1313.. _CPPABI64 : https://github.com/ARM-software/abi-aa/releases
1414.. _LSB : https://refspecs.linuxfoundation.org/LSB_1.2.0/gLSB/noteabitag.html
1515.. _SCO-ELF : http://www.sco.com/developers/gabi/
16+ .. _SYSVABI64 : https://github.com/ARM-software/abi-aa/releases
1617.. _TLSDESC : http://www.fsfla.org/~lxoliva/writeups/TLS/paper-lk2006.pdf
1718.. _LINUX_ABI : https://github.com/hjl-tools/linux-abi/wiki
1819.. footer ::
@@ -234,6 +235,8 @@ changes to the content of the document for that release.
234235 | 2023Q3 | 6\ :sup: `th` October 2023 | Update tags in `Dynamic Section `_ to avoid conflict with |
235236 | | | DT_AARCH64_VARIANT_PCS. |
236237 +------------+-----------------------------+------------------------------------------------------------------+
238+ | 2024Q1 | 29\ :sup: `th` January 2024 | Update preferred ELF marking scheme to be GNU property based |
239+ +------------+-----------------------------+------------------------------------------------------------------+
237240
238241References
239242----------
@@ -257,11 +260,14 @@ This document refers to, or is referred to by, the following documents.
257260 +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+
258261 | SCO-ELF _ | http://www.sco.com/developers/gabi/ | System V Application Binary Interface – DRAFT |
259262 +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+
263+ | SYSVABI64 _ | sysvabi64 | System V Application Binary Interface (ABI) for the Arm 64-bit |
264+ | | | Architecture |
265+ +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+
260266 | TLSDESC _ | http://www.fsfla.org/~lxoliva/writeups/TLS/paper-lk2006.pdf | TLS Descriptors for Arm. Original proposal document |
261267 +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+
262268 | `GABI_SHT_RELR <https://groups.google.com/d/msg/generic-abi/bX460iggiKg/YT2RrjpMAwAJ >`_ | ELF GABI Google Groups | Proposal for a new section type SHT_RELR |
263269 +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+
264- | LINUX_ABI _ | https://github.com/hjl-tools/linux-abi/wiki | Linux Extensions to gABI |
270+ | ` LINUX_ABI `_ | https://github.com/hjl-tools/linux-abi/wiki | Linux Extensions to gABI |
265271 +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+
266272
267273Terms and Abbreviations
@@ -841,31 +847,27 @@ language to signing schema is expected to evolve over time. Even if
841847the low-level ELF extensions remain constant, a change to the
842848high-level language mapping may result in incompatible ELF files.
843849
844- This document defines a default ELF marking schema and a base
845- compatibility model. Platforms may define their own ELF marking and
846- compatibility model that replace or extend the default ones. `Appendix
847- Alternative ELF Marking Using GNU Program Properties `_ defines an
848- alternative marking schema for platforms that support the
849- ``.note.gnu.property `` section.
850+ This document defines the core information that any ELF marking
851+ scheme must contain and the base compatibility model that uses that
852+ information.
850853
851- Default Marking Schema
852- ----------------------
854+ The default ELF marking scheme uses the Program Property note format
855+ defined in (`LINUX_ABI `_). An alternative encoding that uses a Arm
856+ defined Note section called ``.note.AARCH64-PAUTH-ABI-tag `` is defined
857+ for platforms that do not support Program Properties, or have legacy
858+ binaries from earlier versions of this specification. This is described
859+ in `Appendix Alternative ELF Marking Using SHT_NOTE section `_.
853860
854- A new section named ``.note.AARCH64-PAUTH-ABI-tag `` of type
855- ``SHT_NOTE `` is defined. This section is structured as a note section
856- as documented in SCO-ELF _, and its attribute flag ``SHF_ALLOC `` must
857- be set.
861+ Core information
862+ ----------------
858863
859- The name field (``namesz `` / ``name ``) contains the string "ARM". The
860- type field shall be 1, and the ``descsz `` field must be at least 16.
861- The first 16 bytes of the description must contain 2 64-bit words, with
862- the first 64-bit word being a platform identifier, and the second
863- 64-bit word being a version number for the ABI for the platform
864- identified for the first word. When ``descsz `` is larger than 16 the
865- remainder of the contents of desc are defined by the (platform id,
866- version number).
864+ The core information used by the base compatibility model is made up
865+ of two values, both of which must be present.
867866
868- The following values of the platform id are reserved:
867+ * ``platform identifier `` is a 64-bit value that specifies the platform vendor. The
868+ values of the ``platform identifier `` in the table below are reserved:
869+
870+ .. table :: Reserved id
869871
870872 +-----------+-----------+
871873 | Platform | Hex value |
@@ -875,56 +877,100 @@ The following values of the platform id are reserved:
875877 | Baremetal | 0x1 |
876878 +-----------+-----------+
877879
878- The version number in `` .note.AARCH64-PAUTH-ABI-tag `` is not directly
879- related to the version number of this document. It is controlled by
880- the object-producer based on the signing schema that has been used for
881- pointers .
880+ * `` version number `` is a 64-bit value that identifies the signing
881+ schema used by the ELF file. The meaning of the value is determined
882+ by the platform vendor identified by the `` platform identifier ``
883+ above .
882884
883- If a file contains a section named ``.note.AARCH64-PAUTH-ABI-tag ``,
884- it must observe the entirety of the rules in this default marking
885- schema. Generating such section with a platform-specific schema is
886- forbidden.
885+ The tuple of (``platform identifier ``, ``version number ``) equal to
886+ (0,0) is reserved to mean an ELF file incompatible with the PAuth ABI
887+ Extension to ELF for the Arm® 64-bit Architecture (AArch64).
888+
889+ Default Marking Schema
890+ ----------------------
891+
892+ The default ELF marking scheme for executables and shared-libraries
893+ uses the ``.note.gnu.property `` section. The format of this section is
894+ defined in (`LINUX_ABI `_).
895+
896+ The following processor-specific program property types are defined:
897+
898+ +----------------------------------------+------------+
899+ | Name | Value |
900+ +========================================+============+
901+ | GNU\_ PROPERTY\_ AARCH64\_ FEATURE\_ PAUTH | 0xc0000001 |
902+ +----------------------------------------+------------+
903+
904+ Other processor-specific program property types defined by the 64-bit
905+ ABI for the Arm Architecture are defined in (SYSVABI64 _).
906+
907+ The format of the data in ``pr_data `` is two 64-bit words. With the
908+ first 64-bit word being the ``platform identifier ``, and the second
909+ 64-bit word being the ``version number ``. Both of these form the
910+ information required in `Core Information `_ above.
911+
912+ ``.note.gnu.property `` sections can be used as ELF marking for
913+ relocatable objects as well as executables and shared libraries. Arm
914+ intends to use standardize build attributes for all relocatable-object
915+ ELF marking. When this change occurs the default ELF marking for
916+ relocatable objects will be updated to use build attributes.
887917
888918Base Compatibility Model
889919------------------------
890920
891921A per-ELF file marking scheme permits a coarse way of reasoning about
892922compatibility.
893923
894- * The absence of a ``.note.AARCH64-PAUTH-ABI-tag `` section means no
895- information on how pointers are signed is available for this ELF
896- file.
897-
898- * The presence of a ``.note.AARCH64-PAUTH-ABI-tag `` means that, if the
899- file contains pointers, they were signed in a compatible way with
900- the default signing rules for tuple (platform id, version number).
901-
902- * The result of a successful combination of
903- ``.note.AArch64-PAUTH-ABI-tag `` sections is a single
904- ``.note.AArch64-PAUTH-ABI-tag `` section containing the (platform id,
905- version number) tuple. The result of an unsuccesful combination must
906- be either a single ``.note.AArch64-PAUTH-ABI-tag `` section containing
907- a platform id with value Invalid, or no ``.note.AArch64-PAUTH-ABI-tag ``
908- section written to the output file.
909-
910- * The static linker may fault the combination of relocatable
911- objects that contain ``.note.AARCH64-PAUTH-ABI-tag `` sections with
912- incompatible (platform id, version number) tuples.
924+ * All reasoning about compatibility is done using the `Core Information `_.
925+ This permits an ELF file using the ``.note.gnu.property `` ELF marking to
926+ be compared to an ELF file using the ``.note.AARCH64-PAUTH-ABI-tag `` ELF
927+ marking.
928+
929+ * If an ELF file contains multiple ELF markings of the `Core
930+ Information `_, for example it contains both a ``.note.gnu.property ``
931+ section and a ``.note.AARCH64-PAUTH-ABI-tag `` section, then all
932+ must encode the same `Core Information `_.
933+
934+ * The absence of any ELF marking means no information on how pointers
935+ are signed is available for this ELF file. When used in combination
936+ with ELF files that contain ELF marking, then by default the file is
937+ assigned the (``platform identifer ``, ``version number ``) of (0,0).
938+ Implementations may use additional information supplementary to the
939+ ELF file, such as linker command-line options, to provide an
940+ implementation defined `Core Information `_ for ELF files with no ELF
941+ marking.
942+
943+ * The presence of ELF marking means that, if the file contains
944+ pointers, they were signed in a compatible way with the schema
945+ identified in the (platform identifier, version number). `Core
946+ Information `_.
947+
948+ * A combination of `Core Information `_ from two ELF files is
949+ successful if the ``platform identifier `` values match and the
950+ ``version numbers `` values match. All other combinations are
951+ unsuccessful.
952+
953+ * The result of a successful combination of `Core Information `_ is a
954+ single ELF Marking containing the `Core Information `_. The result of
955+ an unsuccesful combination must be either a single ELF marking with
956+ (``platform identifer ``, ``version number ``) of (0,0), or no ELF
957+ marking is written to the output file.
958+
959+ * The static linker may choose to fault the unsuccessful combination
960+ of `Core Information `_.
913961
914962* A dynamic loader may disable pointer authentication, or fault the
915963 program with an error message, in case it encounters an incompatible
916- ELF file. A file is incompatible with the loader in any of the
917- following cases:
918-
919- * If section ``.note.AARCH64-PAUTH-ABI-tag `` is missing.
964+ ELF file. A dynamic loader may consider the ELF file to be
965+ incompatible with the PAuthABI in any of the following cases:
920966
921- * If the (platform id, version number) tuple is not recognized .
967+ * If no ELF marking is present .
922968
923- * If the platform id is Invalid.
969+ * If the (platform identifier, version number) from the `Core
970+ Information `_ is not recognized by the loader.
924971
925- The combination of relocatable objects with
926- ``.note.AARCH64-PAUTH-ABI-tag `` and relocatable objects without a
927- ``.note.AARCH64-PAUTH-ABI-tag `` is not defined by this ABI.
972+ * If the platform identifier from the `Core Information `_ is the
973+ reserved Invalid value 0.
928974
929975Platforms may replace the base compatibility model with a
930976platform-specific model.
@@ -1236,33 +1282,24 @@ Some observations:
12361282 pointer signing information in a custom encoding understood by the
12371283 start-up code used.
12381284
1239- Appendix Alternative ELF Marking Using GNU Program Properties
1240- =============================================================
1285+ Appendix Alternative ELF Marking Using SHT_NOTE section
1286+ =======================================================
1287+
1288+ A new section named ``.note.AARCH64-PAUTH-ABI-tag `` of type
1289+ ``SHT_NOTE `` is defined. This section is structured as a note section
1290+ as documented in SCO-ELF _, and its attribute flag ``SHF_ALLOC `` must
1291+ be set.
1292+
1293+ The ``namesz `` field shall be 4
12411294
1242- If a platform supports section ``.note.gnu.property ``, this can be used
1243- as the base for an alternative schema. The format of this section is
1244- defined in LINUX_ABI _.
1295+ The ``descsz `` field shall be 16. See ``desc `` below.
12451296
1246- The following processor-specific program property types are defined:
1297+ The type field shall be ``NT_ARM_TYPE_PAUTH_ABI_TAG ``, defined to the
1298+ value 1.
12471299
1248- +----------------------------------------+------------+
1249- | Name | Value |
1250- +========================================+============+
1251- | GNU\_ PROPERTY\_ AARCH64\_ FEATURE\_ PAUTH | 0xc0000001 |
1252- +----------------------------------------+------------+
1300+ The ``name `` field shall be the null-terminated string ``ARM ``.
12531301
1254- The format of the data in ``pr_data `` is at least two 64-bit words,
1255- the first being a platform identifier, and the second being a version
1256- number specific to the platform identified in the first word.
1257- Consequently, the ``pr_datasz `` field must be at least 16. When
1258- ``pr_datasz `` is larger than 16, the remainder of the contents of
1259- ``pr_data `` are specific to the (platform id, version number). If
1260- ``pr_datasz `` is not a multiple of 8, ``pr_padding `` must be added so
1261- that PR_DATASZ + PR_PADDING is a multiple of 8 and the property
1262- remains 8-byte aligned.
1263-
1264- The rules for the fields are the same as for the default marking
1265- schema: this ABI does not define the exact format of the platform and
1266- version identifiers, but reserves the combination of (platform,
1267- version) equal to (0,0) to represent an ELF file incompatible with
1268- this ABI.
1302+ The ``desc `` contain 2 64-bit words. With the first 64-bit word being
1303+ the ``platform identifier ``, and the second 64-bit word being the
1304+ ``version number ``. Both of these form the information required in
1305+ `Core Information `_ above.
0 commit comments