This is an archive of the discontinued LLVM Phabricator instance.

Differential D143769

[lld] [MTE] Add DT_AARCH64_MEMTAG_* dynamic entries, and small cleanup
ClosedPublic

Authored by hctim on Feb 10 2023, 10:56 AM.

Details

Reviewers
fmayer
MaskRay
Commits
rGc574e93afd2e: [lld] [MTE] Add DT_AARCH64_MEMTAG_* dynamic entries, and small cleanup
Summary

Adds the new AArch64-ABI dynamic entry generation to LLD. This will
allow Android to move from the Android-specific ELF note onto the
dynamic entries.

Change the behaviour of an unspecified --android-memtag-mode. Now, when
unspecified, this will print a warning that you're doing a no-op, rather
than implicitly turning on sync mode. This is important for MTE globals
later, where a binary containing static tagged global descriptors
shouldn't have MTE turned on without specific intent being passed to the
linker.

For now, continue to emit the Android ELF note by default. In future, we
can probably make it only emit the note when provided a flag.

Do a quick NFC-cleanup of the ELF note while we're here. It doesn't
change anything about the ELF note itself, but makes it more clear to
the reader of the code what alignment requirements are being (previously
implicitly) met.

Diff Detail

Event Timeline

hctim created this revision.Feb 10 2023, 10:56 AM
Herald added a reviewer: MaskRay. · View Herald TranscriptFeb 10 2023, 10:56 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: kristof.beyls, arichardson, emaste. · View Herald Transcript
hctim requested review of this revision.Feb 10 2023, 10:56 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 10 2023, 10:56 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
hctim added a parent revision: D143693: [llvm-readobj] Add --memtag.Feb 10 2023, 10:56 AM
fmayer added inline comments.Feb 10 2023, 11:02 AM
lld/ELF/SyntheticSections.cpp
3853

should we have a static_assert that this is aligned to 4 instead? this seems like a no op

3868

as above

hctim added inline comments.Feb 10 2023, 11:15 AM
lld/ELF/SyntheticSections.cpp
3853

yeah, it's a no-op.

there's also already a static_assert that the note name == 8 bytes, so adding an aligned-4 assert is probably unnecessary.

the reason why i put this here is because i wanted anyone who comes along and copy-paste implements an ELF note to not bugger up the alignment. for example, this caught me off guard when implementing an MTE globals note in the previous design. course, anyone implementing ELF notes should probably be consulting the manpage which does mention the alignment, but yeah, can be easy to miss.

WDYT?

MaskRay added inline comments.Feb 10 2023, 11:17 PM
lld/ELF/Driver.cpp
739

delete blank line

lld/ELF/SyntheticSections.cpp
3853

Keeping align LGTM, as it documents the code without introducing runtime overhead (optimized out).

lld/test/ELF/aarch64-memtag-android-abi.s
59

Mention warning: for warnings. Don't use -SAME just to wrap lines.

MaskRay added a comment.Feb 10 2023, 11:19 PM

Considering adding some documentation to lld/docs/ld.lld.1. It can contain more information than lld/ELF/Options.td

hctim marked 2 inline comments as done.Feb 13 2023, 10:01 AM
In D143769#4120139, @MaskRay wrote:

Considering adding some documentation to lld/docs/ld.lld.1. It can contain more information than lld/ELF/Options.td

I think it might be better to leave it off the manpage for now, given:

  1. MTE binaries should generally be linked via. an invocation of clang, much like other sanitizers.
  2. Right now, this is only an android-specific feature, so normal developers shouldn't be touching these flags, as it should all be done via. the build system. Not even NDK developers should be using them for now. Maybe once we genericize the API to be --aarch64 rather than --android, we can consider.
hctim updated this revision to Diff 497030.Feb 13 2023, 10:02 AM

Update the test a little to be explicit about warning/error, remove a newline.

Harbormaster completed remote builds in B213459: Diff 497030.Feb 13 2023, 11:01 AM
hctim added a comment.Feb 17 2023, 11:12 AM

@fmayer / @MaskRay , would you mind taking a quick second pass? thanks

MaskRay accepted this revision.Feb 17 2023, 2:08 PM

LGTM.

This revision is now accepted and ready to land.Feb 17 2023, 2:08 PM
fmayer accepted this revision.Feb 21 2023, 1:09 PM
This revision was landed with ongoing or failed builds.Mar 1 2023, 11:14 AM
Closed by commit rGc574e93afd2e: [lld] [MTE] Add DT_AARCH64_MEMTAG_* dynamic entries, and small cleanup (authored by hctim). · Explain Why
This revision was automatically updated to reflect the committed changes.
hctim added a commit: rGc574e93afd2e: [lld] [MTE] Add DT_AARCH64_MEMTAG_* dynamic entries, and small cleanup.

Revision Contents

PathSize
lld/
ELF/
20 lines
18 lines
test/
ELF/
66 lines

Diff 496554

lld/ELF/Driver.cpp

Show First 20 LinesShow All 730 Lines▼ Show 20 Lines if (arg->getOption().getID() == OPT_no_dynamic_linker) {
config->noDynamicLinker = true; config->noDynamicLinker = true;
return ""; return "";
} }
return arg->getValue(); return arg->getValue();
} }
static int getMemtagMode(opt::InputArgList &args) { static int getMemtagMode(opt::InputArgList &args) {
StringRef memtagModeArg = args.getLastArgValue(OPT_android_memtag_mode); StringRef memtagModeArg = args.getLastArgValue(OPT_android_memtag_mode);
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
if (memtagModeArg.empty()) {
if (config->androidMemtagStack)
warn("--android-memtag-mode is unspecified, leaving "
"--android-memtag-stack a no-op");
else if (config->androidMemtagHeap)
warn("--android-memtag-mode is unspecified, leaving "
"--android-memtag-heap a no-op");
return ELF::NT_MEMTAG_LEVEL_NONE;
}
if (!config->androidMemtagHeap && !config->androidMemtagStack) { if (!config->androidMemtagHeap && !config->androidMemtagStack) {
if (!memtagModeArg.empty())
error("when using --android-memtag-mode, at least one of " error("when using --android-memtag-mode, at least one of "
"--android-memtag-heap or " "--android-memtag-heap or "
"--android-memtag-stack is required"); "--android-memtag-stack is required");
return ELF::NT_MEMTAG_LEVEL_NONE; return ELF::NT_MEMTAG_LEVEL_NONE;
} }
if (memtagModeArg == "sync" || memtagModeArg.empty()) if (memtagModeArg == "sync")
return ELF::NT_MEMTAG_LEVEL_SYNC; return ELF::NT_MEMTAG_LEVEL_SYNC;
if (memtagModeArg == "async") if (memtagModeArg == "async")
return ELF::NT_MEMTAG_LEVEL_ASYNC; return ELF::NT_MEMTAG_LEVEL_ASYNC;
if (memtagModeArg == "none") if (memtagModeArg == "none")
return ELF::NT_MEMTAG_LEVEL_NONE; return ELF::NT_MEMTAG_LEVEL_NONE;
error("unknown --android-memtag-mode value: \"" + memtagModeArg + error("unknown --android-memtag-mode value: \"" + memtagModeArg +
"\", should be one of {async, sync, none}"); "\", should be one of {async, sync, none}");
▲ Show 20 LinesShow All 2,104 LinesShow Last 20 Lines

lld/ELF/SyntheticSections.cpp

Show First 20 LinesShow All 1,435 Lines▼ Show 20 Lines if (isMain && (in.relaPlt->isNeeded() || in.relaIplt->isNeeded())) {
addInt(DT_PLTREL, config->isRela ? DT_RELA : DT_REL); addInt(DT_PLTREL, config->isRela ? DT_RELA : DT_REL);
} }
if (config->emachine == EM_AARCH64) { if (config->emachine == EM_AARCH64) {
if (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) if (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
addInt(DT_AARCH64_BTI_PLT, 0); addInt(DT_AARCH64_BTI_PLT, 0);
if (config->zPacPlt) if (config->zPacPlt)
addInt(DT_AARCH64_PAC_PLT, 0); addInt(DT_AARCH64_PAC_PLT, 0);
if (config->androidMemtagMode != ELF::NT_MEMTAG_LEVEL_NONE) {
addInt(DT_AARCH64_MEMTAG_MODE, config->androidMemtagMode == NT_MEMTAG_LEVEL_ASYNC);
addInt(DT_AARCH64_MEMTAG_HEAP, config->androidMemtagHeap);
addInt(DT_AARCH64_MEMTAG_STACK, config->androidMemtagStack);
}
} }
addInSec(DT_SYMTAB, *part.dynSymTab); addInSec(DT_SYMTAB, *part.dynSymTab);
addInt(DT_SYMENT, sizeof(Elf_Sym)); addInt(DT_SYMENT, sizeof(Elf_Sym));
addInSec(DT_STRTAB, *part.dynStrTab); addInSec(DT_STRTAB, *part.dynStrTab);
addInt(DT_STRSZ, part.dynStrTab->getSize()); addInt(DT_STRSZ, part.dynStrTab->getSize());
if (!config->zText) if (!config->zText)
addInt(DT_TEXTREL, 0); addInt(DT_TEXTREL, 0);
▲ Show 20 LinesShow All 2,378 Lines▼ Show 20 Linesvoid InStruct::reset() {
shStrTab.reset(); shStrTab.reset();
strTab.reset(); strTab.reset();
symTab.reset(); symTab.reset();
symTabShndx.reset(); symTabShndx.reset();
} }
constexpr char kMemtagAndroidNoteName[] = "Android"; constexpr char kMemtagAndroidNoteName[] = "Android";
void MemtagAndroidNote::writeTo(uint8_t *buf) { void MemtagAndroidNote::writeTo(uint8_t *buf) {
static_assert(sizeof(kMemtagAndroidNoteName) == 8, static_assert(
"ABI check for Android 11 & 12."); sizeof(kMemtagAndroidNoteName) == 8,
assert((config->androidMemtagStack || config->androidMemtagHeap) && "Android 11 & 12 have an ABI that the note name is 8 bytes long. Keep it "
"Should only be synthesizing a note if heap || stack is enabled."); "that way for backwards compatibility.");
write32(buf, sizeof(kMemtagAndroidNoteName)); write32(buf, sizeof(kMemtagAndroidNoteName));
write32(buf + 4, sizeof(uint32_t)); write32(buf + 4, sizeof(uint32_t));
write32(buf + 8, ELF::NT_ANDROID_TYPE_MEMTAG); write32(buf + 8, ELF::NT_ANDROID_TYPE_MEMTAG);
memcpy(buf + 12, kMemtagAndroidNoteName, sizeof(kMemtagAndroidNoteName)); memcpy(buf + 12, kMemtagAndroidNoteName, sizeof(kMemtagAndroidNoteName));
buf += 12 + sizeof(kMemtagAndroidNoteName); buf += 12 + alignTo(sizeof(kMemtagAndroidNoteName), 4);
fmayerUnsubmitted
Not Done
ReplyInline Actions

should we have a static_assert that this is aligned to 4 instead? this seems like a no op

fmayer: should we have a static_assert that this is aligned to 4 instead? this seems like a no op
hctimAuthorUnsubmitted
Not Done
ReplyInline Actions

yeah, it's a no-op.

there's also already a static_assert that the note name == 8 bytes, so adding an aligned-4 assert is probably unnecessary.

the reason why i put this here is because i wanted anyone who comes along and copy-paste implements an ELF note to not bugger up the alignment. for example, this caught me off guard when implementing an MTE globals note in the previous design. course, anyone implementing ELF notes should probably be consulting the manpage which does mention the alignment, but yeah, can be easy to miss.

WDYT?

hctim: yeah, it's a no-op. there's also already a static_assert that the note name == 8 bytes, so…
MaskRayUnsubmitted
Not Done
ReplyInline Actions

Keeping align LGTM, as it documents the code without introducing runtime overhead (optimized out).

MaskRay: Keeping `align` LGTM, as it documents the code without introducing runtime overhead (optimized…
uint32_t value = 0; uint32_t value = 0;
value |= config->androidMemtagMode; value |= config->androidMemtagMode;
if (config->androidMemtagHeap) if (config->androidMemtagHeap)
value |= ELF::NT_MEMTAG_HEAP; value |= ELF::NT_MEMTAG_HEAP;
// Note, MTE stack is an ABI break. Attempting to run an MTE stack-enabled // Note, MTE stack is an ABI break. Attempting to run an MTE stack-enabled
// binary on Android 11 or 12 will result in a checkfail in the loader. // binary on Android 11 or 12 will result in a checkfail in the loader.
if (config->androidMemtagStack) if (config->androidMemtagStack)
value |= ELF::NT_MEMTAG_STACK; value |= ELF::NT_MEMTAG_STACK;
write32(buf, value); // note value write32(buf, value); // note value
} }
size_t MemtagAndroidNote::getSize() const { size_t MemtagAndroidNote::getSize() const {
return sizeof(llvm::ELF::Elf64_Nhdr) + return sizeof(llvm::ELF::Elf64_Nhdr) +
/*namesz=*/sizeof(kMemtagAndroidNoteName) + /*namesz=*/alignTo(sizeof(kMemtagAndroidNoteName), 4) +
fmayerUnsubmitted
Not Done
ReplyInline Actions

as above

fmayer: as above
/*descsz=*/sizeof(uint32_t); /*descsz=*/sizeof(uint32_t);
} }
void PackageMetadataNote::writeTo(uint8_t *buf) { void PackageMetadataNote::writeTo(uint8_t *buf) {
write32(buf, 4); write32(buf, 4);
write32(buf + 4, config->packageMetadata.size() + 1); write32(buf + 4, config->packageMetadata.size() + 1);
write32(buf + 8, FDO_PACKAGING_METADATA); write32(buf + 8, FDO_PACKAGING_METADATA);
memcpy(buf + 12, "FDO", 4); memcpy(buf + 12, "FDO", 4);
▲ Show 20 LinesShow All 97 LinesShow Last 20 Lines

lld/test/ELF/aarch64-memtag-android-abi.s

# REQUIRES: aarch64 # REQUIRES: aarch64
## Old versions of Android (Android 11 & 12) have very strict parsing logic on ## Old versions of Android (Android 11 & 12) have very strict parsing logic on
## the layout of the ELF note. This test ensures that backwards compatibility is ## the layout of the ELF note. This test ensures that backwards compatibility is
## maintained, i.e. new versions of the linker will still produce binaries that ## maintained, i.e. new versions of the linker will still produce binaries that
## can be run on these versions of Android. ## can be run on these versions of Android.
# RUN: llvm-mc --filetype=obj -triple=aarch64-none-linux-android %s -o %t.o # RUN: llvm-mc --filetype=obj -triple=aarch64-none-linux-android %s -o %t.o
# RUN: ld.lld --android-memtag-mode=async --android-memtag-heap %t.o -o %t # RUN: ld.lld -shared --android-memtag-mode=async --android-memtag-heap %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,NOSTACK,ASYNC # RUN: llvm-readelf --memtag %t | FileCheck %s --check-prefixes=CHECK,HEAP,NOSTACK,ASYNC
# RUN: ld.lld --android-memtag-mode=sync --android-memtag-heap %t.o -o %t # RUN: ld.lld -shared --android-memtag-mode=sync --android-memtag-heap %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,NOSTACK,SYNC # RUN: llvm-readelf --memtag %t | FileCheck %s --check-prefixes=CHECK,HEAP,NOSTACK,SYNC
# RUN: ld.lld --android-memtag-mode=async --android-memtag-stack %t.o -o %t # RUN: ld.lld -shared --android-memtag-mode=async --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,NOHEAP,STACK,ASYNC # RUN: llvm-readelf --memtag %t | FileCheck %s --check-prefixes=CHECK,NOHEAP,STACK,ASYNC
# RUN: ld.lld --android-memtag-mode=sync --android-memtag-stack %t.o -o %t # RUN: ld.lld -shared --android-memtag-mode=sync --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,NOHEAP,STACK,SYNC # RUN: llvm-readelf --memtag %t | FileCheck %s --check-prefixes=CHECK,NOHEAP,STACK,SYNC
# RUN: ld.lld --android-memtag-mode=async --android-memtag-heap \ # RUN: ld.lld -shared --android-memtag-mode=async --android-memtag-heap \
# RUN: --android-memtag-stack %t.o -o %t # RUN: --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,STACK,ASYNC # RUN: llvm-readelf --memtag %t | FileCheck %s --check-prefixes=CHECK,HEAP,STACK,ASYNC
# RUN: ld.lld --android-memtag-mode=sync --android-memtag-heap \ # RUN: ld.lld -shared --android-memtag-mode=sync --android-memtag-heap \
# RUN: --android-memtag-stack %t.o -o %t # RUN: --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,STACK,SYNC # RUN: llvm-readelf --memtag %t | FileCheck %s --check-prefixes=CHECK,HEAP,STACK,SYNC
# RUN: ld.lld --android-memtag-heap %t.o -o %t # RUN: ld.lld -shared --android-memtag-heap %t.o -o %t 2>&1 | \
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,NOSTACK,SYNC # RUN: FileCheck %s --check-prefixes=MISSING-MODE
# RUN: ld.lld -shared --android-memtag-stack %t.o -o %t 2>&1 | \
# RUN: FileCheck %s --check-prefixes=MISSING-MODE
# RUN: ld.lld -shared --android-memtag-heap --android-memtag-stack %t.o -o %t 2>&1 | \
# RUN: FileCheck %s --check-prefixes=MISSING-MODE
# MISSING-MODE: --android-memtag-mode is unspecified, leaving --android-memtag-{{(heap|stack)}} a no-op
# CHECK: Memtag Dynamic Entries
# SYNC: AARCH64_MEMTAG_MODE: Synchronous (0)
# ASYNC: AARCH64_MEMTAG_MODE: Asynchronous (1)
# HEAP: AARCH64_MEMTAG_HEAP: Enabled (1)
# NOHEAP: AARCH64_MEMTAG_HEAP: Disabled (0)
# STACK: AARCH64_MEMTAG_STACK: Enabled (1)
# NOSTACK: AARCH64_MEMTAG_STACK: Disabled (0)
# RUN: ld.lld --android-memtag-stack %t.o -o %t # CHECK: Memtag Android Note
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,NOHEAP,STACK,SYNC
# RUN: ld.lld --android-memtag-heap --android-memtag-stack %t.o -o %t
# RUN: llvm-readelf -n %t | FileCheck %s --check-prefixes=NOTE,HEAP,STACK,SYNC
# NOTE: .note.android.memtag
# NOTE-NEXT: Owner
# NOTE-NEXT: Android 0x00000004 NT_ANDROID_TYPE_MEMTAG (Android memory tagging
# NOTE-SAME: information)
# ASYNC-NEXT: Tagging Mode: ASYNC # ASYNC-NEXT: Tagging Mode: ASYNC
# SYNC-NEXT: Tagging Mode: SYNC # SYNC-NEXT: Tagging Mode: SYNC
# HEAP-NEXT: Heap: Enabled # HEAP-NEXT: Heap: Enabled
# NOHEAP-NEXT: Heap: Disabled # NOHEAP-NEXT: Heap: Disabled
## As of Android 12, stack MTE is unimplemented. However, we pre-emptively emit
## a bit that signifies to the dynamic loader to map the primary and thread
## stacks as PROT_MTE, in preparation for the bionic support.
# STACK-NEXT: Stack: Enabled # STACK-NEXT: Stack: Enabled
# NOSTACK-NEXT: Stack: Disabled # NOSTACK-NEXT: Stack: Disabled
# RUN: not ld.lld --android-memtag-mode=asymm --android-memtag-heap 2>&1 | \ # RUN: not ld.lld -shared --android-memtag-mode=asymm --android-memtag-heap 2>&1 | \
# RUN: FileCheck %s --check-prefix=BAD-MODE # RUN: FileCheck %s --check-prefix=BAD-MODE
# BAD-MODE: unknown --android-memtag-mode value: "asymm", should be one of {async, sync, none} # BAD-MODE: unknown --android-memtag-mode value: "asymm", should be one of {async, sync, none}
# RUN: not ld.lld --android-memtag-mode=async 2>&1 | \ # RUN: not ld.lld -shared --android-memtag-mode=async 2>&1 | \
# RUN: FileCheck %s --check-prefix=MISSING-STACK-OR-HEAP # RUN: FileCheck %s --check-prefix=MISSING-STACK-OR-HEAP
# MISSING-STACK-OR-HEAP: when using --android-memtag-mode, at least one of --android-memtag-heap or --android-memtag-stack is required # MISSING-STACK-OR-HEAP: when using --android-memtag-mode, at least one of
MaskRayUnsubmitted
Done
ReplyInline Actions

Mention warning: for warnings. Don't use -SAME just to wrap lines.

MaskRay: Mention `warning:` for warnings. Don't use `-SAME` just to wrap lines.
# MISSING-STACK-OR-HEAP-SAME: --android-memtag-heap or --android-memtag-stack is required
.globl _start .globl _start
_start: _start:
ret ret