This is an archive of the discontinued LLVM Phabricator instance.

Differential D74537

[LLD][ELF][AArch64] Change the semantics of -z pac-plt.
ClosedPublic

Authored by danielkiss on Feb 13 2020, 2:26 AM.

Details

Reviewers
peter.smith
espindola
MaskRay
grimar
Commits
rGb6162622c054: [LLD][ELF][AArch64] Change the semantics of -z pac-plt.
Summary

Generate PAC protected plt only when "-z pac-plt" is passed to the
linker. GNU toolchain generates when it is explicitly requested[1].
When pac-plt is requested then set the GNU_PROPERTY_AARCH64_FEATURE_1_PAC
note even when not all function compiled with PAC but issue a warning.
Harmonizing the warning style for BTI/PAC/IBT.
Generate BTI protected PLT if case of "-z force-bti".

[1] https://www.sourceware.org/ml/binutils/2019-03/msg00021.html

Diff Detail

Event Timeline

danielkiss created this revision.Feb 13 2020, 2:26 AM
Herald added a reviewer: espindola. · View Herald TranscriptFeb 13 2020, 2:26 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: llvm-commits, MaskRay, kristof.beyls and 2 others. · View Herald Transcript
peter.smith accepted this revision.Feb 13 2020, 6:11 AM

One query aside, this looks good to me. The original idea for glibc was to automatically have the dynamic loader sign the .plt.got entries on the presence of AARCH64_PAC_PLT, it turns out that those patches haven't been accepted in glibc yet. Android does not use lazy binding and marks the .plt.got as RELRO so PAC isn't much use there. I've marked as approved, but please wait a day or so to see if there are any comments from other timezones.

lld/ELF/Arch/AArch64.cpp
597

Unless I missed something, the || config->forceBTI shouldn't be necessary due to forceBTI always adding GNU_PROPERTY_AARCH64_FEATURE_1_BTI to all objects if it isn't there already.

// Driver.cpp
if (config->forceBTI && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) {
      warn(toString(f) + ": -z force-bti: file does not have "
                         "GNU_PROPERTY_AARCH64_FEATURE_1_BTI property");
      features |= GNU_PROPERTY_AARCH64_FEATURE_1_BTI;
    }
This revision is now accepted and ready to land.Feb 13 2020, 6:11 AM
peter.smith added reviewers: MaskRay, grimar.Feb 13 2020, 6:12 AM

Adding other regular reviewers.

danielkiss marked an inline comment as done.Feb 13 2020, 8:24 AM
danielkiss added inline comments.
lld/ELF/Arch/AArch64.cpp
597

lld/test/ELF/aarch64-feature-btipac.s:156 will fail without it because in that test the AArch64BtiPac::AArch64BtiPac() runs before the getAndFeatures().
I guess the PLT generation for the passed so runs before the flags are processed in the driver.

Herald added a subscriber: tatyana-krasnukha. · View Herald TranscriptFeb 13 2020, 8:24 AM
MaskRay added a comment.EditedFeb 13 2020, 8:57 PM

Unless I missed something, the || config->forceBTI shouldn't be necessary due to forceBTI always adding GNU_PROPERTY_AARCH64_FEATURE_1_BTI to all objects if it isn't there already.

Adding config->pacPlt to getTargetInfo() is problematic. getTargetInfo() is called twice.

readConfig(); // config->pacPlt is set. config->andFeatures is 0
target = getTarget();

config->andFeatures = getAndFeatures<ELFT>();
target = getTarget();

I think the following two changes should be dropped, i.e. applying

--- c/lld/ELF/Arch/AArch64.cpp
+++ w/lld/ELF/Arch/AArch64.cpp
@@ -595,4 +595,3 @@ private:
 AArch64BtiPac::AArch64BtiPac() {
-  btiHeader = (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) ||
-              config->forceBTI;
+  btiHeader = config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI;
   // A BTI (Branch Target Indicator) Plt Entry is only required if the
@@ -692,4 +691,4 @@ void AArch64BtiPac::writePlt(uint8_t *buf, const Symbol &sym,
 static TargetInfo *getTargetInfo() {
-  if ((config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) ||
-      config->pacPlt) {
+  if (config->andFeatures & (GNU_PROPERTY_AARCH64_FEATURE_1_BTI |
+                             GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) {
     static AArch64BtiPac t;

Committed 105a270028abb7a0237dd2af3ddba07471d8c49d to rename pacPlt to zPacPlt and forceBti to zForceBti after D71327. The patch will need a rebase.

The title needs a change. I don't think there is a bug, so fix may not be very appropriate.
The patch changes the semantics of -z pac-plt.

MaskRay accepted this revision.Feb 13 2020, 9:07 PM
MaskRay added inline comments.
lld/test/ELF/aarch64-feature-btipac.s
173

-NEXT:

MaskRay added inline comments.Feb 13 2020, 9:46 PM
lld/ELF/Arch/AArch64.cpp
597

See https://reviews.llvm.org/D74537#1875597

The change should be dropped.

693

The change should be dropped.

danielkiss updated this revision to Diff 244654.Feb 14 2020, 6:53 AM
danielkiss retitled this revision from [LLD][ELF][AArch64] Fix plt generation for PAC/BTI. to [LLD][ELF][AArch64] Change the semantics of -z pac-plt..
danielkiss marked 4 inline comments as done.
MaskRay added inline comments.Feb 14 2020, 4:52 PM
lld/ELF/Arch/AArch64.cpp
607

Unless I missed something, this change is not needed

lld/ELF/SyntheticSections.cpp
1404

Unless I missed something, this change is not needed

danielkiss marked 2 inline comments as done.Feb 15 2020, 2:18 AM
danielkiss added inline comments.
lld/ELF/Arch/AArch64.cpp
607

If all object has GNU_PROPERTY_AARCH64_FEATURE_1_PAC then it could trigger the PAC protected PLT generation that we want to avoid.
PAC protection for PLT is only needed when explicitly requested because usually it is not needed because PLT.GOT is in a read only memory.
With this change the PAC protected PLT will be generated only in case of -z pac-plt.

lld/ELF/SyntheticSections.cpp
1404

same as above.

MaskRay accepted this revision.Feb 15 2020, 8:49 AM

LG. This needs a pacPlt -> zPacPlt rebase.

danielkiss updated this revision to Diff 244886.EditedFeb 16 2020, 9:03 AM

Rebased to 105a270028ab and rename pacPlt to zPacPlt is applied.

MaskRay accepted this revision.Feb 16 2020, 1:45 PM
danielkiss added a comment.Feb 17 2020, 12:30 AM

Could you submit it on my behalf?

Closed by commit rGb6162622c054: [LLD][ELF][AArch64] Change the semantics of -z pac-plt. (authored by danielkiss). · Explain WhyFeb 18 2020, 1:01 AM
This revision was automatically updated to reflect the committed changes.
MaskRay mentioned this in rGd7cbfcf36ace: [ELF][AArch64] Fix potentially corrupted section content for PAC.Aug 5 2022, 6:25 PM

Revision Contents

PathSize
lld/
ELF/
Arch/
4 lines
12 lines
2 lines
test/
ELF/
2 lines
65 lines
33 lines

Diff 245095

lld/ELF/Arch/AArch64.cpp

Show First 20 LinesShow All 588 Lines▼ Show 20 Linesprivate:
bool btiHeader; // bti instruction needed in PLT Header bool btiHeader; // bti instruction needed in PLT Header
bool btiEntry; // bti instruction needed in PLT Entry bool btiEntry; // bti instruction needed in PLT Entry
bool pacEntry; // autia1716 instruction needed in PLT Entry bool pacEntry; // autia1716 instruction needed in PLT Entry
}; };
} // namespace } // namespace
AArch64BtiPac::AArch64BtiPac() { AArch64BtiPac::AArch64BtiPac() {
btiHeader = (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI); btiHeader = (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI);
// A BTI (Branch Target Indicator) Plt Entry is only required if the // A BTI (Branch Target Indicator) Plt Entry is only required if the
peter.smithUnsubmitted
Done
ReplyInline Actions

Unless I missed something, the || config->forceBTI shouldn't be necessary due to forceBTI always adding GNU_PROPERTY_AARCH64_FEATURE_1_BTI to all objects if it isn't there already.

// Driver.cpp
if (config->forceBTI && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) {
      warn(toString(f) + ": -z force-bti: file does not have "
                         "GNU_PROPERTY_AARCH64_FEATURE_1_BTI property");
      features |= GNU_PROPERTY_AARCH64_FEATURE_1_BTI;
    }
peter.smith: Unless I missed something, the || config->forceBTI shouldn't be necessary due to forceBTI…
danielkissAuthorUnsubmitted
Done
ReplyInline Actions

lld/test/ELF/aarch64-feature-btipac.s:156 will fail without it because in that test the AArch64BtiPac::AArch64BtiPac() runs before the getAndFeatures().
I guess the PLT generation for the passed so runs before the flags are processed in the driver.

danielkiss: lld/test/ELF/aarch64-feature-btipac.s:156 will fail without it because in that test the…
MaskRayUnsubmitted
Done
ReplyInline Actions

See https://reviews.llvm.org/D74537#1875597

The change should be dropped.

MaskRay: See https://reviews.llvm.org/D74537#1875597 The change should be dropped.
// address of the PLT entry can be taken by the program, which permits an // address of the PLT entry can be taken by the program, which permits an
// indirect jump to the PLT entry. This can happen when the address // indirect jump to the PLT entry. This can happen when the address
// of the PLT entry for a function is canonicalised due to the address of // of the PLT entry for a function is canonicalised due to the address of
// the function in an executable being taken by a shared library. // the function in an executable being taken by a shared library.
// FIXME: There is a potential optimization to omit the BTI if we detect // FIXME: There is a potential optimization to omit the BTI if we detect
// that the address of the PLT entry isn't taken. // that the address of the PLT entry isn't taken.
// The PAC PLT entries require dynamic loader support and this isn't known
// from properties in the objects, so we use the command line flag.
btiEntry = btiHeader && !config->shared; btiEntry = btiHeader && !config->shared;
pacEntry = (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_PAC); pacEntry = config->zPacPlt;
MaskRayUnsubmitted
Not Done
ReplyInline Actions

Unless I missed something, this change is not needed

MaskRay: Unless I missed something, this change is not needed
danielkissAuthorUnsubmitted
Done
ReplyInline Actions

If all object has GNU_PROPERTY_AARCH64_FEATURE_1_PAC then it could trigger the PAC protected PLT generation that we want to avoid.
PAC protection for PLT is only needed when explicitly requested because usually it is not needed because PLT.GOT is in a read only memory.
With this change the PAC protected PLT will be generated only in case of -z pac-plt.

danielkiss: If all object has GNU_PROPERTY_AARCH64_FEATURE_1_PAC then it could trigger the PAC protected…
if (btiEntry || pacEntry) { if (btiEntry || pacEntry) {
pltEntrySize = 24; pltEntrySize = 24;
ipltEntrySize = 24; ipltEntrySize = 24;
} }
} }
void AArch64BtiPac::writePltHeader(uint8_t *buf) const { void AArch64BtiPac::writePltHeader(uint8_t *buf) const {
▲ Show 20 LinesShow All 69 Lines▼ Show 20 Lines else
memcpy(buf + sizeof(addrInst), stdBr, sizeof(stdBr)); memcpy(buf + sizeof(addrInst), stdBr, sizeof(stdBr));
if (!btiEntry) if (!btiEntry)
// We didn't add the BTI c instruction so round out size with NOP. // We didn't add the BTI c instruction so round out size with NOP.
memcpy(buf + sizeof(addrInst) + sizeof(stdBr), nopData, sizeof(nopData)); memcpy(buf + sizeof(addrInst) + sizeof(stdBr), nopData, sizeof(nopData));
} }
static TargetInfo *getTargetInfo() { static TargetInfo *getTargetInfo() {
if (config->andFeatures & (GNU_PROPERTY_AARCH64_FEATURE_1_BTI | if (config->andFeatures & (GNU_PROPERTY_AARCH64_FEATURE_1_BTI |
GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) { GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) {
MaskRayUnsubmitted
Done
ReplyInline Actions

The change should be dropped.

MaskRay: The change should be dropped.
static AArch64BtiPac t; static AArch64BtiPac t;
return &t; return &t;
} }
static AArch64 t; static AArch64 t;
return &t; return &t;
} }
TargetInfo *getAArch64TargetInfo() { return getTargetInfo(); } TargetInfo *getAArch64TargetInfo() { return getTargetInfo(); }
} // namespace elf } // namespace elf
} // namespace lld } // namespace lld

lld/ELF/Driver.cpp

Show First 20 LinesShow All 1,730 Lines▼ Show 20 Linestemplate <class ELFT> static uint32_t getAndFeatures() {
if (config->emachine != EM_386 && config->emachine != EM_X86_64 && if (config->emachine != EM_386 && config->emachine != EM_X86_64 &&
config->emachine != EM_AARCH64) config->emachine != EM_AARCH64)
return 0; return 0;
uint32_t ret = -1; uint32_t ret = -1;
for (InputFile *f : objectFiles) { for (InputFile *f : objectFiles) {
uint32_t features = cast<ObjFile<ELFT>>(f)->andFeatures; uint32_t features = cast<ObjFile<ELFT>>(f)->andFeatures;
if (config->zForceBti && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) { if (config->zForceBti && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) {
warn(toString(f) + ": -z force-bti: file does not have BTI property"); warn(toString(f) + ": -z force-bti: file does not have "
"GNU_PROPERTY_AARCH64_FEATURE_1_BTI property");
features |= GNU_PROPERTY_AARCH64_FEATURE_1_BTI; features |= GNU_PROPERTY_AARCH64_FEATURE_1_BTI;
} else if (config->zForceIbt && } else if (config->zForceIbt &&
!(features & GNU_PROPERTY_X86_FEATURE_1_IBT)) { !(features & GNU_PROPERTY_X86_FEATURE_1_IBT)) {
warn(toString(f) + ": -z force-ibt: file does not have " warn(toString(f) + ": -z force-ibt: file does not have "
"GNU_PROPERTY_X86_FEATURE_1_IBT property"); "GNU_PROPERTY_X86_FEATURE_1_IBT property");
features |= GNU_PROPERTY_X86_FEATURE_1_IBT; features |= GNU_PROPERTY_X86_FEATURE_1_IBT;
} }
if (config->zPacPlt && !(features & GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) {
warn(toString(f) + ": -z pac-plt: file does not have "
"GNU_PROPERTY_AARCH64_FEATURE_1_PAC property");
features |= GNU_PROPERTY_AARCH64_FEATURE_1_PAC;
}
ret &= features; ret &= features;
} }
// Force enable pointer authentication Plt, we don't warn in this case as
// this does not require support in the object for correctness.
if (config->zPacPlt)
ret |= GNU_PROPERTY_AARCH64_FEATURE_1_PAC;
// Force enable Shadow Stack. // Force enable Shadow Stack.
if (config->zShstk) if (config->zShstk)
ret |= GNU_PROPERTY_X86_FEATURE_1_SHSTK; ret |= GNU_PROPERTY_X86_FEATURE_1_SHSTK;
return ret; return ret;
} }
// Do actual linking. Note that when this function is called, // Do actual linking. Note that when this function is called,
▲ Show 20 LinesShow All 296 LinesShow Last 20 Lines

lld/ELF/SyntheticSections.cpp

Show First 20 LinesShow All 1,395 Lines▼ Show 20 Lines default:
break; break;
} }
addInt(DT_PLTREL, config->isRela ? DT_RELA : DT_REL); addInt(DT_PLTREL, config->isRela ? DT_RELA : DT_REL);
} }
if (config->emachine == EM_AARCH64) { if (config->emachine == EM_AARCH64) {
if (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) if (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
addInt(DT_AARCH64_BTI_PLT, 0); addInt(DT_AARCH64_BTI_PLT, 0);
if (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_PAC) if (config->zPacPlt)
MaskRayUnsubmitted
Not Done
ReplyInline Actions

Unless I missed something, this change is not needed

MaskRay: Unless I missed something, this change is not needed
danielkissAuthorUnsubmitted
Done
ReplyInline Actions

same as above.

danielkiss: same as above.
addInt(DT_AARCH64_PAC_PLT, 0); addInt(DT_AARCH64_PAC_PLT, 0);
} }
addInSec(DT_SYMTAB, part.dynSymTab); addInSec(DT_SYMTAB, part.dynSymTab);
addInt(DT_SYMENT, sizeof(Elf_Sym)); addInt(DT_SYMENT, sizeof(Elf_Sym));
addInSec(DT_STRTAB, part.dynStrTab); addInSec(DT_STRTAB, part.dynStrTab);
addInt(DT_STRSZ, part.dynStrTab->getSize()); addInt(DT_STRSZ, part.dynStrTab->getSize());
if (!config->zText) if (!config->zText)
▲ Show 20 LinesShow All 2,380 LinesShow Last 20 Lines

lld/test/ELF/aarch64-feature-bti.s

Show First 20 LinesShow All 168 Lines▼ Show 20 Lines
# NOEX-NEXT: add x16, x16, #1032 # NOEX-NEXT: add x16, x16, #1032
# NOEX-NEXT: br x17 # NOEX-NEXT: br x17
## Force BTI entries with the -z force-bti command line option. Expect a warning ## Force BTI entries with the -z force-bti command line option. Expect a warning
## from the file without the .note.gnu.property. ## from the file without the .note.gnu.property.
# RUN: ld.lld %t.o %t2.o -z force-bti %t.so -o %tforcebti.exe 2>&1 | FileCheck --check-prefix=FORCE-WARN %s # RUN: ld.lld %t.o %t2.o -z force-bti %t.so -o %tforcebti.exe 2>&1 | FileCheck --check-prefix=FORCE-WARN %s
# FORCE-WARN: aarch64-feature-bti.s.tmp2.o: -z force-bti: file does not have BTI property # FORCE-WARN: aarch64-feature-bti.s.tmp2.o: -z force-bti: file does not have GNU_PROPERTY_AARCH64_FEATURE_1_BTI property
# RUN: llvm-readelf -n %tforcebti.exe | FileCheck --check-prefix=BTIPROP %s # RUN: llvm-readelf -n %tforcebti.exe | FileCheck --check-prefix=BTIPROP %s
# RUN: llvm-readelf --dynamic-table %tforcebti.exe | FileCheck --check-prefix BTIDYN %s # RUN: llvm-readelf --dynamic-table %tforcebti.exe | FileCheck --check-prefix BTIDYN %s
# RUN: llvm-objdump -d -mattr=+bti --no-show-raw-insn %tforcebti.exe | FileCheck --check-prefix=FORCE %s # RUN: llvm-objdump -d -mattr=+bti --no-show-raw-insn %tforcebti.exe | FileCheck --check-prefix=FORCE %s
# FORCE: Disassembly of section .text: # FORCE: Disassembly of section .text:
# FORCE: 0000000000210370 func1: # FORCE: 0000000000210370 func1:
Show All 39 Lines

lld/test/ELF/aarch64-feature-btipac.s

Show All 19 Lines
# BTIPACSO-NEXT: ret # BTIPACSO-NEXT: ret
# BTIPACSO: 0000000000010350 func3: # BTIPACSO: 0000000000010350 func3:
# BTIPACSO-NEXT: 10350: ret # BTIPACSO-NEXT: 10350: ret
# BTIPACSO: Disassembly of section .plt: # BTIPACSO: Disassembly of section .plt:
# BTIPACSO: 0000000000010360 .plt: # BTIPACSO: 0000000000010360 .plt:
# BTIPACSO-NEXT: 10360: bti c # BTIPACSO-NEXT: 10360: bti c
# BTIPACSO-NEXT: stp x16, x30, [sp, #-16]! # BTIPACSO-NEXT: stp x16, x30, [sp, #-16]!
# BTIPACSO-NEXT: adrp x16, #131072 # BTIPACSO-NEXT: adrp x16, #131072
# BTIPACSO-NEXT: ldr x17, [x16, #1160] # BTIPACSO-NEXT: ldr x17, [x16, #1136]
# BTIPACSO-NEXT: add x16, x16, #1160 # BTIPACSO-NEXT: add x16, x16, #1136
# BTIPACSO-NEXT: br x17 # BTIPACSO-NEXT: br x17
# BTIPACSO-NEXT: nop # BTIPACSO-NEXT: nop
# BTIPACSO-NEXT: nop # BTIPACSO-NEXT: nop
# BTIPACSO: 0000000000010380 func3@plt: # BTIPACSO: 0000000000010380 func3@plt:
# BTIPACSO-NEXT: 10380: adrp x16, #131072 # BTIPACSO-NEXT: 10380: adrp x16, #131072
# BTIPACSO-NEXT: ldr x17, [x16, #1168] # BTIPACSO-NEXT: ldr x17, [x16, #1144]
# BTIPACSO-NEXT: add x16, x16, #1168 # BTIPACSO-NEXT: add x16, x16, #1144
# BTIPACSO-NEXT: autia1716
# BTIPACSO-NEXT: br x17 # BTIPACSO-NEXT: br x17
# BTIPACSO-NEXT: nop
# BTIPACPROP: Properties: aarch64 feature: BTI, PAC # BTIPACPROP: Properties: aarch64 feature: BTI, PAC
# BTIPACDYN: 0x0000000070000001 (AARCH64_BTI_PLT) # BTIPACDYN: 0x0000000070000001 (AARCH64_BTI_PLT)
# BTIPACDYN: 0x0000000070000003 (AARCH64_PAC_PLT) # BTIPACDYN-NOT: 0x0000000070000003 (AARCH64_PAC_PLT)
## Make an executable with both BTI and PAC properties. Expect: ## Make an executable with both BTI and PAC properties. Expect:
## PLT[0] bti c as first instruction ## PLT[0] bti c as first instruction
## PLT[n] bti n as first instruction, autia1716 before br x17 ## PLT[n] bti n as first instruction
# RUN: ld.lld %t.o %t3btipac.o %t.so -o %t.exe # RUN: ld.lld %t.o %t3btipac.o %t.so -o %t.exe
# RUN: llvm-readelf -n %t.exe | FileCheck --check-prefix=BTIPACPROP %s # RUN: llvm-readelf -n %t.exe | FileCheck --check-prefix=BTIPACPROP %s
# RUN: llvm-objdump -d -mattr=+v8.5a --no-show-raw-insn %t.exe | FileCheck --check-prefix BTIPACEX %s # RUN: llvm-objdump -d -mattr=+v8.5a --no-show-raw-insn %t.exe | FileCheck --check-prefix BTIPACEX %s
# RUN: llvm-readelf --dynamic-table %t.exe | FileCheck --check-prefix BTIPACDYN %s # RUN: llvm-readelf --dynamic-table %t.exe | FileCheck --check-prefix BTIPACDYNEX %s
# BTIPACEX: Disassembly of section .text: # BTIPACEX: Disassembly of section .text:
# BTIPACEX: 0000000000210370 func1: # BTIPACEX: 0000000000210370 func1:
# BTIPACEX-NEXT: 210370: bl #48 <func2@plt> # BTIPACEX-NEXT: 210370: bl #48 <func2@plt>
# BTIPACEX-NEXT: ret # BTIPACEX-NEXT: ret
# BTIPACEX-NEXT: ret # BTIPACEX-NEXT: ret
# BTIPACEX: 000000000021037c func3: # BTIPACEX: 000000000021037c func3:
# BTIPACEX-NEXT: 21037c: ret # BTIPACEX-NEXT: 21037c: ret
# BTIPACEX: Disassembly of section .plt: # BTIPACEX: Disassembly of section .plt:
# BTIPACEX: 0000000000210380 .plt: # BTIPACEX: 0000000000210380 .plt:
# BTIPACEX-NEXT: 210380: bti c # BTIPACEX-NEXT: 210380: bti c
# BTIPACEX-NEXT: stp x16, x30, [sp, #-16]! # BTIPACEX-NEXT: stp x16, x30, [sp, #-16]!
# BTIPACEX-NEXT: adrp x16, #131072 # BTIPACEX-NEXT: adrp x16, #131072
# BTIPACEX-NEXT: ldr x17, [x16, #1208] # BTIPACEX-NEXT: ldr x17, [x16, #1192]
# BTIPACEX-NEXT: add x16, x16, #1208 # BTIPACEX-NEXT: add x16, x16, #1192
# BTIPACEX-NEXT: br x17 # BTIPACEX-NEXT: br x17
# BTIPACEX-NEXT: nop # BTIPACEX-NEXT: nop
# BTIPACEX-NEXT: nop # BTIPACEX-NEXT: nop
# BTIPACEX: 00000000002103a0 func2@plt: # BTIPACEX: 00000000002103a0 func2@plt:
# BTIPACEX-NEXT: 2103a0: bti c # BTIPACEX-NEXT: 2103a0: bti c
# BTIPACEX-NEXT: adrp x16, #131072 # BTIPACEX-NEXT: adrp x16, #131072
# BTIPACEX-NEXT: ldr x17, [x16, #1216] # BTIPACEX-NEXT: ldr x17, [x16, #1200]
# BTIPACEX-NEXT: add x16, x16, #1216 # BTIPACEX-NEXT: add x16, x16, #1200
# BTIPACEX-NEXT: autia1716
# BTIPACEX-NEXT: br x17 # BTIPACEX-NEXT: br x17
# BTIPACDYNEX: 0x0000000070000001 (AARCH64_BTI_PLT)
# BTIPACDYNEX-NOT: 0x0000000070000003 (AARCH64_PAC_PLT)
## Check that combinations of BTI+PAC with 0 properties results in standard PLT ## Check that combinations of BTI+PAC with 0 properties results in standard PLT
# RUN: ld.lld %t.o %t3.o %t.so -o %t.exe # RUN: ld.lld %t.o %t3.o %t.so -o %t.exe
# RUN: llvm-objdump -d -mattr=+v8.5a --no-show-raw-insn %t.exe | FileCheck --check-prefix EX %s # RUN: llvm-objdump -d -mattr=+v8.5a --no-show-raw-insn %t.exe | FileCheck --check-prefix EX %s
# RUN: llvm-readelf --dynamic-table %t.exe | FileCheck --check-prefix=NODYN %s # RUN: llvm-readelf --dynamic-table %t.exe | FileCheck --check-prefix=NODYN %s
# EX: Disassembly of section .text: # EX: Disassembly of section .text:
# EX: 00000000002102e0 func1: # EX: 00000000002102e0 func1:
Show All 19 Lines
# EX-NEXT: br x17 # EX-NEXT: br x17
# NODYN-NOT: 0x0000000070000001 (AARCH64_BTI_PLT) # NODYN-NOT: 0x0000000070000001 (AARCH64_BTI_PLT)
# NODYN-NOT: 0x0000000070000003 (AARCH64_PAC_PLT) # NODYN-NOT: 0x0000000070000003 (AARCH64_PAC_PLT)
## Check that combination of -z pac-plt and -z force-bti warns for the file that ## Check that combination of -z pac-plt and -z force-bti warns for the file that
## doesn't contain the BTI property, but generates PAC and BTI PLT sequences. ## doesn't contain the BTI property, but generates PAC and BTI PLT sequences.
## The -z pac-plt doesn't warn as it is not required for correctness. ## The -z pac-plt doesn't warn as it is not required for correctness.
## Expect:
## PLT[0] bti c as first instruction
## PLT[n] bti n as first instruction, autia1716 before br x17
# RUN: ld.lld %t.o %t3.o %t.so -z pac-plt -z force-bti -o %t.exe 2>&1 | FileCheck --check-prefix=FORCE-WARN %s # RUN: ld.lld %t.o %t3.o %t.so -z pac-plt -z force-bti -o %t.exe 2>&1 | FileCheck --check-prefix=FORCE-WARN %s
# FORCE-WARN: aarch64-feature-btipac.s.tmp3.o: -z force-bti: file does not have BTI property # FORCE-WARN: aarch64-feature-btipac.s.tmp3.o: -z force-bti: file does not have GNU_PROPERTY_AARCH64_FEATURE_1_BTI property
# RUN: llvm-readelf -n %t.exe | FileCheck --check-prefix=BTIPACPROP %s # RUN: llvm-readelf -n %t.exe | FileCheck --check-prefix=BTIPACPROP %s
# RUN: llvm-objdump -d -mattr=+v8.5a --no-show-raw-insn %t.exe | FileCheck --check-prefix BTIPACEX %s # RUN: llvm-objdump -d -mattr=+v8.5a --no-show-raw-insn %t.exe | FileCheck --check-prefix BTIPACEX2 %s
# RUN: llvm-readelf --dynamic-table %t.exe | FileCheck --check-prefix BTIPACDYN %s # RUN: llvm-readelf --dynamic-table %t.exe | FileCheck --check-prefix BTIPACDYN2 %s
.section ".note.gnu.property", "a" .section ".note.gnu.property", "a"
.long 4 .long 4
.long 0x10 .long 0x10
.long 0x5 .long 0x5
.asciz "GNU" .asciz "GNU"
.long 0xc0000000 // GNU_PROPERTY_AARCH64_FEATURE_1_AND .long 0xc0000000 // GNU_PROPERTY_AARCH64_FEATURE_1_AND
.long 4 .long 4
.long 3 // GNU_PROPERTY_AARCH64_FEATURE_1_BTI and PAC .long 3 // GNU_PROPERTY_AARCH64_FEATURE_1_BTI and PAC
.long 0 .long 0
.text .text
.globl _start .globl _start
.type func1,%function .type func1,%function
func1: func1:
bl func2 bl func2
ret ret
.globl func3 .globl func3
.type func3,%function .type func3,%function
ret ret
# BTIPACEX2: Disassembly of section .text:
# BTIPACEX2: 0000000000210370 func1:
# BTIPACEX2-NEXT: 210370: bl #48 <func2@plt>
# BTIPACEX2-NEXT: ret
# BTIPACEX2-NEXT: ret
# BTIPACEX2: 000000000021037c func3:
# BTIPACEX2-NEXT: 21037c: ret
# BTIPACEX2: Disassembly of section .plt:
# BTIPACEX2: 0000000000210380 .plt:
# BTIPACEX2-NEXT: 210380: bti c
# BTIPACEX2-NEXT: stp x16, x30, [sp, #-16]!
# BTIPACEX2-NEXT: adrp x16, #131072
# BTIPACEX2-NEXT: ldr x17, [x16, #1208]
# BTIPACEX2-NEXT: add x16, x16, #1208
# BTIPACEX2-NEXT: br x17
# BTIPACEX2-NEXT: nop
# BTIPACEX2-NEXT: nop
# BTIPACEX2: 00000000002103a0 func2@plt:
# BTIPACEX2-NEXT: 2103a0: bti c
# BTIPACEX2-NEXT: adrp x16, #131072
# BTIPACEX2-NEXT: ldr x17, [x16, #1216]
# BTIPACEX2-NEXT: add x16, x16, #1216
# BTIPACEX2-NEXT: autia1716
# BTIPACEX2-NEXT: br x17
# BTIPACDYN2: 0x0000000070000001 (AARCH64_BTI_PLT)
# BTIPACDYN2-NEXT: 0x0000000070000003 (AARCH64_PAC_PLT)
MaskRayUnsubmitted
Done
ReplyInline Actions

-NEXT:

MaskRay: `-NEXT:`
No newline at end of file

lld/test/ELF/aarch64-feature-pac.s

Show All 26 Lines
# NOPAC-NEXT: nop # NOPAC-NEXT: nop
# NOPAC-NEXT: nop # NOPAC-NEXT: nop
# NOPAC: 00000000000102f0 func3@plt: # NOPAC: 00000000000102f0 func3@plt:
# NOPAC-NEXT: 102f0: adrp x16, #131072 # NOPAC-NEXT: 102f0: adrp x16, #131072
# NOPAC-NEXT: ldr x17, [x16, #968] # NOPAC-NEXT: ldr x17, [x16, #968]
# NOPAC-NEXT: add x16, x16, #968 # NOPAC-NEXT: add x16, x16, #968
# NOPAC-NEXT: br x17 # NOPAC-NEXT: br x17
# SOGOTPLT: Hex dump of section '.got.plt':
# SOGOTPLT-NEXT: 0x000303b0 00000000 00000000 00000000 00000000
# SOGOTPLT-NEXT: 0x000303c0 00000000 00000000 d0020100 00000000
# NOPACDYN-NOT: 0x0000000070000001 (AARCH64_BTI_PLT) # NOPACDYN-NOT: 0x0000000070000001 (AARCH64_BTI_PLT)
# NOPACDYN-NOT: 0x0000000070000003 (AARCH64_PAC_PLT) # NOPACDYN-NOT: 0x0000000070000003 (AARCH64_PAC_PLT)
# RUN: ld.lld %t1.o %t3.o --shared --soname=t.so -o %t.so # RUN: ld.lld %t1.o %t3.o --shared --soname=t.so -o %t.so
# RUN: llvm-readelf -n %t.so | FileCheck --check-prefix PACPROP %s # RUN: llvm-readelf -n %t.so | FileCheck --check-prefix PACPROP %s
# RUN: llvm-objdump -d -mattr=+v8.3a --no-show-raw-insn %t.so | FileCheck --check-prefix PACSO %s # RUN: llvm-objdump -d -mattr=+v8.3a --no-show-raw-insn %t.so | FileCheck --check-prefix PACSO %s
# RUN: llvm-readelf -x .got.plt %t.so | FileCheck --check-prefix SOGOTPLT2 %s # RUN: llvm-readelf -x .got.plt %t.so | FileCheck --check-prefix SOGOTPLT2 %s
# RUN: llvm-readelf --dynamic-table %t.so | FileCheck --check-prefix PACDYN %s # RUN: llvm-readelf --dynamic-table %t.so | FileCheck --check-prefix PACDYN %s
## PAC has no effect on PLT[0], for PLT[N] autia1716 is used to authenticate ## PAC has no effect on PLT[0], for PLT[N].
## the address in x17 (context in x16) before branching to it. The dynamic
## loader is responsible for calling pacia1716 on the entry.
# PACSO: 0000000000010348 func2: # PACSO: 0000000000010348 func2:
# PACSO-NEXT: 10348: bl #56 <func3@plt> # PACSO-NEXT: 10348: bl #56 <func3@plt>
# PACSO-NEXT: ret # PACSO-NEXT: ret
# PACSO: 0000000000010350 func3: # PACSO: 0000000000010350 func3:
# PACSO-NEXT: 10350: ret # PACSO-NEXT: 10350: ret
# PACSO: Disassembly of section .plt: # PACSO: Disassembly of section .plt:
# PACSO: 0000000000010360 .plt: # PACSO: 0000000000010360 .plt:
# PACSO-NEXT: 10360: stp x16, x30, [sp, #-16]! # PACSO-NEXT: 10360: stp x16, x30, [sp, #-16]!
# PACSO-NEXT: adrp x16, #131072 # PACSO-NEXT: adrp x16, #131072
# PACSO-NEXT: ldr x17, [x16, #1144] # PACSO-NEXT: ldr x17, [x16, #1120]
# PACSO-NEXT: add x16, x16, #1144 # PACSO-NEXT: add x16, x16, #1120
# PACSO-NEXT: br x17 # PACSO-NEXT: br x17
# PACSO-NEXT: nop # PACSO-NEXT: nop
# PACSO-NEXT: nop # PACSO-NEXT: nop
# PACSO-NEXT: nop # PACSO-NEXT: nop
# PACSO: 0000000000010380 func3@plt: # PACSO: 0000000000010380 func3@plt:
# PACSO-NEXT: 10380: adrp x16, #131072 # PACSO-NEXT: 10380: adrp x16, #131072
# PACSO-NEXT: ldr x17, [x16, #1152] # PACSO-NEXT: ldr x17, [x16, #1128]
# PACSO-NEXT: add x16, x16, #1152 # PACSO-NEXT: add x16, x16, #1128
# PACSO-NEXT: autia1716
# PACSO-NEXT: br x17 # PACSO-NEXT: br x17
# PACSO-NEXT: nop
# SOGOTPLT: Hex dump of section '.got.plt':
# SOGOTPLT-NEXT: 0x000303b0 00000000 00000000 00000000 00000000
# SOGOTPLT-NEXT: 0x000303c0 00000000 00000000 d0020100 00000000
# SOGOTPLT2: Hex dump of section '.got.plt': # SOGOTPLT2: Hex dump of section '.got.plt':
# SOGOTPLT2-NEXT: 0x00030468 00000000 00000000 00000000 00000000 # SOGOTPLT2-NEXT: 0x00030450 00000000 00000000 00000000 00000000
# SOGOTPLT2-NEXT: 0x00030478 00000000 00000000 60030100 00000000 # SOGOTPLT2-NEXT: 0x00030460 00000000 00000000 60030100 00000000
# PACPROP: Properties: aarch64 feature: PAC # PACPROP: Properties: aarch64 feature: PAC
# PACDYN-NOT: 0x0000000070000001 (AARCH64_BTI_PLT) # PACDYN-NOT: 0x0000000070000001 (AARCH64_BTI_PLT)
# PACDYN: 0x0000000070000003 (AARCH64_PAC_PLT) # PACDYN-NOT: 0x0000000070000003 (AARCH64_PAC_PLT)
## Turn on PAC entries with the -z pac-plt command line option. There are no ## Turn on PAC entries with the -z pac-plt command line option. There are no
## warnings in this case as the choice to use PAC in PLT entries is orthogonal ## warnings in this case as the choice to use PAC in PLT entries is orthogonal
## to the choice of using PAC in relocatable objects. The presence of the PAC ## to the choice of using PAC in relocatable objects. The presence of the PAC
## .note.gnu.property is an indication of preference by the relocatable object. ## .note.gnu.property is an indication of preference by the relocatable object.
# RUN: ld.lld %t.o %t2.o -z pac-plt %t.so -o %tpacplt.exe # RUN: ld.lld %t.o %t2.o -z pac-plt %t.so -o %tpacplt.exe
# RUN: llvm-readelf -n %tpacplt.exe | FileCheck --check-prefix=PACPROP %s # RUN: llvm-readelf -n %tpacplt.exe | FileCheck --check-prefix=PACPROP %s
# RUN: llvm-readelf --dynamic-table %tpacplt.exe | FileCheck --check-prefix PACDYN %s # RUN: llvm-readelf --dynamic-table %tpacplt.exe | FileCheck --check-prefix PACDYN2 %s
# RUN: llvm-objdump -d -mattr=+v8.3a --no-show-raw-insn %tpacplt.exe | FileCheck --check-prefix PACPLT %s # RUN: llvm-objdump -d -mattr=+v8.3a --no-show-raw-insn %tpacplt.exe | FileCheck --check-prefix PACPLT %s
# PACPLT: Disassembly of section .text: # PACPLT: Disassembly of section .text:
# PACPLT: 0000000000210370 func1: # PACPLT: 0000000000210370 func1:
# PACPLT-NEXT: 210370: bl #48 <func2@plt> # PACPLT-NEXT: 210370: bl #48 <func2@plt>
# PACPLT-NEXT: ret # PACPLT-NEXT: ret
# PACPLT: 0000000000210378 func3: # PACPLT: 0000000000210378 func3:
# PACPLT-NEXT: 210378: ret # PACPLT-NEXT: 210378: ret
Show All 10 Lines
# PACPLT: 00000000002103a0 func2@plt: # PACPLT: 00000000002103a0 func2@plt:
# PACPLT-NEXT: 2103a0: adrp x16, #131072 # PACPLT-NEXT: 2103a0: adrp x16, #131072
# PACPLT-NEXT: ldr x17, [x16, #1200] # PACPLT-NEXT: ldr x17, [x16, #1200]
# PACPLT-NEXT: add x16, x16, #1200 # PACPLT-NEXT: add x16, x16, #1200
# PACPLT-NEXT: autia1716 # PACPLT-NEXT: autia1716
# PACPLT-NEXT: br x17 # PACPLT-NEXT: br x17
# PACPLT-NEXT: nop # PACPLT-NEXT: nop
# PACDYN2-NOT: 0x0000000070000001 (AARCH64_BTI_PLT)
# PACDYN2: 0x0000000070000003 (AARCH64_PAC_PLT)
.section ".note.gnu.property", "a" .section ".note.gnu.property", "a"
.long 4 .long 4
.long 0x10 .long 0x10
.long 0x5 .long 0x5
.asciz "GNU" .asciz "GNU"
.long 0xc0000000 // GNU_PROPERTY_AARCH64_FEATURE_1_AND .long 0xc0000000 // GNU_PROPERTY_AARCH64_FEATURE_1_AND
.long 4 .long 4
Show All 9 Lines