[PAC][AArch64][ELF] Support signed GOT #77
Conversation
AUTH variant GOT-generating relocations https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#auth-variant-got-generating-relocations AUTH variant dynamic relocations for signed GOT https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#additional-auth-variant-dynamic-relocations-for-signed-got
Treat 7th bit of version value for llvm_linux platform as signed GOT flag. - llvm-readobj: print `PointerAuthELFGOT` or `!PointerAuthELFGOT` in version description of llvm_linux platform depending on whether the flag is set. - clang: define `PointerAuthELFGOT` LangOption and set 7th bit of `aarch64-elf-pauthabi-version` LLVM module flag correspondingly;
Add `-fptrauth-elf-got` clang driver flag and set `ptrauth_elf_got` preprocessor feature and `PointerAuthELFGOT` LangOption correspondingly. For non-ELF triples, the driver flag is ignored and a warning is emitted.
Support the following relocations and assembly operators: - `R_AARCH64_AUTH_ADR_GOT_PAGE` (`:got_auth:` for `adrp`) - `R_AARCH64_AUTH_GOT_LO12_NC` (`:got_auth_lo12:` for `ldr`) - `R_AARCH64_AUTH_GOT_ADD_LO12_NC` (`:got_auth_lo12:` for `add`) `LOADgotAUTH` pseudo-instruction is introduced which is later expanded to actual instruction sequence like the following. ``` adrp x16, :got_auth:sym add x16, x16, :got_auth_lo12:sym ldr x0, [x16] autia x0, x16 ``` Both SelectionDAG and GlobalISel are suppported. For FastISel, we fall back to SelectionDAG. Tests with 'auth' in name have corresponding variants w/o it.
Support `R_AARCH64_AUTH_ADR_GOT_PAGE`, `R_AARCH64_AUTH_GOT_LO12_NC` and `R_AARCH64_AUTH_GOT_ADD_LO12_NC` GOT-generating relocations. For preemptible symbols, dynamic relocation `R_AARCH64_AUTH_GLOB_DAT` is emitted. Otherwise, we unconditionally emit `R_AARCH64_AUTH_RELATIVE` dynamic relocation since pointers in signed GOT needs to be signed during dynamic link time.
Support the following relocations and assembly operators: - `R_AARCH64_AUTH_GOT_ADR_PREL21` (`:got_auth:` for `adr`) - `R_AARCH64_AUTH_GOT_LD_PREL19` (`:got_auth:` for `ldr`) `LOADgotAUTH` pseudo-instruction is expanded to actual instruction sequence like the following. ``` adr x16, :got_auth:sym ldr x0, [x16] autia x0, x16 ``` Both SelectionDAG and GlobalISel are suppported. For FastISel, we fall back to SelectionDAG. Tests with 'auth' in name have corresponding variants w/o it.
Support `R_AARCH64_AUTH_GOT_ADR_PREL21` and `R_AARCH64_AUTH_GOT_LD_PREL19` GOT-generating relocations.
kovdan01
changed the title
| // https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#default-signing-schema | ||
| // Signed GOT entries use the IA key for symbols of type STT_FUNC and the | ||
| // DA key for all other symbol types, with the address of the GOT entry as | ||
| // the modifier. The static linker must encode the signing schema into the |
There was a problem hiding this comment.
| // the modifier. The static linker must encode the signing schema into the | |
| // the discriminator. The static linker must encode the signing schema into the |
There was a problem hiding this comment.
In the ABI, they use the modifier term in this particular paragraph. Do we want to stick with discriminator everywhere for consistency or maybe we want to use terms in the same way as in the ABI? It looks like that they use discriminator for the 16-bit value and modifier for the value with address optionally blended:
discriminator is a 16-bit unsigned integer that after an optional blending (address diversity) forms the modifier for the sign and authenticate instructions.
There was a problem hiding this comment.
You can probably use the term "address diversity"?
There was a problem hiding this comment.
Possible variant of paraphrasing this - please let me know if it's OK. Before:
Signed GOT entries use the IA key for symbols of type STT_FUNC and the DA key for all other symbol types, with the address of the GOT entry as the modifier.
After:
Signed GOT entries use the IA key for symbols of type STT_FUNC and the DA key for all other symbol types, with address diversity enabled and no additional 16-bit discriminator.
I'm not sure if it's any better, but, if the "modifier" term confuses code readers, I have no issues with avoiding it (but it's anyway already widely used in the spec so the person should be familiar with it).
No description provided.