[lld] [PAC][ThinLTO] Fix auth key for GOT entries of function symbols (PR #131467)
Daniil Kovalev via llvm-commits
llvm-commits at lists.llvm.org
Mon Apr 14 06:50:09 PDT 2025
https://github.com/kovdan01 updated https://github.com/llvm/llvm-project/pull/131467
>From 479f5851c0aca6c2edd3f70a04051988258fb610 Mon Sep 17 00:00:00 2001
From: Daniil Kovalev <dkovalev at accesssoftek.com>
Date: Sat, 15 Mar 2025 22:54:30 +0300
Subject: [PATCH 1/3] [PAC][ThinLTO] Fix auth key for GOT entries of function
symbols
Symtab is first filled with the data from the bitcode file, and all symbols
except TLS ones are `STT_NOTYPE`. Since auth key for a signed GOT entry
depends on the symbol type being `STT_FUNC` or not, we need to update the
symtab after the bitcode is compiled to an ELF object and update symbol types
for function symbols. This patch implements the described behavior.
---
lld/ELF/Driver.cpp | 7 +++++
lld/test/ELF/lto/aarch64-pac-got-func.ll | 38 ++++++++++++++++++++++++
2 files changed, 45 insertions(+)
create mode 100644 lld/test/ELF/lto/aarch64-pac-got-func.ll
diff --git a/lld/ELF/Driver.cpp b/lld/ELF/Driver.cpp
index 18f9fed0d08e2..434f17786c861 100644
--- a/lld/ELF/Driver.cpp
+++ b/lld/ELF/Driver.cpp
@@ -2618,6 +2618,13 @@ void LinkerDriver::compileBitcodeFiles(bool skipLinkedOutput) {
auto *obj = cast<ObjFile<ELFT>>(file.get());
obj->parse(/*ignoreComdats=*/true);
+ for (typename ELFT::Sym elfSym : obj->template getGlobalELFSyms<ELFT>()) {
+ StringRef elfSymName = check(elfSym.getName(obj->getStringTable()));
+ if (Symbol *sym = ctx.symtab->find(elfSymName))
+ if (sym->type == STT_NOTYPE)
+ sym->type = elfSym.getType();
+ }
+
// For defined symbols in non-relocatable output,
// compute isExported and parse '@'.
if (!ctx.arg.relocatable)
diff --git a/lld/test/ELF/lto/aarch64-pac-got-func.ll b/lld/test/ELF/lto/aarch64-pac-got-func.ll
new file mode 100644
index 0000000000000..e42f78d30adba
--- /dev/null
+++ b/lld/test/ELF/lto/aarch64-pac-got-func.ll
@@ -0,0 +1,38 @@
+; REQUIRES: aarch64
+
+; RUN: llvm-as %s -o %t.o
+; RUN: ld.lld %t.o -shared -o %t
+; RUN: llvm-readelf -r -x.got %t | FileCheck %s
+
+; CHECK: Relocation section '.rela.dyn' at offset 0x2a8 contains 2 entries:
+; CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend
+; CHECK-NEXT: 00000000000203d8 0000000100000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 foo + 0
+; CHECK-NEXT: 00000000000203e0 0000000200000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 var + 0
+
+; CHECK: Hex dump of section '.got':
+; CHECK-NEXT: 0x000203d8 00000000 00000080 00000000 000000a0
+;; ^^ 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA
+;; ^^ 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
+
+target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
+target triple = "aarch64-unknown-linux-gnu"
+
+ at var = external global ptr
+
+declare void @foo()
+
+define void @bar() #0 {
+entry:
+ store ptr ptrauth (ptr @foo, i32 0), ptr @var
+ ret void
+}
+
+define void @_start() {
+entry:
+ ret void
+}
+
+attributes #0 = {"target-features"="+pauth"}
+
+!llvm.module.flags = !{!0}
+!0 = !{i32 8, !"ptrauth-elf-got", i32 1}
>From af42aeb6db33b7c6be4bf505955de2050d7add23 Mon Sep 17 00:00:00 2001
From: Daniil Kovalev <dkovalev at accesssoftek.com>
Date: Mon, 14 Apr 2025 16:42:12 +0300
Subject: [PATCH 2/3] Enhance test
---
lld/test/ELF/lto/aarch64-pac-got-func.ll | 46 +++++++++++++++++++-----
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/lld/test/ELF/lto/aarch64-pac-got-func.ll b/lld/test/ELF/lto/aarch64-pac-got-func.ll
index e42f78d30adba..a37c67a2f3ba8 100644
--- a/lld/test/ELF/lto/aarch64-pac-got-func.ll
+++ b/lld/test/ELF/lto/aarch64-pac-got-func.ll
@@ -4,26 +4,54 @@
; RUN: ld.lld %t.o -shared -o %t
; RUN: llvm-readelf -r -x.got %t | FileCheck %s
-; CHECK: Relocation section '.rela.dyn' at offset 0x2a8 contains 2 entries:
+; CHECK: Relocation section '.rela.dyn' at offset 0x3d0 contains 8 entries:
; CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend
-; CHECK-NEXT: 00000000000203d8 0000000100000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 foo + 0
-; CHECK-NEXT: 00000000000203e0 0000000200000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 var + 0
+; CHECK-NEXT: 00000000000206a0 0000000100000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 func_undef + 0
+; CHECK-NEXT: 00000000000206a8 0000000200000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 g1 + 0
+; CHECK-NEXT: 00000000000206b0 0000000300000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 g2 + 0
+; CHECK-NEXT: 00000000000206b8 0000000400000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 g3 + 0
+; CHECK-NEXT: 00000000000206c0 0000000500000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 g4 + 0
+; CHECK-NEXT: 00000000000206c8 0000000600000412 R_AARCH64_AUTH_GLOB_DAT 0000000000000000 var_undef + 0
+; CHECK-NEXT: 0000000000020690 0000000700000412 R_AARCH64_AUTH_GLOB_DAT 0000000000010490 func + 0
+; CHECK-NEXT: 0000000000020698 0000000a00000412 R_AARCH64_AUTH_GLOB_DAT 00000000000306d0 var + 0
; CHECK: Hex dump of section '.got':
-; CHECK-NEXT: 0x000203d8 00000000 00000080 00000000 000000a0
-;; ^^ 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA
-;; ^^ 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
+; CHECK-NEXT: 0x00020690 00000000 00000080 00000000 000000a0
+;; ^^ func: 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA
+;; ^^ var: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
+; CHECK-NEXT: 0x000206a0 00000000 00000080 00000000 000000a0
+;; ^^ func_undef: 0b10000000 bit 63 address diversity = true, bits 61..60 key = IA
+;; ^^ g1: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
+; CHECK-NEXT: 0x000206b0 00000000 000000a0 00000000 000000a0
+;; ^^ g2: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
+;; ^^ g3: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
+; CHECK-NEXT: 0x000206c0 00000000 000000a0 00000000 000000a0
+;; ^^ g4: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
+;; ^^ var_undef: 0b10100000 bit 63 address diversity = true, bits 61..60 key = DA
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64-unknown-linux-gnu"
- at var = external global ptr
+ at g1 = external global ptr
+ at g2 = external global ptr
+ at g3 = external global ptr
+ at g4 = external global ptr
-declare void @foo()
+define void @func() {
+entry:
+ ret void
+}
+declare void @func_undef()
+
+ at var = global i32 42
+ at var_undef = external global i32
define void @bar() #0 {
entry:
- store ptr ptrauth (ptr @foo, i32 0), ptr @var
+ store ptr ptrauth (ptr @func, i32 0), ptr @g1
+ store ptr ptrauth (ptr @func_undef, i32 0), ptr @g2
+ store ptr ptrauth (ptr @var, i32 0), ptr @g3
+ store ptr ptrauth (ptr @var_undef, i32 0), ptr @g4
ret void
}
>From efaa9e2494b6bf593ed1a745b8937e5f1d5cdbf7 Mon Sep 17 00:00:00 2001
From: Daniil Kovalev <dkovalev at accesssoftek.com>
Date: Mon, 14 Apr 2025 16:48:52 +0300
Subject: [PATCH 3/3] Limit special behavior to AArch64
---
lld/ELF/Driver.cpp | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/lld/ELF/Driver.cpp b/lld/ELF/Driver.cpp
index c87f3a3f6881d..9d36071e1532f 100644
--- a/lld/ELF/Driver.cpp
+++ b/lld/ELF/Driver.cpp
@@ -2638,11 +2638,16 @@ void LinkerDriver::compileBitcodeFiles(bool skipLinkedOutput) {
auto *obj = cast<ObjFile<ELFT>>(file.get());
obj->parse(/*ignoreComdats=*/true);
- for (typename ELFT::Sym elfSym : obj->template getGlobalELFSyms<ELFT>()) {
- StringRef elfSymName = check(elfSym.getName(obj->getStringTable()));
- if (Symbol *sym = ctx.symtab->find(elfSymName))
- if (sym->type == STT_NOTYPE)
- sym->type = elfSym.getType();
+ // This is only needed for AArch64 PAuth to set correct key in AUTH GOT
+ // entry based on symbol type (STT_FUNC or not).
+ // TODO: check if PAuth is actually used.
+ if (ctx.arg.emachine == EM_AARCH64) {
+ for (typename ELFT::Sym elfSym : obj->template getGlobalELFSyms<ELFT>()) {
+ StringRef elfSymName = check(elfSym.getName(obj->getStringTable()));
+ if (Symbol *sym = ctx.symtab->find(elfSymName))
+ if (sym->type == STT_NOTYPE)
+ sym->type = elfSym.getType();
+ }
}
// For defined symbols in non-relocatable output,
More information about the llvm-commits
mailing list