[lld] [LLD][ELF][AArch64] Add BTI Aware long branch thunks (PR #108989)

Fri Nov 15 03:01:00 PST 2024

smithp35 wrote:

To give you a quick update on the cause. There is an optimisation that won't create a BTI landing pad for a location if the linker can use a direct branch in the Thunk. https://github.com/llvm/llvm-project/blob/main/lld/ELF/Thunks.cpp#L580 

It looks like what is happening is:
* Pass N thunk is created. It is in short-branch range so a direct branch can be used, no BTI needs creating.
* Pass M (where M > N). More content changes are made so that the thunk can no longer use a short-branch.
* writeTo() I need an indirect branch, where's my landing pad, assert failure.

I need to make a smaller test case, and to make the landing pad generation run each pass. Hopefully I can get this done Today, but just in case it can't, how urgent is this for you?

Right now the hwasan checks
```
0000000000000000 <__hwasan_check_x0_0>:
       0: 9344dc10      sbfx    x16, x0, #4, #52
       4: 38706930      ldrb    w16, [x9, x16]
       8: eb40e21f      cmp     x16, x0, lsr #56
       c: 54000041      b.ne    0x14 <__hwasan_check_x0_0+0x14>
      10: d65f03c0      ret
      14: a9b007e0      stp     x0, x1, [sp, #-0x100]!
      18: a90efbfd      stp     x29, x30, [sp, #0xe8]
      1c: d2800001      mov     x1, #0x0                // =0
      20: 90000010      adrp    x16, 0x0 <__hwasan_check_x0_0>
      24: f9400210      ldr     x16, [x16]
      28: d61f0200      br      x16
```
Do not have a BTI or compatible instruction, so these would cause a runtime failure if BTI was enabled and the linker did generate an indirect branch (and code-path went through it).

There's a quick fix to disable the optimisation, but that would mean updating a rather large test, so I'd prefer to take the time to fix with the optimisation.

https://github.com/llvm/llvm-project/pull/108989