[llvm-branch-commits] [lld] [PAC][lld][AArch64][ELF] Support signed TLSDESC (PR #113817)
Daniil Kovalev via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Fri Nov 1 03:34:27 PDT 2024
https://github.com/kovdan01 updated https://github.com/llvm/llvm-project/pull/113817
>From d89a47e22f427f8fe989ca24c9289821c8bda09d Mon Sep 17 00:00:00 2001
From: Daniil Kovalev <dkovalev at accesssoftek.com>
Date: Fri, 25 Oct 2024 12:32:27 +0300
Subject: [PATCH 1/2] [PAC][lld][AArch64][ELF] Support signed TLSDESC
Support `R_AARCH64_AUTH_TLSDESC_ADR_PAGE21`, `R_AARCH64_AUTH_TLSDESC_LD64_LO12`
and `R_AARCH64_AUTH_TLSDESC_LD64_LO12` static TLSDESC relocations.
---
lld/ELF/Arch/AArch64.cpp | 8 ++
lld/ELF/InputSection.cpp | 2 +
lld/ELF/Relocations.cpp | 38 +++++++-
lld/ELF/Relocations.h | 4 +
lld/ELF/Symbols.h | 1 +
lld/ELF/SyntheticSections.cpp | 5 +
lld/test/ELF/aarch64-tlsdesc-pauth.s | 134 +++++++++++++++++++++++++++
7 files changed, 190 insertions(+), 2 deletions(-)
create mode 100644 lld/test/ELF/aarch64-tlsdesc-pauth.s
diff --git a/lld/ELF/Arch/AArch64.cpp b/lld/ELF/Arch/AArch64.cpp
index 86f509f3fd78a7..8ad466bf49878b 100644
--- a/lld/ELF/Arch/AArch64.cpp
+++ b/lld/ELF/Arch/AArch64.cpp
@@ -157,9 +157,14 @@ RelExpr AArch64::getRelExpr(RelType type, const Symbol &s,
return R_AARCH64_AUTH;
case R_AARCH64_TLSDESC_ADR_PAGE21:
return R_AARCH64_TLSDESC_PAGE;
+ case R_AARCH64_AUTH_TLSDESC_ADR_PAGE21:
+ return R_AARCH64_AUTH_TLSDESC_PAGE;
case R_AARCH64_TLSDESC_LD64_LO12:
case R_AARCH64_TLSDESC_ADD_LO12:
return R_TLSDESC;
+ case R_AARCH64_AUTH_TLSDESC_LD64_LO12:
+ case R_AARCH64_AUTH_TLSDESC_ADD_LO12:
+ return RelExpr::R_AARCH64_AUTH_TLSDESC;
case R_AARCH64_TLSDESC_CALL:
return R_TLSDESC_CALL;
case R_AARCH64_TLSLE_ADD_TPREL_HI12:
@@ -543,6 +548,7 @@ void AArch64::relocate(uint8_t *loc, const Relocation &rel,
case R_AARCH64_ADR_PREL_PG_HI21:
case R_AARCH64_TLSIE_ADR_GOTTPREL_PAGE21:
case R_AARCH64_TLSDESC_ADR_PAGE21:
+ case R_AARCH64_AUTH_TLSDESC_ADR_PAGE21:
checkInt(ctx, loc, val, 33, rel);
[[fallthrough]];
case R_AARCH64_ADR_PREL_PG_HI21_NC:
@@ -593,6 +599,7 @@ void AArch64::relocate(uint8_t *loc, const Relocation &rel,
case R_AARCH64_TLSIE_LD64_GOTTPREL_LO12_NC:
case R_AARCH64_TLSLE_LDST64_TPREL_LO12_NC:
case R_AARCH64_TLSDESC_LD64_LO12:
+ case R_AARCH64_AUTH_TLSDESC_LD64_LO12:
checkAlignment(ctx, loc, val, 8, rel);
write32Imm12(loc, getBits(val, 3, 11));
break;
@@ -667,6 +674,7 @@ void AArch64::relocate(uint8_t *loc, const Relocation &rel,
break;
case R_AARCH64_TLSLE_ADD_TPREL_LO12_NC:
case R_AARCH64_TLSDESC_ADD_LO12:
+ case R_AARCH64_AUTH_TLSDESC_ADD_LO12:
write32Imm12(loc, val);
break;
case R_AARCH64_TLSDESC:
diff --git a/lld/ELF/InputSection.cpp b/lld/ELF/InputSection.cpp
index ccc7cf8c6e2de9..b3303c59a3b4a5 100644
--- a/lld/ELF/InputSection.cpp
+++ b/lld/ELF/InputSection.cpp
@@ -935,12 +935,14 @@ uint64_t InputSectionBase::getRelocTargetVA(Ctx &ctx, const Relocation &r,
case R_SIZE:
return r.sym->getSize() + a;
case R_TLSDESC:
+ case RelExpr::R_AARCH64_AUTH_TLSDESC:
return ctx.in.got->getTlsDescAddr(*r.sym) + a;
case R_TLSDESC_PC:
return ctx.in.got->getTlsDescAddr(*r.sym) + a - p;
case R_TLSDESC_GOTPLT:
return ctx.in.got->getTlsDescAddr(*r.sym) + a - ctx.in.gotPlt->getVA();
case R_AARCH64_TLSDESC_PAGE:
+ case R_AARCH64_AUTH_TLSDESC_PAGE:
return getAArch64Page(ctx.in.got->getTlsDescAddr(*r.sym) + a) -
getAArch64Page(p);
case R_LOONGARCH_TLSDESC_PAGE_PC:
diff --git a/lld/ELF/Relocations.cpp b/lld/ELF/Relocations.cpp
index dbe0bcfcdc34f6..f53406cbf63566 100644
--- a/lld/ELF/Relocations.cpp
+++ b/lld/ELF/Relocations.cpp
@@ -1352,6 +1352,36 @@ unsigned RelocationScanner::handleTlsRelocation(RelExpr expr, RelType type,
return 1;
}
+ auto fatalBothAuthAndNonAuth = [&sym]() {
+ fatal("both AUTH and non-AUTH TLSDESC entries for '" + sym.getName() +
+ "' requested, but only one type of TLSDESC entry per symbol is "
+ "supported");
+ };
+
+ // Do not optimize signed TLSDESC as described in pauthabielf64 to LE/IE.
+ // https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#general-restrictions
+ // > PAUTHELF64 only supports the descriptor based TLS (TLSDESC).
+ if (oneof<R_AARCH64_AUTH_TLSDESC_PAGE, RelExpr::R_AARCH64_AUTH_TLSDESC>(
+ expr)) {
+ assert(ctx.arg.emachine == EM_AARCH64);
+ if (!sym.hasFlag(NEEDS_TLSDESC))
+ sym.setFlags(NEEDS_TLSDESC | NEEDS_TLSDESC_AUTH);
+ else if (!sym.hasFlag(NEEDS_TLSDESC_AUTH))
+ fatalBothAuthAndNonAuth();
+ sec->addReloc({expr, type, offset, addend, &sym});
+ return 1;
+ }
+
+ if (sym.hasFlag(NEEDS_TLSDESC_AUTH)) {
+ assert(ctx.arg.emachine == EM_AARCH64);
+ // TLSDESC_CALL hint relocation probably should not be emitted by compiler
+ // with signed TLSDESC enabled since it does not give any value, but leave a
+ // check against that just in case someone uses it.
+ if (expr != R_TLSDESC_CALL)
+ fatalBothAuthAndNonAuth();
+ return 1;
+ }
+
bool isRISCV = ctx.arg.emachine == EM_RISCV;
if (oneof<R_AARCH64_TLSDESC_PAGE, R_TLSDESC, R_TLSDESC_CALL, R_TLSDESC_PC,
@@ -1852,9 +1882,13 @@ void elf::postScanRelocations(Ctx &ctx) {
if (flags & NEEDS_TLSDESC) {
got->addTlsDescEntry(sym);
+ RelType tlsDescRel = ctx.target->tlsDescRel;
+ if (flags & NEEDS_TLSDESC_AUTH) {
+ assert(ctx.arg.emachine == EM_AARCH64);
+ tlsDescRel = ELF::R_AARCH64_AUTH_TLSDESC;
+ }
ctx.mainPart->relaDyn->addAddendOnlyRelocIfNonPreemptible(
- ctx.target->tlsDescRel, *got, got->getTlsDescOffset(sym), sym,
- ctx.target->tlsDescRel);
+ tlsDescRel, *got, got->getTlsDescOffset(sym), sym, tlsDescRel);
}
if (flags & NEEDS_TLSGD) {
got->addDynTlsEntry(sym);
diff --git a/lld/ELF/Relocations.h b/lld/ELF/Relocations.h
index 20d88de402ac18..2fe05068948aa9 100644
--- a/lld/ELF/Relocations.h
+++ b/lld/ELF/Relocations.h
@@ -92,6 +92,10 @@ enum RelExpr {
R_AARCH64_PAGE_PC,
R_AARCH64_RELAX_TLS_GD_TO_IE_PAGE_PC,
R_AARCH64_TLSDESC_PAGE,
+ R_AARCH64_AUTH_TLSDESC_PAGE,
+ // TODO: maybe it's better to rename this expression
+ // to avoid name conflict with dynamic reloc
+ R_AARCH64_AUTH_TLSDESC,
R_AARCH64_AUTH,
R_ARM_PCA,
R_ARM_SBREL,
diff --git a/lld/ELF/Symbols.h b/lld/ELF/Symbols.h
index 1fdb9b3df6beca..93f209f93494d8 100644
--- a/lld/ELF/Symbols.h
+++ b/lld/ELF/Symbols.h
@@ -55,6 +55,7 @@ enum {
NEEDS_GOT_DTPREL = 1 << 7,
NEEDS_TLSIE = 1 << 8,
NEEDS_GOT_AUTH = 1 << 9,
+ NEEDS_TLSDESC_AUTH = 1 << 10,
};
// The base class for real symbol classes.
diff --git a/lld/ELF/SyntheticSections.cpp b/lld/ELF/SyntheticSections.cpp
index 0ab0f567b29454..2b15b7776689eb 100644
--- a/lld/ELF/SyntheticSections.cpp
+++ b/lld/ELF/SyntheticSections.cpp
@@ -672,6 +672,11 @@ bool GotSection::addTlsDescEntry(const Symbol &sym) {
assert(sym.auxIdx == ctx.symAux.size() - 1);
ctx.symAux.back().tlsDescIdx = numEntries;
numEntries += 2;
+ if (sym.hasFlag(NEEDS_TLSDESC_AUTH)) {
+ assert(ctx.arg.emachine == EM_AARCH64);
+ authEntries.push_back({(numEntries - 2) * ctx.arg.wordsize, true});
+ authEntries.push_back({(numEntries - 1) * ctx.arg.wordsize, false});
+ }
return true;
}
diff --git a/lld/test/ELF/aarch64-tlsdesc-pauth.s b/lld/test/ELF/aarch64-tlsdesc-pauth.s
new file mode 100644
index 00000000000000..36505f652b0c52
--- /dev/null
+++ b/lld/test/ELF/aarch64-tlsdesc-pauth.s
@@ -0,0 +1,134 @@
+// REQUIRES: aarch64
+// RUN: rm -rf %t && split-file %s %t && cd %t
+
+//--- a.s
+
+.section .tbss,"awT", at nobits
+.global a
+a:
+.xword 0
+
+//--- ok.s
+
+// RUN: llvm-mc -filetype=obj -triple=aarch64-pc-linux -mattr=+pauth ok.s -o ok.o
+// RUN: ld.lld -shared ok.o -o ok.so
+// RUN: llvm-objdump --no-print-imm-hex -d --no-show-raw-insn ok.so | \
+// RUN: FileCheck -DP=20 -DA=896 -DB=912 -DC=928 %s
+// RUN: llvm-readobj -r -x .got ok.so | FileCheck --check-prefix=REL \
+// RUN: -DP1=20 -DA1=380 -DB1=390 -DC1=3A0 -DP2=020 -DA2=380 -DB2=390 -DC2=3a0 %s
+
+// RUN: llvm-mc -filetype=obj -triple=aarch64-pc-linux -mattr=+pauth a.s -o a.so.o
+// RUN: ld.lld -shared a.so.o -soname=so -o a.so
+// RUN: ld.lld ok.o a.so -o ok
+// RUN: llvm-objdump --no-print-imm-hex -d --no-show-raw-insn ok | \
+// RUN: FileCheck -DP=220 -DA=936 -DB=952 -DC=968 %s
+// RUN: llvm-readobj -r -x .got ok | FileCheck --check-prefix=REL \
+// RUN: -DP1=220 -DA1=3A8 -DB1=3B8 -DC1=3C8 -DP2=220 -DA2=3a8 -DB2=3b8 -DC2=3c8 %s
+
+ .text
+ adrp x0, :tlsdesc_auth:a
+ ldr x16, [x0, :tlsdesc_auth_lo12:a]
+ add x0, x0, :tlsdesc_auth_lo12:a
+ .tlsdesccall a
+ blraa x16, x0
+
+// CHECK: adrp x0, 0x[[P]]000
+// CHECK-NEXT: ldr x16, [x0, #[[A]]]
+// CHECK-NEXT: add x0, x0, #[[A]]
+// CHECK-NEXT: blraa x16, x0
+
+// Create relocation against local TLS symbols where linker should
+// create target specific dynamic TLSDESC relocation where addend is
+// the symbol VMA in tls block.
+
+ adrp x0, :tlsdesc_auth:local1
+ ldr x16, [x0, :tlsdesc_auth_lo12:local1]
+ add x0, x0, :tlsdesc_auth_lo12:local1
+ .tlsdesccall local1
+ blraa x16, x0
+
+// CHECK: adrp x0, 0x[[P]]000
+// CHECK-NEXT: ldr x16, [x0, #[[B]]]
+// CHECK-NEXT: add x0, x0, #[[B]]
+// CHECK-NEXT: blraa x16, x0
+
+ adrp x0, :tlsdesc_auth:local2
+ ldr x16, [x0, :tlsdesc_auth_lo12:local2]
+ add x0, x0, :tlsdesc_auth_lo12:local2
+ .tlsdesccall local2
+ blraa x16, x0
+
+// CHECK: adrp x0, 0x[[P]]000
+// CHECK-NEXT: ldr x16, [x0, #[[C]]]
+// CHECK-NEXT: add x0, x0, #[[C]]
+// CHECK-NEXT: blraa x16, x0
+
+ .section .tbss,"awT", at nobits
+ .type local1, at object
+ .p2align 2
+local1:
+ .word 0
+ .size local1, 4
+
+ .type local2, at object
+ .p2align 3
+local2:
+ .xword 0
+ .size local2, 8
+
+
+// R_AARCH64_AUTH_TLSDESC - 0x0 -> start of tls block
+// R_AARCH64_AUTH_TLSDESC - 0x8 -> align (sizeof (local1), 8)
+
+// REL: Relocations [
+// REL-NEXT: Section (5) .rela.dyn {
+// REL-NEXT: 0x[[P1]][[B1]] R_AARCH64_AUTH_TLSDESC - 0x0
+// REL-NEXT: 0x[[P1]][[C1]] R_AARCH64_AUTH_TLSDESC - 0x8
+// REL-NEXT: 0x[[P1]][[A1]] R_AARCH64_AUTH_TLSDESC a 0x0
+// REL-NEXT: }
+// REL-NEXT: ]
+
+// REL: Hex dump of section '.got':
+// REL-NEXT: 0x00[[P2]][[A2]] 00000000 00000080 00000000 000000a0
+// REL-NEXT: 0x00[[P2]][[B2]] 00000000 00000080 00000000 000000a0
+// REL-NEXT: 0x00[[P2]][[C2]] 00000000 00000080 00000000 000000a0
+// ^^
+// 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA
+// ^^
+// 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
+
+//--- err1.s
+
+// RUN: llvm-mc -filetype=obj -triple=aarch64-pc-linux -mattr=+pauth err1.s -o err1.o
+// RUN: not ld.lld -shared err1.o -o err1.so 2>&1 | FileCheck --check-prefix=ERR1 %s
+// ERR1: error: both AUTH and non-AUTH TLSDESC entries for 'a' requested, but only one type of TLSDESC entry per symbol is supported
+ .text
+ adrp x0, :tlsdesc_auth:a
+ ldr x16, [x0, :tlsdesc_auth_lo12:a]
+ add x0, x0, :tlsdesc_auth_lo12:a
+ .tlsdesccall a
+ blraa x16, x0
+
+ adrp x0, :tlsdesc:a
+ ldr x1, [x0, :tlsdesc_lo12:a]
+ add x0, x0, :tlsdesc_lo12:a
+ .tlsdesccall a
+ blr x1
+
+//--- err2.s
+
+// RUN: llvm-mc -filetype=obj -triple=aarch64-pc-linux -mattr=+pauth err2.s -o err2.o
+// RUN: not ld.lld -shared err2.o -o err2.so 2>&1 | FileCheck --check-prefix=ERR2 %s
+// ERR2: error: both AUTH and non-AUTH TLSDESC entries for 'a' requested, but only one type of TLSDESC entry per symbol is supported
+ .text
+ adrp x0, :tlsdesc:a
+ ldr x1, [x0, :tlsdesc_lo12:a]
+ add x0, x0, :tlsdesc_lo12:a
+ .tlsdesccall a
+ blr x1
+
+ adrp x0, :tlsdesc_auth:a
+ ldr x16, [x0, :tlsdesc_auth_lo12:a]
+ add x0, x0, :tlsdesc_auth_lo12:a
+ .tlsdesccall a
+ blraa x16, x0
>From e3837faa22581e8e7f4a233754e7a209dadf97eb Mon Sep 17 00:00:00 2001
From: Daniil Kovalev <dkovalev at accesssoftek.com>
Date: Fri, 1 Nov 2024 13:31:14 +0300
Subject: [PATCH 2/2] Address review comments
---
lld/ELF/Relocations.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lld/ELF/Relocations.cpp b/lld/ELF/Relocations.cpp
index f53406cbf63566..7a1726ef0b7d0d 100644
--- a/lld/ELF/Relocations.cpp
+++ b/lld/ELF/Relocations.cpp
@@ -1358,7 +1358,7 @@ unsigned RelocationScanner::handleTlsRelocation(RelExpr expr, RelType type,
"supported");
};
- // Do not optimize signed TLSDESC as described in pauthabielf64 to LE/IE.
+ // Do not optimize signed TLSDESC (as described in pauthabielf64 to LE/IE).
// https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#general-restrictions
// > PAUTHELF64 only supports the descriptor based TLS (TLSDESC).
if (oneof<R_AARCH64_AUTH_TLSDESC_PAGE, RelExpr::R_AARCH64_AUTH_TLSDESC>(
More information about the llvm-branch-commits
mailing list