This is an archive of the discontinued LLVM Phabricator instance.

Differential D119384

[ELF][MTE] Add --android-memtag-* options to synthesize ELF notes
ClosedPublic

Authored by hctim on Feb 9 2022, 3:51 PM.

Details

Reviewers
eugenis
MaskRay
peter.smith
zatrazz
Commits
rG786c89fed379: [ELF][MTE] Add --android-memtag-* options to synthesize ELF notes
Summary

This ELF note is aarch64 and Android-specific. It specifies to the
dynamic loader that specific work should be scheduled to enable MTE
protection of stack and heap regions.

Current synthesis of the ".note.android.memtag" ELF note is done in the
Android build system. We'd like to move that to the compiler. This patch
adds the --memtag-stack, --memtag-heap, and --memtag-mode={async, sync,
none} flags to the linker, which synthesises the note for us.

Future changes will add -fsanitize=memtag* flags to clang which will
pass these through to lld.

Depends on D119381.

Diff Detail

Event Timeline

hctim created this revision.Feb 9 2022, 3:51 PM
Herald added subscribers: dang, kristof.beyls, arichardson, emaste. · View Herald TranscriptFeb 9 2022, 3:51 PM
hctim requested review of this revision.Feb 9 2022, 3:51 PM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 9 2022, 3:51 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B148609: Diff 407329.Feb 9 2022, 5:37 PM
hctim updated this revision to Diff 413581.Mar 7 2022, 11:58 AM

Rebase onto landed D119381, PTAL.

Herald added a project: Restricted Project. · View Herald TranscriptMar 7 2022, 11:58 AM
Harbormaster completed remote builds in B152992: Diff 413581.Mar 7 2022, 12:12 PM
hctim mentioned this in D118948: [MTE] Add -fsanitize=memtag* and friends..Mar 7 2022, 1:51 PM
hctim added a child revision: D118948: [MTE] Add -fsanitize=memtag* and friends..Mar 7 2022, 1:52 PM
hctim added a comment.Mar 10 2022, 12:56 PM

(friendly ping)

eugenis added a comment.Mar 10 2022, 3:39 PM

LGTM

MaskRay added a comment.Mar 11 2022, 12:41 AM

I know little about MTE. Do you have a companion Bionic change? If yes, seems useful to share the link here so that people will see the big picture.

Currently --memtag-* seems Android specific while Android specific options should have android in the names.
If --memtag-* may be used by regular AArch64 programs, then using --memtag-* seems fine.

Do you expect further iterations on the option semantics? Do we reserve rights to rename and adjust semantics as appropriate, and try having little backward compatibility burden?

lld/ELF/SyntheticSections.cpp
3857

This section is modeled on Elf64_Nhdr, so it's clear these fields are related to nhdr. No need to mention this again.

3859
lld/test/ELF/aarch64-memtag-android-abi.s
4

This block of comments may be confusing to readers. Are the tags added to serve backward compatibility purposes for the old versions of Android, or are they needed by new Android?

10

(technically, any system that can parse ELF, but I'm not rewriting it in python to run on Windows...).

This sentence can be removed.

llvm-readelf -n is a robust way testing ELF note sections. There seems no point to use Python to dump the information.

eugenis added a comment.Mar 14 2022, 1:04 PM

The concept of memtag is not android specific, but the current implementation is. It might grow support for other OS targets in the future.

I think it would be convenient to reserve the right to change the option semantics at least until we hear about another target implementation?

MaskRay added reviewers: peter.smith, zatrazz.Mar 14 2022, 1:22 PM
MaskRay added a comment.EditedMar 14 2022, 1:48 PM
In D119384#3380403, @eugenis wrote:

The concept of memtag is not android specific, but the current implementation is. It might grow support for other OS targets in the future.

(I will be out of town from Wednesday til next Monday and will have little time replying.)

If you are not in hurry, the ideal way forward as I see is to create a proposal on https://github.com/ARM-software/abi-aa and get it approved.
(Tag @peter.smith as an ABI approver. Tag @zatrazz who has some experience with MTE on glibc side.)
Then Android probably doesn't need to invent its own mechanism.

I think existing ld.so implementations only inspect GNU properties.
So we probably need something similar to GNU_PROPERTY_AARCH64_FEATURE_1_BTI.

If you need something soon for experiments, the Android ABI may need to diverge from the generic AArch64 ABI.
(Something similar to --pack-dyn-relocs=android+relr.)
I think Android needs to use --android-memtag-* instead of the generic option names --memtag-*.
We can consider the options experimental. When AArch64 ABI gets a proposal and Android is happy to switch to the standard, we should remove the experimental options.

I think it would be convenient to reserve the right to change the option semantics at least until we hear about another target implementation?

Agreed.

There is also a way not adding linker options.
You may just synthesize an object file according to sync/async and stack/heap:

.section .note.gnu.property, "a", %note
.p2align 3
...

and let clang Driver link it into the output.
This may be a bit inconvenient as it needs object files for all combinations, but don't need to let linker commit to an unstable interface.

peter.smith added a comment.Mar 15 2022, 3:53 AM

Some initial thoughts.

  • If this is likely to be rolled out to other platforms such as Linux/BSD etc. It would be useful to have something common written up in the ABI. As MaskRay suggests the best way forward would be to raise an issue or a pull request https://github.com/ARM-software/abi-aa . You are of course welcome to implement an Android specific platform ABI, but it would be good to a similar one across multiple platforms if possible.
  • For BTI, for better or worse, we chose to https://github.com/ARM-software/abi-aa/blob/main/aaelf64/aaelf64.rst#62program-property as this mechanism was going to be needed for Intel platforms. Ideally this would be documented in the SysVABI doc, but that didn't exist at the time the property was created.
  • Do you need per-object marking that a linker will aggregate? For example do you enable when at least one object needs MTE, or do you need all objects to be compatible with MTE? A per object marking that can be overridden at link time will give you a chance to diagnose objects that may not have the MTE support. It can help to have an assembler option to fabricate the note if objects are used.
  • A colleague mentioned that the choice of command line options were quite generic. If they are aarch64 and Android specific they probably ought to be behind -z and perhaps with AArch64 and Android in the name.
hctim added a comment.Mar 15 2022, 10:50 AM
In D119384#3374699, @MaskRay wrote:

I know little about MTE. Do you have a companion Bionic change? If yes, seems useful to share the link here so that people will see the big picture.

The memtag code has existed on Android since Android 11 (2021): https://cs.android.com/android/platform/superproject/+/master:bionic/libc/bionic/libc_init_static.cpp;drc=ba842429a777575fb683e21c31c5d962305b93fd;l=207

Unfortunately, this makes the implementation, for Android, inflexible, as we'd like binaries built with the new toolchain to work on older versions..

In D119384#3374699, @MaskRay wrote:

Currently --memtag-* seems Android specific while Android specific options should have android in the names.
If --memtag-* may be used by regular AArch64 programs, then using --memtag-* seems fine.

In D119384#3380538, @MaskRay wrote:

If you need something soon for experiments, the Android ABI may need to diverge from the generic AArch64 ABI.
(Something similar to --pack-dyn-relocs=android+relr.)
I think Android needs to use --android-memtag-* instead of the generic option names --memtag-*.
We can consider the options experimental. When AArch64 ABI gets a proposal and Android is happy to switch to the standard, we should remove the experimental options.

I don't see renaming the current linker options to --android-memtag* as a problem, and seems to remove the concerns of "this ABI is nonstandard and potentially android-specific." Especially given that the name of the note is "Android", which can't be changed due to the aforementioned need for backwards-compatibility.

There is also a way not adding linker options.
You may just synthesize an object file according to sync/async and stack/heap:

.section .note.gnu.property, "a", %note
.p2align 3
...

and let clang Driver link it into the output.
This may be a bit inconvenient as it needs object files for all combinations, but don't need to let linker commit to an unstable interface.

This is what is currently done on Android, but we'd like to move the behaviour to the toolchain as it's necessary to implement MTE stack, as it need collaboration from the loader.

In D119384#3382027, @peter.smith wrote:

Some initial thoughts.

  • If this is likely to be rolled out to other platforms such as Linux/BSD etc. It would be useful to have something common written up in the ABI. As MaskRay suggests the best way forward would be to raise an issue or a pull request https://github.com/ARM-software/abi-aa . You are of course welcome to implement an Android specific platform ABI, but it would be good to a similar one across multiple platforms if possible.
  • For BTI, for better or worse, we chose to https://github.com/ARM-software/abi-aa/blob/main/aaelf64/aaelf64.rst#62program-property as this mechanism was going to be needed for Intel platforms. Ideally this would be documented in the SysVABI doc, but that didn't exist at the time the property was created.

GNU_PROPERTY_AARCH64_FEATURE_1_AND seems like a reasonable place to implement these features in a generic standpoint, but we still need the android-specific behaviour for backwards compatibility.

  • Do you need per-object marking that a linker will aggregate? For example do you enable when at least one object needs MTE, or do you need all objects to be compatible with MTE? A per object marking that can be overridden at link time will give you a chance to diagnose objects that may not have the MTE support. It can help to have an assembler option to fabricate the note if objects are used.

The ELF note is coupled with the executable, not the DSOs, and thus the executable decides what MTE options are enabled. In future, there will be a per-DSO progbits section for MTE global descriptors, but these progbits sections will be ignored if the main executable doesn't include the MTE ELF note. And, of course, MTE stack is enabled on a per-CU level.

  • A colleague mentioned that the choice of command line options were quite generic. If they are aarch64 and Android specific they probably ought to be behind -z and perhaps with AArch64 and Android in the name.

As above, agreed regarding the *android* naming of the notes. I don't think they need to be platform-specific, as I'd expect a generic --android-memtag* to be able to correctly synthesize notes for AArch64 and any future platforms that support memory tagging.

eugenis added a comment.Mar 15 2022, 1:56 PM
  • Do you need per-object marking that a linker will aggregate? For example do you enable when at least one object needs MTE, or do you need all objects to be compatible with MTE? A per object marking that can be overridden at link time will give you a chance to diagnose objects that may not have the MTE support. It can help to have an assembler option to fabricate the note if objects are used.

The ELF note is coupled with the executable, not the DSOs, and thus the executable decides what MTE options are enabled. In future, there will be a per-DSO progbits section for MTE global descriptors, but these progbits sections will be ignored if the main executable doesn't include the MTE ELF note. And, of course, MTE stack is enabled on a per-CU level.

The reason we do not use per-object feature bits is that, even though stack tagging requires a compiler flag for code instrumentation, the note is global to a process (not even a DSO). Setting PROT_MTE on stack pages can increase memory traffic (by shipping tags back and forth). I can see some common object file or a static library (crtbegin, libatomic, libunwind, etc) in the NDK built with stack tagging instrumentation, but we would not want that to impose PROT_MTE on any binary that links it.

hctim updated this revision to Diff 418720.Mar 28 2022, 3:55 PM
hctim marked 4 inline comments as done.

Rebase, rename to --android-memtag*, and address Ray's comments.

Herald added a subscriber: StephenFan. · View Herald TranscriptMar 28 2022, 3:55 PM
MaskRay added a comment.Mar 29 2022, 11:27 AM

Generally looks good, with some nits

lld/ELF/Driver.cpp
725

unknown --android-memtag-mode value: memtagModeArg, should be one of ...

lld/test/ELF/aarch64-memtag-android-abi.s
9

"none-gnu" in -triple=aarch64-linux-none-gnu seems invalid.

Did you mean aarch64-none-linux-android?

15

Nit: These llvm-readelf -n %t RUN lines do not need a wrap. They aren't so long.

56

As of Android 12 stack MTE is unimplemented. ...

59

Align

68

Just place the message on one single line. This is more friendly to diagnostic search.
We don't enforce 80-line rule to test files anyway

MaskRay retitled this revision from [MTE] [lld] Add --memtag-* options to synthetise ELF notes. to [ELF][MTE] Add --android-memtag-* options to synthesize ELF notes.Mar 29 2022, 11:29 AM
Herald added a subscriber: danielkiss. · View Herald TranscriptMar 29 2022, 11:29 AM
Harbormaster completed remote builds in B156652: Diff 418720.Mar 29 2022, 6:17 PM
hctim updated this revision to Diff 419859.Apr 1 2022, 2:15 PM
hctim marked 6 inline comments as done.

Address comments.

Harbormaster completed remote builds in B157499: Diff 419859.Apr 1 2022, 2:50 PM
MaskRay accepted this revision.Apr 1 2022, 7:26 PM

LG. It will be nice to have a link to the Android bionic implementation, so that when iterating on the semantics we can get a reference.

This revision is now accepted and ready to land.Apr 1 2022, 7:26 PM
hctim added a comment.Apr 4 2022, 11:07 AM
In D119384#3423968, @MaskRay wrote:

LG. It will be nice to have a link to the Android bionic implementation, so that when iterating on the semantics we can get a reference.

Done (in the commit).

Closed by commit rG786c89fed379: [ELF][MTE] Add --android-memtag-* options to synthesize ELF notes (authored by hctim). · Explain WhyApr 4 2022, 11:18 AM
This revision was automatically updated to reflect the committed changes.
hctim added a commit: rG786c89fed379: [ELF][MTE] Add --android-memtag-* options to synthesize ELF notes.

Revision Contents

PathSize
lld/
ELF/
12 lines
27 lines
12 lines
13 lines
30 lines
7 lines
test/
ELF/
62 lines

Diff 420253

lld/ELF/Config.h

Show First 20 LinesShow All 341 Lines▼ Show 20 Linesstruct Configuration {
// few 32-bit ABIs are using RELA too. // few 32-bit ABIs are using RELA too.
bool isRela; bool isRela;
// True if we are creating position-independent code. // True if we are creating position-independent code.
bool isPic; bool isPic;
// 4 for ELF32, 8 for ELF64. // 4 for ELF32, 8 for ELF64.
int wordsize; int wordsize;
// Mode of MTE to write to the ELF note. Should be one of NT_MEMTAG_ASYNC (for
// async), NT_MEMTAG_SYNC (for sync), or NT_MEMTAG_LEVEL_NONE (for none). If
// async or sync is enabled, write the ELF note specifying the default MTE
// mode.
int androidMemtagMode;
// Signal to the dynamic loader to enable heap MTE.
bool androidMemtagHeap;
// Signal to the dynamic loader that this binary expects stack MTE. Generally,
// this means to map the primary and thread stacks as PROT_MTE. Note: This is
// not supported on Android 11 & 12.
bool androidMemtagStack;
}; };
// The only instance of Configuration struct. // The only instance of Configuration struct.
extern std::unique_ptr<Configuration> config; extern std::unique_ptr<Configuration> config;
struct DuplicateSymbol { struct DuplicateSymbol {
const Symbol *sym; const Symbol *sym;
const InputFile *file; const InputFile *file;
Show All 34 Lines

lld/ELF/Driver.cpp

Show First 20 LinesShow All 699 Lines▼ Show 20 Linesstatic StringRef getDynamicLinker(opt::InputArgList &args) {
if (arg->getOption().getID() == OPT_no_dynamic_linker) { if (arg->getOption().getID() == OPT_no_dynamic_linker) {
// --no-dynamic-linker suppresses undefined weak symbols in .dynsym // --no-dynamic-linker suppresses undefined weak symbols in .dynsym
config->noDynamicLinker = true; config->noDynamicLinker = true;
return ""; return "";
} }
return arg->getValue(); return arg->getValue();
} }
static int getMemtagMode(opt::InputArgList &args) {
StringRef memtagModeArg = args.getLastArgValue(OPT_android_memtag_mode);
if (!config->androidMemtagHeap && !config->androidMemtagStack) {
if (!memtagModeArg.empty())
error("when using --android-memtag-mode, at least one of "
"--android-memtag-heap or "
"--android-memtag-stack is required");
return ELF::NT_MEMTAG_LEVEL_NONE;
}
if (memtagModeArg == "sync" || memtagModeArg.empty())
return ELF::NT_MEMTAG_LEVEL_SYNC;
if (memtagModeArg == "async")
return ELF::NT_MEMTAG_LEVEL_ASYNC;
if (memtagModeArg == "none")
return ELF::NT_MEMTAG_LEVEL_NONE;
error("unknown --android-memtag-mode value: \"" + memtagModeArg +
MaskRayUnsubmitted
Done
ReplyInline Actions

unknown --android-memtag-mode value: memtagModeArg, should be one of ...

MaskRay: `unknown --android-memtag-mode value: memtagModeArg, should be one of ...`
"\", should be one of {async, sync, none}");
return ELF::NT_MEMTAG_LEVEL_NONE;
}
static ICFLevel getICF(opt::InputArgList &args) { static ICFLevel getICF(opt::InputArgList &args) {
auto *arg = args.getLastArg(OPT_icf_none, OPT_icf_safe, OPT_icf_all); auto *arg = args.getLastArg(OPT_icf_none, OPT_icf_safe, OPT_icf_all);
if (!arg || arg->getOption().getID() == OPT_icf_none) if (!arg || arg->getOption().getID() == OPT_icf_none)
return ICFLevel::None; return ICFLevel::None;
if (arg->getOption().getID() == OPT_icf_safe) if (arg->getOption().getID() == OPT_icf_safe)
return ICFLevel::Safe; return ICFLevel::Safe;
return ICFLevel::All; return ICFLevel::All;
} }
▲ Show 20 LinesShow All 287 Lines▼ Show 20 Linesstatic void readConfigs(opt::InputArgList &args) {
errorHandler().verbose = args.hasArg(OPT_verbose); errorHandler().verbose = args.hasArg(OPT_verbose);
errorHandler().vsDiagnostics = errorHandler().vsDiagnostics =
args.hasArg(OPT_visual_studio_diagnostics_format, false); args.hasArg(OPT_visual_studio_diagnostics_format, false);
config->allowMultipleDefinition = config->allowMultipleDefinition =
args.hasFlag(OPT_allow_multiple_definition, args.hasFlag(OPT_allow_multiple_definition,
OPT_no_allow_multiple_definition, false) || OPT_no_allow_multiple_definition, false) ||
hasZOption(args, "muldefs"); hasZOption(args, "muldefs");
config->androidMemtagHeap =
args.hasFlag(OPT_android_memtag_heap, OPT_no_android_memtag_heap, false);
config->androidMemtagStack = args.hasFlag(OPT_android_memtag_stack,
OPT_no_android_memtag_stack, false);
config->androidMemtagMode = getMemtagMode(args);
config->auxiliaryList = args::getStrings(args, OPT_auxiliary); config->auxiliaryList = args::getStrings(args, OPT_auxiliary);
if (opt::Arg *arg = if (opt::Arg *arg =
args.getLastArg(OPT_Bno_symbolic, OPT_Bsymbolic_non_weak_functions, args.getLastArg(OPT_Bno_symbolic, OPT_Bsymbolic_non_weak_functions,
OPT_Bsymbolic_functions, OPT_Bsymbolic)) { OPT_Bsymbolic_functions, OPT_Bsymbolic)) {
if (arg->getOption().matches(OPT_Bsymbolic_non_weak_functions)) if (arg->getOption().matches(OPT_Bsymbolic_non_weak_functions))
config->bsymbolic = BsymbolicKind::NonWeakFunctions; config->bsymbolic = BsymbolicKind::NonWeakFunctions;
else if (arg->getOption().matches(OPT_Bsymbolic_functions)) else if (arg->getOption().matches(OPT_Bsymbolic_functions))
config->bsymbolic = BsymbolicKind::Functions; config->bsymbolic = BsymbolicKind::Functions;
▲ Show 20 LinesShow All 1,725 LinesShow Last 20 Lines

lld/ELF/Options.td

Show First 20 LinesShow All 712 Lines▼ Show 20 Lines
// Hidden option used to opt-in to additional output checks. // Hidden option used to opt-in to additional output checks.
defm check_dynamic_relocations: BB<"check-dynamic-relocations", defm check_dynamic_relocations: BB<"check-dynamic-relocations",
"Perform additional validation of the written dynamic relocations", "Perform additional validation of the written dynamic relocations",
"Do not perform additional validation of the written dynamic relocations">, "Do not perform additional validation of the written dynamic relocations">,
Flags<[HelpHidden]>; Flags<[HelpHidden]>;
defm load_pass_plugins: EEq<"load-pass-plugin", "Load passes from plugin library">; defm load_pass_plugins: EEq<"load-pass-plugin", "Load passes from plugin library">;
// Hidden options, used by clang's -fsanitize=memtag-* options to emit an ELF
// note to designate what kinds of memory (stack/heap) should be protected using
// ARM's MTE on armv8.5+. A binary's desire for stack MTE can't be obtained
// implicitly, so we have a specific bit in the note to signal to the loader to
// remap the stack as PROT_MTE.
defm android_memtag_stack: BB<"android-memtag-stack",
"Instruct the dynamic loader to prepare for MTE stack instrumentation", "">;
defm android_memtag_heap: BB<"android-memtag-heap",
"Instruct the dynamic loader to enable MTE protection for the heap", "">;
defm android_memtag_mode: EEq<"android-memtag-mode",
"Instruct the dynamic loader to start under MTE mode {async, sync, none}">;

lld/ELF/SyntheticSections.h

Show First 20 LinesShow All 1,181 Lines▼ Show 20 Lines
class PartitionIndexSection : public SyntheticSection { class PartitionIndexSection : public SyntheticSection {
public: public:
PartitionIndexSection(); PartitionIndexSection();
size_t getSize() const override; size_t getSize() const override;
void finalizeContents() override; void finalizeContents() override;
void writeTo(uint8_t *buf) override; void writeTo(uint8_t *buf) override;
}; };
// See the following link for the Android-specific loader code that operates on
// this section:
// https://cs.android.com/android/platform/superproject/+/master:bionic/libc/bionic/libc_init_static.cpp;drc=9425b16978f9c5aa8f2c50c873db470819480d1d;l=192
class MemtagAndroidNote : public SyntheticSection {
public:
MemtagAndroidNote()
: SyntheticSection(llvm::ELF::SHF_ALLOC, llvm::ELF::SHT_NOTE,
/*alignment=*/4, ".note.android.memtag") {}
void writeTo(uint8_t *buf) override;
size_t getSize() const override;
};
InputSection *createInterpSection(); InputSection *createInterpSection();
MergeInputSection *createCommentSection(); MergeInputSection *createCommentSection();
template <class ELFT> void splitSections(); template <class ELFT> void splitSections();
template <typename ELFT> void writeEhdr(uint8_t *buf, Partition &part); template <typename ELFT> void writeEhdr(uint8_t *buf, Partition &part);
template <typename ELFT> void writePhdrs(uint8_t *buf, Partition &part); template <typename ELFT> void writePhdrs(uint8_t *buf, Partition &part);
Defined *addSyntheticLocal(StringRef name, uint8_t type, uint64_t value, Defined *addSyntheticLocal(StringRef name, uint8_t type, uint64_t value,
Show All 14 Linesstruct Partition {
std::unique_ptr<BuildIdSection> buildId; std::unique_ptr<BuildIdSection> buildId;
std::unique_ptr<SyntheticSection> dynamic; std::unique_ptr<SyntheticSection> dynamic;
std::unique_ptr<StringTableSection> dynStrTab; std::unique_ptr<StringTableSection> dynStrTab;
std::unique_ptr<SymbolTableBaseSection> dynSymTab; std::unique_ptr<SymbolTableBaseSection> dynSymTab;
std::unique_ptr<EhFrameHeader> ehFrameHdr; std::unique_ptr<EhFrameHeader> ehFrameHdr;
std::unique_ptr<EhFrameSection> ehFrame; std::unique_ptr<EhFrameSection> ehFrame;
std::unique_ptr<GnuHashTableSection> gnuHashTab; std::unique_ptr<GnuHashTableSection> gnuHashTab;
std::unique_ptr<HashTableSection> hashTab; std::unique_ptr<HashTableSection> hashTab;
std::unique_ptr<MemtagAndroidNote> memtagAndroidNote;
std::unique_ptr<RelocationBaseSection> relaDyn; std::unique_ptr<RelocationBaseSection> relaDyn;
std::unique_ptr<RelrBaseSection> relrDyn; std::unique_ptr<RelrBaseSection> relrDyn;
std::unique_ptr<VersionDefinitionSection> verDef; std::unique_ptr<VersionDefinitionSection> verDef;
std::unique_ptr<SyntheticSection> verNeed; std::unique_ptr<SyntheticSection> verNeed;
std::unique_ptr<VersionTableSection> verSym; std::unique_ptr<VersionTableSection> verSym;
unsigned getNumber() const { return this - &partitions[0] + 1; } unsigned getNumber() const { return this - &partitions[0] + 1; }
}; };
▲ Show 20 LinesShow All 45 LinesShow Last 20 Lines

lld/ELF/SyntheticSections.cpp

Show All 26 Lines
#include "Writer.h" #include "Writer.h"
#include "lld/Common/CommonLinkerContext.h" #include "lld/Common/CommonLinkerContext.h"
#include "lld/Common/DWARF.h" #include "lld/Common/DWARF.h"
#include "lld/Common/Strings.h" #include "lld/Common/Strings.h"
#include "lld/Common/Version.h" #include "lld/Common/Version.h"
#include "llvm/ADT/SetOperations.h" #include "llvm/ADT/SetOperations.h"
#include "llvm/ADT/StringExtras.h" #include "llvm/ADT/StringExtras.h"
#include "llvm/BinaryFormat/Dwarf.h" #include "llvm/BinaryFormat/Dwarf.h"
#include "llvm/BinaryFormat/ELF.h"
#include "llvm/DebugInfo/DWARF/DWARFDebugPubTable.h" #include "llvm/DebugInfo/DWARF/DWARFDebugPubTable.h"
#include "llvm/Support/Endian.h" #include "llvm/Support/Endian.h"
#include "llvm/Support/LEB128.h" #include "llvm/Support/LEB128.h"
#include "llvm/Support/Parallel.h" #include "llvm/Support/Parallel.h"
#include "llvm/Support/TimeProfiler.h" #include "llvm/Support/TimeProfiler.h"
#include <cstdlib> #include <cstdlib>
using namespace llvm; using namespace llvm;
▲ Show 20 LinesShow All 3,799 Lines▼ Show 20 Linesvoid InStruct::reset() {
relaPlt.reset(); relaPlt.reset();
relaIplt.reset(); relaIplt.reset();
shStrTab.reset(); shStrTab.reset();
strTab.reset(); strTab.reset();
symTab.reset(); symTab.reset();
symTabShndx.reset(); symTabShndx.reset();
} }
constexpr char kMemtagAndroidNoteName[] = "Android";
void MemtagAndroidNote::writeTo(uint8_t *buf) {
assert(sizeof(kMemtagAndroidNoteName) == 8); // ABI check for Android 11 & 12.
assert((config->androidMemtagStack || config->androidMemtagHeap) &&
"Should only be synthesizing a note if heap || stack is enabled.");
write32(buf, sizeof(kMemtagAndroidNoteName));
MaskRayUnsubmitted
Done
ReplyInline Actions
"Should only be synthesizing a note if heap || stack is enabled.");
- write32(buf, sizeof(kMemtagAndroidNoteName)); // nhdr.n_namesz
+ write32(buf, sizeof(kMemtagAndroidNoteName)); // n_namesz
write32(buf + 4, sizeof(uint32_t)); // nhdr.n_descsz

This section is modeled on Elf64_Nhdr, so it's clear these fields are related to nhdr. No need to mention this again.

MaskRay: This section is modeled on Elf64_Nhdr, so it's clear these fields are related to `nhdr`. No…
write32(buf + 4, sizeof(uint32_t));
write32(buf + 8, ELF::NT_ANDROID_TYPE_MEMTAG);
MaskRayUnsubmitted
Done
ReplyInline Actions
write32(buf + 4, sizeof(uint32_t)); // nhdr.n_descsz
- write32(buf + 8, llvm::ELF::NT_ANDROID_TYPE_MEMTAG); // nhdr.n_type
+ write32(buf + 8, ELF::NT_ANDROID_TYPE_MEMTAG); // nhdr.n_type
memcpy(buf + 12, kMemtagAndroidNoteName, // name string
MaskRay:
memcpy(buf + 12, kMemtagAndroidNoteName, sizeof(kMemtagAndroidNoteName));
buf += 12 + sizeof(kMemtagAndroidNoteName);
uint32_t value = 0;
value |= config->androidMemtagMode;
if (config->androidMemtagHeap)
value |= ELF::NT_MEMTAG_HEAP;
// Note, MTE stack is an ABI break. Attempting to run an MTE stack-enabled
// binary on Android 11 or 12 will result in a checkfail in the loader.
if (config->androidMemtagStack)
value |= ELF::NT_MEMTAG_STACK;
write32(buf, value); // note value
}
size_t MemtagAndroidNote::getSize() const {
return sizeof(llvm::ELF::Elf64_Nhdr) +
/*namesz=*/sizeof(kMemtagAndroidNoteName) +
/*descsz=*/sizeof(uint32_t);
}
InStruct elf::in; InStruct elf::in;
std::vector<Partition> elf::partitions; std::vector<Partition> elf::partitions;
Partition *elf::mainPart; Partition *elf::mainPart;
template GdbIndexSection *GdbIndexSection::create<ELF32LE>(); template GdbIndexSection *GdbIndexSection::create<ELF32LE>();
template GdbIndexSection *GdbIndexSection::create<ELF32BE>(); template GdbIndexSection *GdbIndexSection::create<ELF32BE>();
template GdbIndexSection *GdbIndexSection::create<ELF64LE>(); template GdbIndexSection *GdbIndexSection::create<ELF64LE>();
▲ Show 20 LinesShow All 80 LinesShow Last 20 Lines

lld/ELF/Writer.cpp

Show First 20 LinesShow All 356 Lines▼ Show 20 Lines if (config->buildId != BuildIdKind::None) {
part.buildId = std::make_unique<BuildIdSection>(); part.buildId = std::make_unique<BuildIdSection>();
add(*part.buildId); add(*part.buildId);
} }
part.dynStrTab = std::make_unique<StringTableSection>(".dynstr", true); part.dynStrTab = std::make_unique<StringTableSection>(".dynstr", true);
part.dynSymTab = part.dynSymTab =
std::make_unique<SymbolTableSection<ELFT>>(*part.dynStrTab); std::make_unique<SymbolTableSection<ELFT>>(*part.dynStrTab);
part.dynamic = std::make_unique<DynamicSection<ELFT>>(); part.dynamic = std::make_unique<DynamicSection<ELFT>>();
if (config->emachine == EM_AARCH64 &&
config->androidMemtagMode != ELF::NT_MEMTAG_LEVEL_NONE) {
part.memtagAndroidNote = std::make_unique<MemtagAndroidNote>();
add(*part.memtagAndroidNote);
}
if (config->androidPackDynRelocs) if (config->androidPackDynRelocs)
part.relaDyn = part.relaDyn =
std::make_unique<AndroidPackedRelocationSection<ELFT>>(relaDynName); std::make_unique<AndroidPackedRelocationSection<ELFT>>(relaDynName);
else else
part.relaDyn = std::make_unique<RelocationSection<ELFT>>( part.relaDyn = std::make_unique<RelocationSection<ELFT>>(
relaDynName, config->zCombreloc); relaDynName, config->zCombreloc);
if (config->hasDynSymTab) { if (config->hasDynSymTab) {
▲ Show 20 LinesShow All 2,602 LinesShow Last 20 Lines

lld/test/ELF/aarch64-memtag-android-abi.s

  • This file was added.
# REQUIRES: aarch64
## Old versions of Android (Android 11 & 12) have very strict parsing logic on
## the layout of the ELF note. This test ensures that backwards compatibility is
MaskRayUnsubmitted
Done
ReplyInline Actions

This block of comments may be confusing to readers. Are the tags added to serve backward compatibility purposes for the old versions of Android, or are they needed by new Android?

MaskRay: This block of comments may be confusing to readers. Are the tags added to serve backward…
## maintained, i.e. new versions of the linker will still produce binaries that
## can be run on these versions of Android.
# RUN: llvm-mc --filetype=obj -triple=aarch64-none-linux-android %s -o %t.o
# RUN: ld.lld --android-memtag-mode=async --android-memtag-heap %t.o -o %t
MaskRayUnsubmitted
Done
ReplyInline Actions

"none-gnu" in -triple=aarch64-linux-none-gnu seems invalid.

Did you mean aarch64-none-linux-android?

MaskRay: "none-gnu" in -triple=aarch64-linux-none-gnu seems invalid. Did you mean aarch64-none-linux…
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,NOSTACK,ASYNC
MaskRayUnsubmitted
Done
ReplyInline Actions

(technically, any system that can parse ELF, but I'm not rewriting it in python to run on Windows...).

This sentence can be removed.

llvm-readelf -n is a robust way testing ELF note sections. There seems no point to use Python to dump the information.

MaskRay: > (technically, any system that can parse ELF, but I'm not rewriting it in python to run on…
# RUN: ld.lld --android-memtag-mode=sync --android-memtag-heap %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,NOSTACK,SYNC
# RUN: ld.lld --android-memtag-mode=async --android-memtag-stack %t.o -o %t
MaskRayUnsubmitted
Done
ReplyInline Actions

Nit: These llvm-readelf -n %t RUN lines do not need a wrap. They aren't so long.

MaskRay: Nit: These `llvm-readelf -n %t` RUN lines do not need a wrap. They aren't so long.
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,NOHEAP,STACK,ASYNC
# RUN: ld.lld --android-memtag-mode=sync --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,NOHEAP,STACK,SYNC
# RUN: ld.lld --android-memtag-mode=async --android-memtag-heap \
# RUN: --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,STACK,ASYNC
# RUN: ld.lld --android-memtag-mode=sync --android-memtag-heap \
# RUN: --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,STACK,SYNC
# RUN: ld.lld --android-memtag-heap %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,NOSTACK,SYNC
# RUN: ld.lld --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,NOHEAP,STACK,SYNC
# RUN: ld.lld --android-memtag-heap --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,STACK,SYNC
# NOTE: .note.android.memtag
# NOTE-NEXT: Owner
# NOTE-NEXT: Android 0x00000004 NT_ANDROID_TYPE_MEMTAG (Android memory tagging
# NOTE-SAME: information)
# ASYNC-NEXT: Tagging Mode: ASYNC
# SYNC-NEXT: Tagging Mode: SYNC
# HEAP-NEXT: Heap: Enabled
# NOHEAP-NEXT: Heap: Disabled
## As of Android 12, stack MTE is unimplemented. However, we pre-emptively emit
## a bit that signifies to the dynamic loader to map the primary and thread
## stacks as PROT_MTE, in preparation for the bionic support.
# STACK-NEXT: Stack: Enabled
# NOSTACK-NEXT: Stack: Disabled
# RUN: not ld.lld --android-memtag-mode=asymm --android-memtag-heap 2>&1 | \
# RUN: FileCheck %s --check-prefix=BAD-MODE
# BAD-MODE: unknown --android-memtag-mode value: "asymm", should be one of {async, sync, none}
# RUN: not ld.lld --android-memtag-mode=async 2>&1 | \
MaskRayUnsubmitted
Done
ReplyInline Actions

As of Android 12 stack MTE is unimplemented. ...

MaskRay: As of Android 12 stack MTE is unimplemented. ...
# RUN: FileCheck %s --check-prefix=MISSING-STACK-OR-HEAP
# MISSING-STACK-OR-HEAP: when using --android-memtag-mode, at least one of --android-memtag-heap or --android-memtag-stack is required
MaskRayUnsubmitted
Done
ReplyInline Actions

Align

MaskRay: Align
.globl _start
_start:
ret
MaskRayUnsubmitted
Done
ReplyInline Actions

Just place the message on one single line. This is more friendly to diagnostic search.
We don't enforce 80-line rule to test files anyway

MaskRay: Just place the message on one single line. This is more friendly to diagnostic search. We don't…