From 479f5851c0aca6c2edd3f70a04051988258fb610 Mon Sep 17 00:00:00 2001 From: Daniil Kovalev Date: Sat, 15 Mar 2025 22:54:30 +0300 Subject: [PATCH 1/3] [PAC][ThinLTO] Fix auth key for GOT entries of function symbols Symtab is first filled with the data from the bitcode file, and all symbols except TLS ones are `STT_NOTYPE`. Since auth key for a signed GOT entry depends on the symbol type being `STT_FUNC` or not, we need to update the symtab after the bitcode is compiled to an ELF object and update symbol types for function symbols. This patch implements the described behavior. --- lld/ELF/Driver.cpp | 7 +++++ lld/test/ELF/lto/aarch64-pac-got-func.ll | 38 ++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 lld/test/ELF/lto/aarch64-pac-got-func.ll diff --git a/lld/ELF/Driver.cpp b/lld/ELF/Driver.cpp index 18f9fed0d08e2..434f17786c861 100644 --- a/lld/ELF/Driver.cpp +++ b/lld/ELF/Driver.cpp @@ -2618,6 +2618,13 @@ void LinkerDriver::compileBitcodeFiles(bool skipLinkedOutput) { auto *obj = cast>(file.get()); obj->parse(/*ignoreComdats=*/true); + for (typename ELFT::Sym elfSym : obj->template getGlobalELFSyms()) { + StringRef elfSymName = check(elfSym.getName(obj->getStringTable())); + if (Symbol *sym = ctx.symtab->find(elfSymName)) + if (sym->type == STT_NOTYPE) + sym->type = elfSym.getType(); + } + // For defined symbols in non-relocatable output, // compute isExported and parse '@'. if (!ctx.arg.relocatable) diff --git a/lld/test/ELF/lto/aarch64-pac-got-func.ll b/lld/test/ELF/lto/aarch64-pac-got-func.ll new file mode 100644 index 0000000000000..e42f78d30adba --- /dev/null +++ b/lld/test/ELF/lto/aarch64-pac-got-func.ll @@ -0,0 +1,38 @@ +; REQUIRES: aarch64 + +; RUN: llvm-as %s -o %t.o +; RUN: ld.lld %t.o -shared -o %t +; RUN: llvm-readelf -r -x.got %t | FileCheck %s + +; CHECK: Relocation section '.rela.dyn' at offset 0x2a8 contains 2 entries: +; CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend +; CHECK-NEXT: 00000000000203d8 0000000100000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 foo + 0 +; CHECK-NEXT: 00000000000203e0 0000000200000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 var + 0 + +; CHECK: Hex dump of section '.got': +; CHECK-NEXT: 0x000203d8 00000000 00000080 00000000 000000a0 +;; ^^ 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA +;; ^^ 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA + +target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" +target triple = "aarch64-unknown-linux-gnu" + +@var = external global ptr + +declare void @foo() + +define void @bar() #0 { +entry: + store ptr ptrauth (ptr @foo, i32 0), ptr @var + ret void +} + +define void @_start() { +entry: + ret void +} + +attributes #0 = {"target-features"="+pauth"} + +!llvm.module.flags = !{!0} +!0 = !{i32 8, !"ptrauth-elf-got", i32 1} From af42aeb6db33b7c6be4bf505955de2050d7add23 Mon Sep 17 00:00:00 2001 From: Daniil Kovalev Date: Mon, 14 Apr 2025 16:42:12 +0300 Subject: [PATCH 2/3] Enhance test --- lld/test/ELF/lto/aarch64-pac-got-func.ll | 46 +++++++++++++++++++----- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/lld/test/ELF/lto/aarch64-pac-got-func.ll b/lld/test/ELF/lto/aarch64-pac-got-func.ll index e42f78d30adba..a37c67a2f3ba8 100644 --- a/lld/test/ELF/lto/aarch64-pac-got-func.ll +++ b/lld/test/ELF/lto/aarch64-pac-got-func.ll @@ -4,26 +4,54 @@ ; RUN: ld.lld %t.o -shared -o %t ; RUN: llvm-readelf -r -x.got %t | FileCheck %s -; CHECK: Relocation section '.rela.dyn' at offset 0x2a8 contains 2 entries: +; CHECK: Relocation section '.rela.dyn' at offset 0x3d0 contains 8 entries: ; CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend -; CHECK-NEXT: 00000000000203d8 0000000100000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 foo + 0 -; CHECK-NEXT: 00000000000203e0 0000000200000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 var + 0 +; CHECK-NEXT: 00000000000206a0 0000000100000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 func_undef + 0 +; CHECK-NEXT: 00000000000206a8 0000000200000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 g1 + 0 +; CHECK-NEXT: 00000000000206b0 0000000300000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 g2 + 0 +; CHECK-NEXT: 00000000000206b8 0000000400000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 g3 + 0 +; CHECK-NEXT: 00000000000206c0 0000000500000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 g4 + 0 +; CHECK-NEXT: 00000000000206c8 0000000600000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 var_undef + 0 +; CHECK-NEXT: 0000000000020690 0000000700000412 R_AARCH64_AUTH_GLOB_DAT 0000000000010490 func + 0 +; CHECK-NEXT: 0000000000020698 0000000a00000412 R_AARCH64_AUTH_GLOB_DAT 00000000000306d0 var + 0 ; CHECK: Hex dump of section '.got': -; CHECK-NEXT: 0x000203d8 00000000 00000080 00000000 000000a0 -;; ^^ 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA -;; ^^ 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA +; CHECK-NEXT: 0x00020690 00000000 00000080 00000000 000000a0 +;; ^^ func: 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA +;; ^^ var: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA +; CHECK-NEXT: 0x000206a0 00000000 00000080 00000000 000000a0 +;; ^^ func_undef: 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA +;; ^^ g1: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA +; CHECK-NEXT: 0x000206b0 00000000 000000a0 00000000 000000a0 +;; ^^ g2: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA +;; ^^ g3: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA +; CHECK-NEXT: 0x000206c0 00000000 000000a0 00000000 000000a0 +;; ^^ g4: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA +;; ^^ var_undef: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" target triple = "aarch64-unknown-linux-gnu" -@var = external global ptr +@g1 = external global ptr +@g2 = external global ptr +@g3 = external global ptr +@g4 = external global ptr -declare void @foo() +define void @func() { +entry: + ret void +} +declare void @func_undef() + +@var = global i32 42 +@var_undef = external global i32 define void @bar() #0 { entry: - store ptr ptrauth (ptr @foo, i32 0), ptr @var + store ptr ptrauth (ptr @func, i32 0), ptr @g1 + store ptr ptrauth (ptr @func_undef, i32 0), ptr @g2 + store ptr ptrauth (ptr @var, i32 0), ptr @g3 + store ptr ptrauth (ptr @var_undef, i32 0), ptr @g4 ret void } From efaa9e2494b6bf593ed1a745b8937e5f1d5cdbf7 Mon Sep 17 00:00:00 2001 From: Daniil Kovalev Date: Mon, 14 Apr 2025 16:48:52 +0300 Subject: [PATCH 3/3] Limit special behavior to AArch64 --- lld/ELF/Driver.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lld/ELF/Driver.cpp b/lld/ELF/Driver.cpp index c87f3a3f6881d..9d36071e1532f 100644 --- a/lld/ELF/Driver.cpp +++ b/lld/ELF/Driver.cpp @@ -2638,11 +2638,16 @@ void LinkerDriver::compileBitcodeFiles(bool skipLinkedOutput) { auto *obj = cast>(file.get()); obj->parse(/*ignoreComdats=*/true); - for (typename ELFT::Sym elfSym : obj->template getGlobalELFSyms()) { - StringRef elfSymName = check(elfSym.getName(obj->getStringTable())); - if (Symbol *sym = ctx.symtab->find(elfSymName)) - if (sym->type == STT_NOTYPE) - sym->type = elfSym.getType(); + // This is only needed for AArch64 PAuth to set correct key in AUTH GOT + // entry based on symbol type (STT_FUNC or not). + // TODO: check if PAuth is actually used. + if (ctx.arg.emachine == EM_AARCH64) { + for (typename ELFT::Sym elfSym : obj->template getGlobalELFSyms()) { + StringRef elfSymName = check(elfSym.getName(obj->getStringTable())); + if (Symbol *sym = ctx.symtab->find(elfSymName)) + if (sym->type == STT_NOTYPE) + sym->type = elfSym.getType(); + } } // For defined symbols in non-relocatable output,