaps open coding

lld/docs/ld.lld.1
706
.Cm none
is the default,
710
.Cm none
is the default,

Use man docs/ld.lld.1 to view the file to ensure good formatting.

This revision is now accepted and ready to land.Dec 13 2021, 12:19 PM
danielkiss updated this revision to Diff 394867.Dec 16 2021, 7:15 AM
danielkiss marked 5 inline comments as done.
danielkiss edited the summary of this revision. (Show Details)
In D113901#3190060, @MaskRay wrote:

Out of town for ~10 days. Sorry for the long delay.
LGTM.

Not a problem, thanks!

Harbormaster completed remote builds in B139665: Diff 394867.Dec 16 2021, 7:19 AM
This revision was landed with ongoing or failed builds.Dec 16 2021, 7:26 AM
Closed by commit rG2b4e6052b3bf: [lld] Add cet-report and bti-report flags (authored by danielkiss). · Explain Why
This revision was automatically updated to reflect the committed changes.
danielkiss added a commit: rG2b4e6052b3bf: [lld] Add cet-report and bti-report flags.
Herald added a project: Restricted Project. · View Herald TranscriptDec 16 2021, 7:26 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript

Revision Contents

PathSize
lld/
ELF/
2 lines
65 lines
docs/
10 lines
test/
ELF/
10 lines
4 lines
17 lines
23 lines

Diff 394876

lld/ELF/Config.h

Show First 20 LinesShow All 122 Lines▼ Show 20 Linesstruct Configuration {
llvm::StringRef progName; llvm::StringRef progName;
llvm::StringRef printArchiveStats; llvm::StringRef printArchiveStats;
llvm::StringRef printSymbolOrder; llvm::StringRef printSymbolOrder;
llvm::StringRef soName; llvm::StringRef soName;
llvm::StringRef sysroot; llvm::StringRef sysroot;
llvm::StringRef thinLTOCacheDir; llvm::StringRef thinLTOCacheDir;
llvm::StringRef thinLTOIndexOnlyArg; llvm::StringRef thinLTOIndexOnlyArg;
llvm::StringRef whyExtract; llvm::StringRef whyExtract;
StringRef zBtiReport = "none";
StringRef zCetReport = "none";
llvm::StringRef ltoBasicBlockSections; llvm::StringRef ltoBasicBlockSections;
std::pair<llvm::StringRef, llvm::StringRef> thinLTOObjectSuffixReplace; std::pair<llvm::StringRef, llvm::StringRef> thinLTOObjectSuffixReplace;
std::pair<llvm::StringRef, llvm::StringRef> thinLTOPrefixReplace; std::pair<llvm::StringRef, llvm::StringRef> thinLTOPrefixReplace;
std::string rpath; std::string rpath;
std::vector<VersionDefinition> versionDefinitions; std::vector<VersionDefinition> versionDefinitions;
std::vector<llvm::StringRef> auxiliaryList; std::vector<llvm::StringRef> auxiliaryList;
std::vector<llvm::StringRef> filterList; std::vector<llvm::StringRef> filterList;
std::vector<llvm::StringRef> searchPaths; std::vector<llvm::StringRef> searchPaths;
▲ Show 20 LinesShow All 84 Lines▼ Show 20 Linesstruct Configuration {
bool unique; bool unique;
bool useAndroidRelrTags = false; bool useAndroidRelrTags = false;
bool warnBackrefs; bool warnBackrefs;
std::vector<llvm::GlobPattern> warnBackrefsExclude; std::vector<llvm::GlobPattern> warnBackrefsExclude;
bool warnCommon; bool warnCommon;
bool warnMissingEntry; bool warnMissingEntry;
bool warnSymbolOrdering; bool warnSymbolOrdering;
bool writeAddends; bool writeAddends;
bool zCombreloc; bool zCombreloc;
MaskRayUnsubmitted
Done
ReplyInline Actions
bool writeAddends;
- llvm::StringRef zBtiReport;
+ StringRef zBtiReport;
llvm::StringRef zCetReport;
MaskRay:
danielkissAuthorUnsubmitted
Done
ReplyInline Actions

llvm::StringRef -> StringRef could be applied to the whole file.

danielkiss: llvm::StringRef -> StringRef could be applied to the whole file.
MaskRayUnsubmitted
Done
ReplyInline Actions
bool writeAddends;
- StringRef zBtiReport;
- StringRef zCetReport;
+ StringRef zBtiReport = "none";
+ StringRef zCetReport = "none"; StringRef zCetReport;
MaskRay:
MaskRayUnsubmitted
Done
ReplyInline Actions

Seems better to group the two options with other llvm::StringRef (above).

MaskRay: Seems better to group the two options with other `llvm::StringRef` (above).
bool zCopyreloc; bool zCopyreloc;
bool zForceBti; bool zForceBti;
bool zForceIbt; bool zForceIbt;
bool zGlobal; bool zGlobal;
bool zHazardplt; bool zHazardplt;
bool zIfuncNoplt; bool zIfuncNoplt;
bool zInitfirst; bool zInitfirst;
bool zInterpose; bool zInterpose;
▲ Show 20 LinesShow All 128 LinesShow Last 20 Lines

lld/ELF/Driver.cpp

Show First 20 LinesShow All 362 Lines▼ Show 20 Linesstatic void checkOptions() {
if (config->zRetpolineplt && config->zForceIbt) if (config->zRetpolineplt && config->zForceIbt)
error("-z force-ibt may not be used with -z retpolineplt"); error("-z force-ibt may not be used with -z retpolineplt");
if (config->emachine != EM_AARCH64) { if (config->emachine != EM_AARCH64) {
if (config->zPacPlt) if (config->zPacPlt)
error("-z pac-plt only supported on AArch64"); error("-z pac-plt only supported on AArch64");
if (config->zForceBti) if (config->zForceBti)
error("-z force-bti only supported on AArch64"); error("-z force-bti only supported on AArch64");
if (config->zBtiReport != "none")
error("-z bti-report only supported on AArch64");
} }
if (config->emachine != EM_386 && config->emachine != EM_X86_64 &&
MaskRayUnsubmitted
Done
ReplyInline Actions

remove braces

consider using &&

MaskRay: remove braces consider using `&&`
MaskRayUnsubmitted
Done
ReplyInline Actions

not addressed

MaskRay: not addressed
config->zCetReport != "none")
error("-z cet-report only supported on X86 and X86_64");
} }
static const char *getReproduceOption(opt::InputArgList &args) { static const char *getReproduceOption(opt::InputArgList &args) {
if (auto *arg = args.getLastArg(OPT_reproduce)) if (auto *arg = args.getLastArg(OPT_reproduce))
return arg->getValue(); return arg->getValue();
return getenv("LLD_REPRODUCE"); return getenv("LLD_REPRODUCE");
} }
▲ Show 20 LinesShow All 70 Lines▼ Show 20 Lines return s == "combreloc" || s == "copyreloc" || s == "defs" ||
s == "nodefaultlib" || s == "nodelete" || s == "nodlopen" || s == "nodefaultlib" || s == "nodelete" || s == "nodlopen" ||
s == "noexecstack" || s == "nognustack" || s == "noexecstack" || s == "nognustack" ||
s == "nokeep-text-section-prefix" || s == "norelro" || s == "nokeep-text-section-prefix" || s == "norelro" ||
s == "noseparate-code" || s == "nostart-stop-gc" || s == "notext" || s == "noseparate-code" || s == "nostart-stop-gc" || s == "notext" ||
s == "now" || s == "origin" || s == "pac-plt" || s == "rel" || s == "now" || s == "origin" || s == "pac-plt" || s == "rel" ||
s == "rela" || s == "relro" || s == "retpolineplt" || s == "rela" || s == "relro" || s == "retpolineplt" ||
s == "rodynamic" || s == "shstk" || s == "text" || s == "undefs" || s == "rodynamic" || s == "shstk" || s == "text" || s == "undefs" ||
s == "wxneeded" || s.startswith("common-page-size=") || s == "wxneeded" || s.startswith("common-page-size=") ||
s.startswith("bti-report=") || s.startswith("cet-report=") ||
s.startswith("dead-reloc-in-nonalloc=") || s.startswith("dead-reloc-in-nonalloc=") ||
s.startswith("max-page-size=") || s.startswith("stack-size=") || s.startswith("max-page-size=") || s.startswith("stack-size=") ||
s.startswith("start-stop-visibility="); s.startswith("start-stop-visibility=");
} }
// Report a warning for an unknown -z option. // Report a warning for an unknown -z option.
static void checkZOptions(opt::InputArgList &args) { static void checkZOptions(opt::InputArgList &args) {
for (auto *arg : args.filtered(OPT_z)) for (auto *arg : args.filtered(OPT_z))
▲ Show 20 LinesShow All 499 Lines▼ Show 20 Linesstatic void parseClangOption(StringRef opt, const Twine &msg) {
const char *argv[] = {config->progName.data(), opt.data()}; const char *argv[] = {config->progName.data(), opt.data()};
if (cl::ParseCommandLineOptions(2, argv, "", &os)) if (cl::ParseCommandLineOptions(2, argv, "", &os))
return; return;
os.flush(); os.flush();
error(msg + ": " + StringRef(err).trim()); error(msg + ": " + StringRef(err).trim());
} }
// Checks the parameter of the bti-report and cet-report options.
static bool isValidReportString(StringRef arg) {
MaskRayUnsubmitted
Done
ReplyInline Actions
// Checks the parameter of the bti-report and cet-report options.
- static bool isValidReportString(llvm::StringRef &arg) {
+ static bool isValidReportString(StringRef &arg) {
return arg == "none" || arg == "warning" || arg == "error";
MaskRay:
MaskRayUnsubmitted
Done
ReplyInline Actions
// Checks the parameter of the bti-report and cet-report options.
- static bool isValidReportString(StringRef &arg) {
+ static bool isValidReportString(StringRef arg) {
return arg == "none" || arg == "warning" || arg == "error";
MaskRay:
return arg == "none" || arg == "warning" || arg == "error";
}
// Initializes Config members by the command line options. // Initializes Config members by the command line options.
static void readConfigs(opt::InputArgList &args) { static void readConfigs(opt::InputArgList &args) {
errorHandler().verbose = args.hasArg(OPT_verbose); errorHandler().verbose = args.hasArg(OPT_verbose);
errorHandler().vsDiagnostics = errorHandler().vsDiagnostics =
args.hasArg(OPT_visual_studio_diagnostics_format, false); args.hasArg(OPT_visual_studio_diagnostics_format, false);
config->allowMultipleDefinition = config->allowMultipleDefinition =
args.hasFlag(OPT_allow_multiple_definition, args.hasFlag(OPT_allow_multiple_definition,
▲ Show 20 LinesShow All 160 Lines▼ Show 20 Linesstatic void readConfigs(opt::InputArgList &args) {
config->useAndroidRelrTags = args.hasFlag( config->useAndroidRelrTags = args.hasFlag(
OPT_use_android_relr_tags, OPT_no_use_android_relr_tags, false); OPT_use_android_relr_tags, OPT_no_use_android_relr_tags, false);
config->warnBackrefs = config->warnBackrefs =
args.hasFlag(OPT_warn_backrefs, OPT_no_warn_backrefs, false); args.hasFlag(OPT_warn_backrefs, OPT_no_warn_backrefs, false);
config->warnCommon = args.hasFlag(OPT_warn_common, OPT_no_warn_common, false); config->warnCommon = args.hasFlag(OPT_warn_common, OPT_no_warn_common, false);
config->warnSymbolOrdering = config->warnSymbolOrdering =
args.hasFlag(OPT_warn_symbol_ordering, OPT_no_warn_symbol_ordering, true); args.hasFlag(OPT_warn_symbol_ordering, OPT_no_warn_symbol_ordering, true);
config->whyExtract = args.getLastArgValue(OPT_why_extract); config->whyExtract = args.getLastArgValue(OPT_why_extract);
config->zCombreloc = getZFlag(args, "combreloc", "nocombreloc", true); config->zCombreloc = getZFlag(args, "combreloc", "nocombreloc", true);
MaskRayUnsubmitted
Done
ReplyInline Actions

use member initializer to replace assignment here.

MaskRay: use member initializer to replace assignment here.
config->zCopyreloc = getZFlag(args, "copyreloc", "nocopyreloc", true); config->zCopyreloc = getZFlag(args, "copyreloc", "nocopyreloc", true);
config->zForceBti = hasZOption(args, "force-bti"); config->zForceBti = hasZOption(args, "force-bti");
config->zForceIbt = hasZOption(args, "force-ibt"); config->zForceIbt = hasZOption(args, "force-ibt");
config->zGlobal = hasZOption(args, "global"); config->zGlobal = hasZOption(args, "global");
config->zGnustack = getZGnuStack(args); config->zGnustack = getZGnuStack(args);
config->zHazardplt = hasZOption(args, "hazardplt"); config->zHazardplt = hasZOption(args, "hazardplt");
config->zIfuncNoplt = hasZOption(args, "ifunc-noplt"); config->zIfuncNoplt = hasZOption(args, "ifunc-noplt");
config->zInitfirst = hasZOption(args, "initfirst"); config->zInitfirst = hasZOption(args, "initfirst");
Show All 40 Lines for (opt::Arg *arg : args.filtered(OPT_shuffle_sections)) {
if (!to_integer(kv.second, v)) if (!to_integer(kv.second, v))
error(errPrefix + "expected an integer, but got '" + kv.second + "'"); error(errPrefix + "expected an integer, but got '" + kv.second + "'");
else if (Expected<GlobPattern> pat = GlobPattern::create(kv.first)) else if (Expected<GlobPattern> pat = GlobPattern::create(kv.first))
config->shuffleSections.emplace_back(std::move(*pat), uint32_t(v)); config->shuffleSections.emplace_back(std::move(*pat), uint32_t(v));
else else
error(errPrefix + toString(pat.takeError())); error(errPrefix + toString(pat.takeError()));
} }
auto reports = {std::make_pair("bti-report", &config->zBtiReport),
std::make_pair("cet-report", &config->zCetReport)};
for (opt::Arg *arg : args.filtered(OPT_z)) {
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
MaskRayUnsubmitted
Done
ReplyInline Actions

If you swap the two loops you can call split only once for each -z option.

for (opt::Arg *arg : args.filtered(OPT_z)) {
  .. split
  if (option.first == "bti-report" || option.first == "cet-report") {
    if (!isValidReportString(option.second)) ...
    if (option.first == "bti-report")
      config->zBtiReport = ...
    else
      ...
  }
}

Perhaps open coding

MaskRay: If you swap the two loops you can call `split` only once for each -z option. ``` for (opt::Arg…
std::pair<StringRef, StringRef> option =
StringRef(arg->getValue()).split('=');
for (auto reportArg : reports) {
if (option.first != reportArg.first)
continue;
if (!isValidReportString(option.second)) {
error(Twine("-z ") + reportArg.first + "= parameter " + option.second +
" is not recognized");
peter.smithUnsubmitted
Done
ReplyInline Actions

typo: recognized

I think it would be worth reporting option.second in some way so that they know that the option was matched, it just had a bad parameter.

"-z " + toString(reportArg.first) + "=, parameter " + option.second + " is not recognized"

peter.smith: typo: recognized I think it would be worth reporting option.second in some way so that they…
MaskRayUnsubmitted
Done
ReplyInline Actions

Use Twine to concatenate the message.

MaskRay: Use `Twine` to concatenate the message.
MaskRayUnsubmitted
Done
ReplyInline Actions

The diagnostic is untested.

(So when I mentioned -z cet-report=, I did have a plan to implement the x86 part by myself...)

MaskRay: The diagnostic is untested. (So when I mentioned `-z cet-report=`, I did have a plan to…
continue;
}
*reportArg.second = option.second;
}
}
for (opt::Arg *arg : args.filtered(OPT_z)) { for (opt::Arg *arg : args.filtered(OPT_z)) {
std::pair<StringRef, StringRef> option = std::pair<StringRef, StringRef> option =
StringRef(arg->getValue()).split('='); StringRef(arg->getValue()).split('=');
if (option.first != "dead-reloc-in-nonalloc") if (option.first != "dead-reloc-in-nonalloc")
continue; continue;
constexpr StringRef errPrefix = "-z dead-reloc-in-nonalloc=: "; constexpr StringRef errPrefix = "-z dead-reloc-in-nonalloc=: ";
std::pair<StringRef, StringRef> kv = option.second.split('='); std::pair<StringRef, StringRef> kv = option.second.split('=');
if (kv.first.empty() || kv.second.empty()) { if (kv.first.empty() || kv.second.empty()) {
▲ Show 20 LinesShow All 884 Lines▼ Show 20 Lines for (size_t i = 0, e = syms.size(); i != e; ++i)
syms[i] = s; syms[i] = s;
}); });
// Update pointers in the symbol table. // Update pointers in the symbol table.
for (const WrappedSymbol &w : wrapped) for (const WrappedSymbol &w : wrapped)
symtab->wrap(w.sym, w.real, w.wrap); symtab->wrap(w.sym, w.real, w.wrap);
} }
static void checkAndReportMissingFeature(StringRef config, uint32_t features,
uint32_t mask, const Twine &report) {
if (!(features & mask)) {
MaskRayUnsubmitted
Done
ReplyInline Actions
uint32_t features, uint32_t mask,
- const std::string &report) {
+ const Twine &report) {
if (!(features & mask)) {
MaskRay:
if (config == "error")
error(report);
else if (config == "warning")
warn(report);
}
}
// To enable CET (x86's hardware-assited control flow enforcement), each // To enable CET (x86's hardware-assited control flow enforcement), each
// source file must be compiled with -fcf-protection. Object files compiled // source file must be compiled with -fcf-protection. Object files compiled
// with the flag contain feature flags indicating that they are compatible // with the flag contain feature flags indicating that they are compatible
// with CET. We enable the feature only when all object files are compatible // with CET. We enable the feature only when all object files are compatible
// with CET. // with CET.
// //
// This is also the case with AARCH64's BTI and PAC which use the similar // This is also the case with AARCH64's BTI and PAC which use the similar
// GNU_PROPERTY_AARCH64_FEATURE_1_AND mechanism. // GNU_PROPERTY_AARCH64_FEATURE_1_AND mechanism.
template <class ELFT> static uint32_t getAndFeatures() { template <class ELFT> static uint32_t getAndFeatures() {
if (config->emachine != EM_386 && config->emachine != EM_X86_64 && if (config->emachine != EM_386 && config->emachine != EM_X86_64 &&
config->emachine != EM_AARCH64) config->emachine != EM_AARCH64)
return 0; return 0;
uint32_t ret = -1; uint32_t ret = -1;
for (InputFile *f : objectFiles) { for (InputFile *f : objectFiles) {
uint32_t features = cast<ObjFile<ELFT>>(f)->andFeatures; uint32_t features = cast<ObjFile<ELFT>>(f)->andFeatures;
checkAndReportMissingFeature(
config->zBtiReport, features, GNU_PROPERTY_AARCH64_FEATURE_1_BTI,
toString(f) + ": -z bti-report: file does not have "
"GNU_PROPERTY_AARCH64_FEATURE_1_BTI property");
checkAndReportMissingFeature(
config->zCetReport, features, GNU_PROPERTY_X86_FEATURE_1_IBT,
toString(f) + ": -z cet-report: file does not have "
"GNU_PROPERTY_X86_FEATURE_1_IBT property");
checkAndReportMissingFeature(
config->zCetReport, features, GNU_PROPERTY_X86_FEATURE_1_SHSTK,
toString(f) + ": -z cet-report: file does not have "
"GNU_PROPERTY_X86_FEATURE_1_SHSTK property");
if (config->zForceBti && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) { if (config->zForceBti && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) {
features |= GNU_PROPERTY_AARCH64_FEATURE_1_BTI;
if (config->zBtiReport == "none")
MaskRayUnsubmitted
Done
ReplyInline Actions

This condition is untested.

You may need CHECK-EMPTY: https://llvm.org/docs/CommandGuide/FileCheck.html#the-check-empty-directive

MaskRay: This condition is untested. You may need `CHECK-EMPTY:` https://llvm.
warn(toString(f) + ": -z force-bti: file does not have " warn(toString(f) + ": -z force-bti: file does not have "
"GNU_PROPERTY_AARCH64_FEATURE_1_BTI property"); "GNU_PROPERTY_AARCH64_FEATURE_1_BTI property");
features |= GNU_PROPERTY_AARCH64_FEATURE_1_BTI;
} else if (config->zForceIbt && } else if (config->zForceIbt &&
!(features & GNU_PROPERTY_X86_FEATURE_1_IBT)) { !(features & GNU_PROPERTY_X86_FEATURE_1_IBT)) {
if (config->zCetReport == "none")
warn(toString(f) + ": -z force-ibt: file does not have " warn(toString(f) + ": -z force-ibt: file does not have "
"GNU_PROPERTY_X86_FEATURE_1_IBT property"); "GNU_PROPERTY_X86_FEATURE_1_IBT property");
MaskRayUnsubmitted
Done
ReplyInline Actions

This condition is untested.

MaskRay: This condition is untested.
features |= GNU_PROPERTY_X86_FEATURE_1_IBT; features |= GNU_PROPERTY_X86_FEATURE_1_IBT;
} }
if (config->zPacPlt && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) { if (config->zPacPlt && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) {
warn(toString(f) + ": -z pac-plt: file does not have " warn(toString(f) + ": -z pac-plt: file does not have "
"GNU_PROPERTY_AARCH64_FEATURE_1_PAC property"); "GNU_PROPERTY_AARCH64_FEATURE_1_PAC property");
features |= GNU_PROPERTY_AARCH64_FEATURE_1_PAC; features |= GNU_PROPERTY_AARCH64_FEATURE_1_PAC;
} }
ret &= features; ret &= features;
▲ Show 20 LinesShow All 350 LinesShow Last 20 Lines

lld/docs/ld.lld.1

Show First 20 LinesShow All 696 Lines▼ Show 20 Lines
recommended. recommended.
.Pp .Pp
.It Cm execstack .It Cm execstack
Make the main stack executable. Make the main stack executable.
Stack permissions are recorded in the Stack permissions are recorded in the
.Dv PT_GNU_STACK .Dv PT_GNU_STACK
segment. segment.
.Pp .Pp
.It Cm bti-report Ns = Ns Ar [none|warning|error]
Specify how to report the missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI property.
MaskRayUnsubmitted
Done
ReplyInline Actions
.Cm none
is the default,
MaskRay: ``` .Cm none is the default, ```
.Cm none
is the default, linker will not report the missing property otherwise will be reported as a warning or an error.
.Pp
.It Cm cet-report Ns = Ns Ar [none|warning|error]
MaskRayUnsubmitted
Done
ReplyInline Actions
.Cm none
is the default,

Use man docs/ld.lld.1 to view the file to ensure good formatting.

MaskRay: ``` .Cm none is the default, ``` Use `man docs/ld.lld.1` to view the file to ensure good…
Specify how to report the missing GNU_PROPERTY_X86_FEATURE_1_IBT or GNU_PROPERTY_X86_FEATURE_1_SHSTK properties.
.Cm none
is the default, linker will not report the missing property otherwise will be reported as a warning or an error.
.Pp
.It Cm force-bti .It Cm force-bti
Force enable AArch64 BTI instruction in PLT, warn if Input ELF file does not have GNU_PROPERTY_AARCH64_FEATURE_1_BTI property. Force enable AArch64 BTI instruction in PLT, warn if Input ELF file does not have GNU_PROPERTY_AARCH64_FEATURE_1_BTI property.
.Pp .Pp
.It Cm force-ibt .It Cm force-ibt
Force enable Intel Indirect Branch Tracking in PLT, warn if an input ELF file Force enable Intel Indirect Branch Tracking in PLT, warn if an input ELF file
does not have GNU_PROPERTY_X86_FEATURE_1_IBT property. does not have GNU_PROPERTY_X86_FEATURE_1_IBT property.
.Pp .Pp
.It Cm global .It Cm global
▲ Show 20 LinesShow All 192 LinesShow Last 20 Lines

lld/test/ELF/aarch64-bti-pac-cli-error.s

# REQUIRES: x86 # REQUIRES: x86
# RUN: llvm-mc --triple=x86_64-pc-linux --filetype=obj -o %t.o %s # RUN: llvm-mc --triple=x86_64-pc-linux --filetype=obj -o %t.o %s
# RUN: not ld.lld -z pac-plt -z force-bti %t.o -o /dev/null 2>&1 | FileCheck %s # RUN: not ld.lld -z pac-plt -z force-bti -z bti-report=error %t.o -o /dev/null 2>&1 | FileCheck %s
# #
## Check that we error if -z pac-plt and -z force-bti are used when target is not ## Check that we error if -z pac-plt, -z force-bti and -z bti-report=error are used when target is not
## aarch64 ## aarch64
# CHECK: error: -z pac-plt only supported on AArch64 # CHECK: error: -z pac-plt only supported on AArch64
# CHECK-NEXT: error: -z force-bti only supported on AArch64 # CHECK-NEXT: error: -z force-bti only supported on AArch64
# CHECK-NEXT: error: -z bti-report only supported on AArch64
# RUN: not ld.lld -z bti-report=something %t.o -o /dev/null 2>&1 | \
# RUN: FileCheck --check-prefix=REPORT_INVALID %s
# REPORT_INVALID: error: -z bti-report= parameter something is not recognized
# REPORT_INVALID-EMPTY:
.globl start .globl start
start: ret start: ret

lld/test/ELF/aarch64-feature-bti.s

Show First 20 LinesShow All 181 Lines▼ Show 20 Lines
# NOEX-NEXT: ldr x17, [x16, #1032] # NOEX-NEXT: ldr x17, [x16, #1032]
# NOEX-NEXT: add x16, x16, #1032 # NOEX-NEXT: add x16, x16, #1032
# NOEX-NEXT: br x17 # NOEX-NEXT: br x17
## Force BTI entries with the -z force-bti command line option. Expect a warning ## Force BTI entries with the -z force-bti command line option. Expect a warning
## from the file without the .note.gnu.property. ## from the file without the .note.gnu.property.
# RUN: ld.lld %t.o %t2.o -z force-bti %t.so -o %tforcebti.exe 2>&1 | FileCheck --check-prefix=FORCE-WARN %s # RUN: ld.lld %t.o %t2.o -z force-bti %t.so -o %tforcebti.exe 2>&1 | FileCheck --check-prefix=FORCE-WARN %s
# RUN: not ld.lld %t.o %t2.o -z force-bti -z bti-report=error %t.so -o %tfailifnotbti.exe 2>&1 | FileCheck --check-prefix=BTI_REPORT-ERROR %s
# FORCE-WARN: aarch64-feature-bti.s.tmp2.o: -z force-bti: file does not have GNU_PROPERTY_AARCH64_FEATURE_1_BTI property # FORCE-WARN: aarch64-feature-bti.s.tmp2.o: -z force-bti: file does not have GNU_PROPERTY_AARCH64_FEATURE_1_BTI property
# BTI_REPORT-ERROR: aarch64-feature-bti.s.tmp2.o: -z bti-report: file does not have GNU_PROPERTY_AARCH64_FEATURE_1_BTI property
# BTI_REPORT-ERROR-EMPTY:
# RUN: llvm-readelf -n %tforcebti.exe | FileCheck --check-prefix=BTIPROP %s # RUN: llvm-readelf -n %tforcebti.exe | FileCheck --check-prefix=BTIPROP %s
# RUN: llvm-readelf --dynamic-table %tforcebti.exe | FileCheck --check-prefix BTIDYN %s # RUN: llvm-readelf --dynamic-table %tforcebti.exe | FileCheck --check-prefix BTIDYN %s
# RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %tforcebti.exe | FileCheck --check-prefix=FORCE %s # RUN: llvm-objdump -d --mattr=+bti --no-show-raw-insn %tforcebti.exe | FileCheck --check-prefix=FORCE %s
# FORCE: Disassembly of section .text: # FORCE: Disassembly of section .text:
# FORCE: 0000000000210370 <func1>: # FORCE: 0000000000210370 <func1>:
# FORCE-NEXT: 210370: bl 0x2103a0 <func2@plt> # FORCE-NEXT: 210370: bl 0x2103a0 <func2@plt>
▲ Show 20 LinesShow All 43 LinesShow Last 20 Lines

lld/test/ELF/i386-feature-cet.s

Show All 17 Lines
# NOCET: Section Headers # NOCET: Section Headers
# NOCET-NOT: .note.gnu.property # NOCET-NOT: .note.gnu.property
# RUN: ld.lld -e func1 %t.o %t3.o -o %t -z force-ibt 2>&1 \ # RUN: ld.lld -e func1 %t.o %t3.o -o %t -z force-ibt 2>&1 \
# RUN: | FileCheck --check-prefix=WARN %s # RUN: | FileCheck --check-prefix=WARN %s
# WARN: {{.*}}.o: -z force-ibt: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property # WARN: {{.*}}.o: -z force-ibt: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property
# RUN: not ld.lld -e func1 %t.o %t3.o -o /dev/null -z cet-report=something 2>&1 \
MaskRayUnsubmitted
Done
ReplyInline Actions

-o /dev/null if the output is unused

MaskRay: `-o /dev/null` if the output is unused
# RUN: | FileCheck --check-prefix=REPORT_INVALID %s
# REPORT_INVALID: error: -z cet-report= parameter something is not recognized
# REPORT_INVALID-EMPTY:
# RUN: ld.lld -e func1 %t.o %t3.o -o /dev/null -z cet-report=warning 2>&1 \
# RUN: | FileCheck --check-prefix=CET_REPORT_WARN %s
# CET_REPORT_WARN: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property
# CET_REPORT_WARN: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_SHSTK property
# CET_REPORT_WARN-EMPTY:
# RUN: not ld.lld -e func1 %t.o %t3.o -o /dev/null -z cet-report=error 2>&1 \
# RUN: | FileCheck --check-prefix=CET_REPORT_ERROR %s
# CET_REPORT_ERROR: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property
# CET_REPORT_ERROR: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_SHSTK property
# CET_REPORT_ERROR-EMPTY:
# RUN: ld.lld -e func1 %t.o %t4.o -o %t # RUN: ld.lld -e func1 %t.o %t4.o -o %t
# RUN: llvm-readelf -n %t | FileCheck --check-prefix=NOSHSTK %s # RUN: llvm-readelf -n %t | FileCheck --check-prefix=NOSHSTK %s
# Check .note.gnu.protery without property SHSTK. # Check .note.gnu.protery without property SHSTK.
# NOSHSTK: Properties: x86 feature: IBT{{$}} # NOSHSTK: Properties: x86 feature: IBT{{$}}
# RUN: ld.lld -shared %t1.o -soname=so -o %t1.so # RUN: ld.lld -shared %t1.o -soname=so -o %t1.so
# RUN: ld.lld -e func1 %t.o %t1.so -o %t # RUN: ld.lld -e func1 %t.o %t1.so -o %t
▲ Show 20 LinesShow All 60 LinesShow Last 20 Lines

lld/test/ELF/x86-64-feature-cet.s

Show All 17 Lines
# NOCET: Section Headers # NOCET: Section Headers
# NOCET-NOT: .note.gnu.property # NOCET-NOT: .note.gnu.property
# RUN: ld.lld -e func1 %t.o %t3.o -o %t -z force-ibt 2>&1 \ # RUN: ld.lld -e func1 %t.o %t3.o -o %t -z force-ibt 2>&1 \
# RUN: | FileCheck --check-prefix=WARN %s # RUN: | FileCheck --check-prefix=WARN %s
# WARN: {{.*}}.o: -z force-ibt: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property # WARN: {{.*}}.o: -z force-ibt: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property
# RUN:not ld.lld -e func1 %t.o %t3.o -o /dev/null -z cet-report=something 2>&1 \
# RUN: | FileCheck --check-prefix=REPORT_INVALID %s
# REPORT_INVALID: error: -z cet-report= parameter something is not recognized
# REPORT_INVALID-EMPTY:
MaskRayUnsubmitted
Done
ReplyInline Actions

# REPORT_FORCE-EMPTY:

MaskRay: `# REPORT_FORCE-EMPTY:`
# RUN: ld.lld -e func1 %t.o %t3.o -o /dev/null -z force-ibt -z cet-report=warning 2>&1 \
# RUN: | FileCheck --check-prefix=REPORT_FORCE %s
# REPORT_FORCE: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property
# REPORT_FORCE: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_SHSTK property
MaskRayUnsubmitted
Done
ReplyInline Actions

Add # CE_REPORT_WARN-EMPTY: below

MaskRay: Add `# CE_REPORT_WARN-EMPTY:` below
# REPORT_FORCE-EMPTY:
# RUN: ld.lld -e func1 %t.o %t3.o -o /dev/null -z cet-report=warning 2>&1 \
# RUN: | FileCheck --check-prefix=CET_REPORT_WARN %s
# CET_REPORT_WARN: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property
# CET_REPORT_WARN: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_SHSTK property
# CET_REPORT_WARN-EMPTY:
# RUN: not ld.lld -e func1 %t.o %t3.o -o /dev/null -z cet-report=error 2>&1 \
# RUN: | FileCheck --check-prefix=CET_REPORT_ERROR %s
# CET_REPORT_ERROR: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property
# CET_REPORT_ERROR: {{.*}}.o: -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_SHSTK property
# CET_REPORT_ERROR-EMPTY:
# RUN: ld.lld -e func1 %t.o %t4.o -o %t # RUN: ld.lld -e func1 %t.o %t4.o -o %t
# RUN: llvm-readelf -n %t | FileCheck --check-prefix=NOSHSTK %s # RUN: llvm-readelf -n %t | FileCheck --check-prefix=NOSHSTK %s
# Check .note.gnu.protery without property SHSTK. # Check .note.gnu.protery without property SHSTK.
# NOSHSTK: Properties: x86 feature: IBT{{$}} # NOSHSTK: Properties: x86 feature: IBT{{$}}
# RUN: ld.lld -shared %t1.o -soname=so -o %t1.so # RUN: ld.lld -shared %t1.o -soname=so -o %t1.so
# RUN: ld.lld -e func1 %t.o %t1.so -o %t # RUN: ld.lld -e func1 %t.o %t1.so -o %t
▲ Show 20 LinesShow All 59 LinesShow Last 20 Lines