[PATCH] D62609: [LLD][ELF][AArch64] Support for BTI and PAC
Peter Smith via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Jun 3 06:31:04 PDT 2019
peter.smith added a comment.
In D62609#1526262 <https://reviews.llvm.org/D62609#1526262>, @MaskRay wrote:
> I am reading some `binutils-gdb/bfd/elfnn-aarch64.c` code as a reference. It doesn't use `bti c` for `-pie` (`ET_DYN`). <del>Is it intentional?</del>
>
> It is intentional, because only indirect branch/call targets need BTI. A PIE PLT is not taken address so no BTI is needed.
>
>
Yes this is intentional in BFD. Unfortunately clang can take the address of a non-preemptible ifunc with a non-got generating relocation with -fpie (case when the function is defined in the same object file so the compiler knows it won't be in the DSO), in this case LLD will make the PLT canonical (see Relocations.cpp // Handle a reference to a non-preemptible ifunc), and if a DSO also takes the address of the ifunc then the PLT address can leak to the DSO. I've put this as test/ELF/aarch64-ifunc-bti.s
There are some optimizations that could be performed, assuming an early scan of the relocations is not done for linker performance reasons:
- Detect when the PLT address might escape and only put the "BTI c" at the head of the entry if it does. Note that we still need to use the larger size as we may have used it before the PLT entry size has been used.
- Add a command line option that asserts that the program never indirect branches to an escaped PLT entry, or make the reverse assumption and the user has to say
I'm happy to do one of these either in this or a follow up patch.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D62609/new/
https://reviews.llvm.org/D62609
More information about the llvm-commits
mailing list