2017-06-17 01:32:43 +08:00
|
|
|
//===- AArch64.cpp --------------------------------------------------------===//
|
|
|
|
//
|
2019-01-19 16:50:56 +08:00
|
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
2017-06-17 01:32:43 +08:00
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#include "Symbols.h"
|
|
|
|
#include "SyntheticSections.h"
|
|
|
|
#include "Target.h"
|
|
|
|
#include "Thunks.h"
|
[lld] unified COFF and ELF error handling on new Common/ErrorHandler
Summary:
The COFF linker and the ELF linker have long had similar but separate
Error.h and Error.cpp files to implement error handling. This change
introduces new error handling code in Common/ErrorHandler.h, changes the
COFF and ELF linkers to use it, and removes the old, separate
implementations.
Reviewers: ruiu
Reviewed By: ruiu
Subscribers: smeenai, jyknight, emaste, sdardis, nemanjai, nhaehnle, mgorny, javed.absar, kbarton, fedor.sergeev, llvm-commits
Differential Revision: https://reviews.llvm.org/D39259
llvm-svn: 316624
2017-10-26 06:28:38 +08:00
|
|
|
#include "lld/Common/ErrorHandler.h"
|
2017-06-17 01:32:43 +08:00
|
|
|
#include "llvm/Object/ELF.h"
|
|
|
|
#include "llvm/Support/Endian.h"
|
|
|
|
|
|
|
|
using namespace llvm;
|
|
|
|
using namespace llvm::support::endian;
|
|
|
|
using namespace llvm::ELF;
|
2020-05-15 13:18:58 +08:00
|
|
|
using namespace lld;
|
|
|
|
using namespace lld::elf;
|
2017-06-17 01:32:43 +08:00
|
|
|
|
|
|
|
// Page(Expr) is the page address of the expression Expr, defined
|
|
|
|
// as (Expr & ~0xFFF). (This applies even if the machine page size
|
|
|
|
// supported by the platform has a different value.)
|
2020-05-15 13:18:58 +08:00
|
|
|
uint64_t elf::getAArch64Page(uint64_t expr) {
|
2017-06-17 01:32:43 +08:00
|
|
|
return expr & ~static_cast<uint64_t>(0xFFF);
|
|
|
|
}
|
|
|
|
|
|
|
|
namespace {
|
2019-06-07 21:00:17 +08:00
|
|
|
class AArch64 : public TargetInfo {
|
2017-06-17 01:32:43 +08:00
|
|
|
public:
|
|
|
|
AArch64();
|
2017-11-04 05:21:47 +08:00
|
|
|
RelExpr getRelExpr(RelType type, const Symbol &s,
|
2017-06-17 01:32:43 +08:00
|
|
|
const uint8_t *loc) const override;
|
2018-04-05 20:07:20 +08:00
|
|
|
RelType getDynRel(RelType type) const override;
|
2017-11-04 05:21:47 +08:00
|
|
|
void writeGotPlt(uint8_t *buf, const Symbol &s) const override;
|
2017-06-17 01:32:43 +08:00
|
|
|
void writePltHeader(uint8_t *buf) const override;
|
2019-12-18 05:43:04 +08:00
|
|
|
void writePlt(uint8_t *buf, const Symbol &sym,
|
|
|
|
uint64_t pltEntryAddr) const override;
|
2017-11-29 19:15:12 +08:00
|
|
|
bool needsThunk(RelExpr expr, RelType type, const InputFile *file,
|
2019-11-23 16:57:54 +08:00
|
|
|
uint64_t branchAddr, const Symbol &s,
|
|
|
|
int64_t a) const override;
|
2018-08-20 17:37:50 +08:00
|
|
|
uint32_t getThunkSectionSpacing() const override;
|
2017-11-29 19:15:12 +08:00
|
|
|
bool inBranchRange(RelType type, uint64_t src, uint64_t dst) const override;
|
2017-10-12 06:49:24 +08:00
|
|
|
bool usesOnlyLowPageBits(RelType type) const override;
|
2020-01-23 13:39:16 +08:00
|
|
|
void relocate(uint8_t *loc, const Relocation &rel,
|
|
|
|
uint64_t val) const override;
|
2020-11-26 01:00:55 +08:00
|
|
|
RelExpr adjustTlsExpr(RelType type, RelExpr expr) const override;
|
2020-01-23 11:42:54 +08:00
|
|
|
void relaxTlsGdToLe(uint8_t *loc, const Relocation &rel,
|
|
|
|
uint64_t val) const override;
|
|
|
|
void relaxTlsGdToIe(uint8_t *loc, const Relocation &rel,
|
|
|
|
uint64_t val) const override;
|
|
|
|
void relaxTlsIeToLe(uint8_t *loc, const Relocation &rel,
|
|
|
|
uint64_t val) const override;
|
2017-06-17 01:32:43 +08:00
|
|
|
};
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
AArch64::AArch64() {
|
|
|
|
copyRel = R_AARCH64_COPY;
|
|
|
|
relativeRel = R_AARCH64_RELATIVE;
|
|
|
|
iRelativeRel = R_AARCH64_IRELATIVE;
|
|
|
|
gotRel = R_AARCH64_GLOB_DAT;
|
2018-09-26 16:11:34 +08:00
|
|
|
noneRel = R_AARCH64_NONE;
|
2017-06-17 01:32:43 +08:00
|
|
|
pltRel = R_AARCH64_JUMP_SLOT;
|
2019-06-11 20:59:30 +08:00
|
|
|
symbolicRel = R_AARCH64_ABS64;
|
2017-06-17 01:32:43 +08:00
|
|
|
tlsDescRel = R_AARCH64_TLSDESC;
|
|
|
|
tlsGotRel = R_AARCH64_TLS_TPREL64;
|
|
|
|
pltHeaderSize = 32;
|
2019-12-15 06:17:35 +08:00
|
|
|
pltEntrySize = 16;
|
|
|
|
ipltEntrySize = 16;
|
2017-06-17 01:32:43 +08:00
|
|
|
defaultMaxPageSize = 65536;
|
|
|
|
|
Align AArch64 and i386 image base to superpage
Summary:
As for x86_64, the default image base for AArch64 and i386 should be
aligned to a superpage appropriate for the architecture.
On AArch64, this is 2 MiB, on i386 it is 4 MiB.
Reviewers: emaste, grimar, javed.absar, espindola, ruiu, peter.smith, srhines, rprichard
Reviewed By: ruiu, peter.smith
Subscribers: jfb, markj, arichardson, krytarowski, kristof.beyls, llvm-commits
Differential Revision: https://reviews.llvm.org/D50297
llvm-svn: 342746
2018-09-22 00:58:13 +08:00
|
|
|
// Align to the 2 MiB page size (known as a superpage or huge page).
|
|
|
|
// FreeBSD automatically promotes 2 MiB-aligned allocations.
|
|
|
|
defaultImageBase = 0x200000;
|
|
|
|
|
2017-11-29 19:15:12 +08:00
|
|
|
needsThunks = true;
|
2017-06-17 01:32:43 +08:00
|
|
|
}
|
|
|
|
|
2017-11-04 05:21:47 +08:00
|
|
|
RelExpr AArch64::getRelExpr(RelType type, const Symbol &s,
|
2017-10-12 11:14:06 +08:00
|
|
|
const uint8_t *loc) const {
|
2017-06-17 01:32:43 +08:00
|
|
|
switch (type) {
|
2019-08-15 18:02:54 +08:00
|
|
|
case R_AARCH64_ABS16:
|
|
|
|
case R_AARCH64_ABS32:
|
|
|
|
case R_AARCH64_ABS64:
|
|
|
|
case R_AARCH64_ADD_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST128_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST16_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST32_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST64_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST8_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_MOVW_SABS_G0:
|
|
|
|
case R_AARCH64_MOVW_SABS_G1:
|
|
|
|
case R_AARCH64_MOVW_SABS_G2:
|
|
|
|
case R_AARCH64_MOVW_UABS_G0:
|
|
|
|
case R_AARCH64_MOVW_UABS_G0_NC:
|
|
|
|
case R_AARCH64_MOVW_UABS_G1:
|
|
|
|
case R_AARCH64_MOVW_UABS_G1_NC:
|
|
|
|
case R_AARCH64_MOVW_UABS_G2:
|
|
|
|
case R_AARCH64_MOVW_UABS_G2_NC:
|
|
|
|
case R_AARCH64_MOVW_UABS_G3:
|
|
|
|
return R_ABS;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_TLSDESC_ADR_PAGE21:
|
2018-11-15 23:35:44 +08:00
|
|
|
return R_AARCH64_TLSDESC_PAGE;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_TLSDESC_LD64_LO12:
|
|
|
|
case R_AARCH64_TLSDESC_ADD_LO12:
|
|
|
|
return R_TLSDESC;
|
|
|
|
case R_AARCH64_TLSDESC_CALL:
|
|
|
|
return R_TLSDESC_CALL;
|
|
|
|
case R_AARCH64_TLSLE_ADD_TPREL_HI12:
|
|
|
|
case R_AARCH64_TLSLE_ADD_TPREL_LO12_NC:
|
2018-05-04 16:53:34 +08:00
|
|
|
case R_AARCH64_TLSLE_LDST8_TPREL_LO12_NC:
|
|
|
|
case R_AARCH64_TLSLE_LDST16_TPREL_LO12_NC:
|
|
|
|
case R_AARCH64_TLSLE_LDST32_TPREL_LO12_NC:
|
|
|
|
case R_AARCH64_TLSLE_LDST64_TPREL_LO12_NC:
|
|
|
|
case R_AARCH64_TLSLE_LDST128_TPREL_LO12_NC:
|
2019-08-08 21:38:09 +08:00
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G0:
|
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G0_NC:
|
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G1:
|
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G1_NC:
|
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G2:
|
2017-06-17 01:32:43 +08:00
|
|
|
return R_TLS;
|
|
|
|
case R_AARCH64_CALL26:
|
|
|
|
case R_AARCH64_CONDBR19:
|
|
|
|
case R_AARCH64_JUMP26:
|
|
|
|
case R_AARCH64_TSTBR14:
|
2020-06-24 07:10:07 +08:00
|
|
|
case R_AARCH64_PLT32:
|
2017-06-17 01:32:43 +08:00
|
|
|
return R_PLT_PC;
|
|
|
|
case R_AARCH64_PREL16:
|
|
|
|
case R_AARCH64_PREL32:
|
|
|
|
case R_AARCH64_PREL64:
|
|
|
|
case R_AARCH64_ADR_PREL_LO21:
|
2017-09-21 07:49:50 +08:00
|
|
|
case R_AARCH64_LD_PREL_LO19:
|
2019-07-19 01:12:50 +08:00
|
|
|
case R_AARCH64_MOVW_PREL_G0:
|
|
|
|
case R_AARCH64_MOVW_PREL_G0_NC:
|
|
|
|
case R_AARCH64_MOVW_PREL_G1:
|
|
|
|
case R_AARCH64_MOVW_PREL_G1_NC:
|
|
|
|
case R_AARCH64_MOVW_PREL_G2:
|
|
|
|
case R_AARCH64_MOVW_PREL_G2_NC:
|
|
|
|
case R_AARCH64_MOVW_PREL_G3:
|
2017-06-17 01:32:43 +08:00
|
|
|
return R_PC;
|
|
|
|
case R_AARCH64_ADR_PREL_PG_HI21:
|
2019-07-11 00:42:20 +08:00
|
|
|
case R_AARCH64_ADR_PREL_PG_HI21_NC:
|
2018-11-15 23:35:44 +08:00
|
|
|
return R_AARCH64_PAGE_PC;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_LD64_GOT_LO12_NC:
|
|
|
|
case R_AARCH64_TLSIE_LD64_GOTTPREL_LO12_NC:
|
|
|
|
return R_GOT;
|
|
|
|
case R_AARCH64_ADR_GOT_PAGE:
|
|
|
|
case R_AARCH64_TLSIE_ADR_GOTTPREL_PAGE21:
|
2018-11-13 18:16:36 +08:00
|
|
|
return R_AARCH64_GOT_PAGE_PC;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_NONE:
|
|
|
|
return R_NONE;
|
2017-10-12 11:14:06 +08:00
|
|
|
default:
|
2019-08-15 18:02:54 +08:00
|
|
|
error(getErrorLocation(loc) + "unknown relocation (" + Twine(type) +
|
|
|
|
") against symbol " + toString(s));
|
|
|
|
return R_NONE;
|
2017-06-17 01:32:43 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-26 01:00:55 +08:00
|
|
|
RelExpr AArch64::adjustTlsExpr(RelType type, RelExpr expr) const {
|
2017-06-17 01:32:43 +08:00
|
|
|
if (expr == R_RELAX_TLS_GD_TO_IE) {
|
|
|
|
if (type == R_AARCH64_TLSDESC_ADR_PAGE21)
|
2018-11-13 18:16:36 +08:00
|
|
|
return R_AARCH64_RELAX_TLS_GD_TO_IE_PAGE_PC;
|
2017-06-17 01:32:43 +08:00
|
|
|
return R_RELAX_TLS_GD_TO_IE_ABS;
|
|
|
|
}
|
|
|
|
return expr;
|
|
|
|
}
|
|
|
|
|
2017-10-12 06:49:24 +08:00
|
|
|
bool AArch64::usesOnlyLowPageBits(RelType type) const {
|
2017-06-17 01:32:43 +08:00
|
|
|
switch (type) {
|
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
case R_AARCH64_ADD_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LD64_GOT_LO12_NC:
|
|
|
|
case R_AARCH64_LDST128_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST16_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST32_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST64_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_LDST8_ABS_LO12_NC:
|
|
|
|
case R_AARCH64_TLSDESC_ADD_LO12:
|
|
|
|
case R_AARCH64_TLSDESC_LD64_LO12:
|
|
|
|
case R_AARCH64_TLSIE_LD64_GOTTPREL_LO12_NC:
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-04-05 20:07:20 +08:00
|
|
|
RelType AArch64::getDynRel(RelType type) const {
|
[ELF][ARM][AARCH64][MIPS][PPC] Simplify the logic to create R_*_RELATIVE for absolute relocation types in writable sections
Summary:
Our rule to create R_*_RELATIVE for absolute relocation types were
loose. D63121 made it stricter but it failed to create R_*_RELATIVE for
R_ARM_TARGET1 and R_PPC64_TOC. rLLD363236 worked around that by
reinstating the original behavior for ARM and PPC64.
This patch is an attempt to simplify the logic.
Note, in ld.bfd, R_ARM_TARGET2 --target2=abs also creates
R_ARM_RELATIVE. This seems a very uncommon scenario (moreover,
--target2=got-rel is the default), so I do not implement any logic
related to it.
Also, delete R_AARCH64_ABS32 from AArch64::getDynRel. We don't have
working ILP32 support yet. Allowing it would create an incorrect
R_AARCH64_RELATIVE.
For MIPS, the (if SymbolRel, then RelativeRel) code is to keep its
behavior unchanged.
Note, in ppc64-abs64-dyn.s, R_PPC64_TOC gets an incorrect addend because
computeAddend() doesn't compute the correct address. We seem to have the
wrong behavior for a long time. The important thing seems that a dynamic
relocation R_PPC64_TOC should not be created as the dynamic loader will
error R_PPC64_TOC is not supported.
Reviewers: atanasyan, grimar, peter.smith, ruiu, sfertile, espindola
Reviewed By: ruiu
Differential Revision: https://reviews.llvm.org/D63383
llvm-svn: 363928
2019-06-20 22:00:08 +08:00
|
|
|
if (type == R_AARCH64_ABS64)
|
2018-04-05 20:07:20 +08:00
|
|
|
return type;
|
|
|
|
return R_AARCH64_NONE;
|
2017-06-17 01:32:43 +08:00
|
|
|
}
|
|
|
|
|
2017-11-04 05:21:47 +08:00
|
|
|
void AArch64::writeGotPlt(uint8_t *buf, const Symbol &) const {
|
2018-09-26 03:26:58 +08:00
|
|
|
write64le(buf, in.plt->getVA());
|
2017-06-17 01:32:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void AArch64::writePltHeader(uint8_t *buf) const {
|
|
|
|
const uint8_t pltData[] = {
|
|
|
|
0xf0, 0x7b, 0xbf, 0xa9, // stp x16, x30, [sp,#-16]!
|
|
|
|
0x10, 0x00, 0x00, 0x90, // adrp x16, Page(&(.plt.got[2]))
|
|
|
|
0x11, 0x02, 0x40, 0xf9, // ldr x17, [x16, Offset(&(.plt.got[2]))]
|
|
|
|
0x10, 0x02, 0x00, 0x91, // add x16, x16, Offset(&(.plt.got[2]))
|
|
|
|
0x20, 0x02, 0x1f, 0xd6, // br x17
|
|
|
|
0x1f, 0x20, 0x03, 0xd5, // nop
|
|
|
|
0x1f, 0x20, 0x03, 0xd5, // nop
|
|
|
|
0x1f, 0x20, 0x03, 0xd5 // nop
|
|
|
|
};
|
|
|
|
memcpy(buf, pltData, sizeof(pltData));
|
[Coding style change] Rename variables so that they start with a lowercase letter
This patch is mechanically generated by clang-llvm-rename tool that I wrote
using Clang Refactoring Engine just for creating this patch. You can see the
source code of the tool at https://reviews.llvm.org/D64123. There's no manual
post-processing; you can generate the same patch by re-running the tool against
lld's code base.
Here is the main discussion thread to change the LLVM coding style:
https://lists.llvm.org/pipermail/llvm-dev/2019-February/130083.html
In the discussion thread, I proposed we use lld as a testbed for variable
naming scheme change, and this patch does that.
I chose to rename variables so that they are in camelCase, just because that
is a minimal change to make variables to start with a lowercase letter.
Note to downstream patch maintainers: if you are maintaining a downstream lld
repo, just rebasing ahead of this commit would cause massive merge conflicts
because this patch essentially changes every line in the lld subdirectory. But
there's a remedy.
clang-llvm-rename tool is a batch tool, so you can rename variables in your
downstream repo with the tool. Given that, here is how to rebase your repo to
a commit after the mass renaming:
1. rebase to the commit just before the mass variable renaming,
2. apply the tool to your downstream repo to mass-rename variables locally, and
3. rebase again to the head.
Most changes made by the tool should be identical for a downstream repo and
for the head, so at the step 3, almost all changes should be merged and
disappear. I'd expect that there would be some lines that you need to merge by
hand, but that shouldn't be too many.
Differential Revision: https://reviews.llvm.org/D64121
llvm-svn: 365595
2019-07-10 13:00:37 +08:00
|
|
|
|
2018-09-26 03:26:58 +08:00
|
|
|
uint64_t got = in.gotPlt->getVA();
|
|
|
|
uint64_t plt = in.plt->getVA();
|
2020-01-23 13:39:16 +08:00
|
|
|
relocateNoSym(buf + 4, R_AARCH64_ADR_PREL_PG_HI21,
|
|
|
|
getAArch64Page(got + 16) - getAArch64Page(plt + 4));
|
|
|
|
relocateNoSym(buf + 8, R_AARCH64_LDST64_ABS_LO12_NC, got + 16);
|
|
|
|
relocateNoSym(buf + 12, R_AARCH64_ADD_ABS_LO12_NC, got + 16);
|
2017-06-17 01:32:43 +08:00
|
|
|
}
|
|
|
|
|
2019-12-18 05:43:04 +08:00
|
|
|
void AArch64::writePlt(uint8_t *buf, const Symbol &sym,
|
|
|
|
uint64_t pltEntryAddr) const {
|
2017-06-17 01:32:43 +08:00
|
|
|
const uint8_t inst[] = {
|
|
|
|
0x10, 0x00, 0x00, 0x90, // adrp x16, Page(&(.plt.got[n]))
|
|
|
|
0x11, 0x02, 0x40, 0xf9, // ldr x17, [x16, Offset(&(.plt.got[n]))]
|
|
|
|
0x10, 0x02, 0x00, 0x91, // add x16, x16, Offset(&(.plt.got[n]))
|
|
|
|
0x20, 0x02, 0x1f, 0xd6 // br x17
|
|
|
|
};
|
|
|
|
memcpy(buf, inst, sizeof(inst));
|
|
|
|
|
2019-12-18 05:43:04 +08:00
|
|
|
uint64_t gotPltEntryAddr = sym.getGotPltVA();
|
2020-01-23 13:39:16 +08:00
|
|
|
relocateNoSym(buf, R_AARCH64_ADR_PREL_PG_HI21,
|
|
|
|
getAArch64Page(gotPltEntryAddr) - getAArch64Page(pltEntryAddr));
|
|
|
|
relocateNoSym(buf + 4, R_AARCH64_LDST64_ABS_LO12_NC, gotPltEntryAddr);
|
|
|
|
relocateNoSym(buf + 8, R_AARCH64_ADD_ABS_LO12_NC, gotPltEntryAddr);
|
2017-06-17 01:32:43 +08:00
|
|
|
}
|
|
|
|
|
2017-11-29 19:15:12 +08:00
|
|
|
bool AArch64::needsThunk(RelExpr expr, RelType type, const InputFile *file,
|
2019-11-23 16:57:54 +08:00
|
|
|
uint64_t branchAddr, const Symbol &s,
|
|
|
|
int64_t a) const {
|
2020-01-06 22:16:05 +08:00
|
|
|
// If s is an undefined weak symbol and does not have a PLT entry then it
|
|
|
|
// will be resolved as a branch to the next instruction.
|
|
|
|
if (s.isUndefWeak() && !s.isInPlt())
|
|
|
|
return false;
|
2017-11-29 19:15:12 +08:00
|
|
|
// ELF for the ARM 64-bit architecture, section Call and Jump relocations
|
|
|
|
// only permits range extension thunks for R_AARCH64_CALL26 and
|
|
|
|
// R_AARCH64_JUMP26 relocation types.
|
2020-06-24 07:10:07 +08:00
|
|
|
if (type != R_AARCH64_CALL26 && type != R_AARCH64_JUMP26 &&
|
|
|
|
type != R_AARCH64_PLT32)
|
2017-11-29 19:15:12 +08:00
|
|
|
return false;
|
2019-11-23 16:57:54 +08:00
|
|
|
uint64_t dst = expr == R_PLT_PC ? s.getPltVA() : s.getVA(a);
|
2017-11-29 19:15:12 +08:00
|
|
|
return !inBranchRange(type, branchAddr, dst);
|
|
|
|
}
|
|
|
|
|
2018-08-20 17:37:50 +08:00
|
|
|
uint32_t AArch64::getThunkSectionSpacing() const {
|
|
|
|
// See comment in Arch/ARM.cpp for a more detailed explanation of
|
|
|
|
// getThunkSectionSpacing(). For AArch64 the only branches we are permitted to
|
|
|
|
// Thunk have a range of +/- 128 MiB
|
|
|
|
return (128 * 1024 * 1024) - 0x30000;
|
|
|
|
}
|
|
|
|
|
2017-11-29 19:15:12 +08:00
|
|
|
bool AArch64::inBranchRange(RelType type, uint64_t src, uint64_t dst) const {
|
2020-06-24 07:10:07 +08:00
|
|
|
if (type != R_AARCH64_CALL26 && type != R_AARCH64_JUMP26 &&
|
|
|
|
type != R_AARCH64_PLT32)
|
2017-11-29 19:15:12 +08:00
|
|
|
return true;
|
|
|
|
// The AArch64 call and unconditional branch instructions have a range of
|
2020-06-24 07:10:07 +08:00
|
|
|
// +/- 128 MiB. The PLT32 relocation supports a range up to +/- 2 GiB.
|
|
|
|
uint64_t range =
|
|
|
|
type == R_AARCH64_PLT32 ? (UINT64_C(1) << 31) : (128 * 1024 * 1024);
|
2017-11-29 19:15:12 +08:00
|
|
|
if (dst > src) {
|
|
|
|
// Immediate of branch is signed.
|
|
|
|
range -= 4;
|
|
|
|
return dst - src <= range;
|
|
|
|
}
|
|
|
|
return src - dst <= range;
|
|
|
|
}
|
|
|
|
|
2017-06-17 01:32:43 +08:00
|
|
|
static void write32AArch64Addr(uint8_t *l, uint64_t imm) {
|
|
|
|
uint32_t immLo = (imm & 0x3) << 29;
|
|
|
|
uint32_t immHi = (imm & 0x1FFFFC) << 3;
|
|
|
|
uint64_t mask = (0x3 << 29) | (0x1FFFFC << 3);
|
|
|
|
write32le(l, (read32le(l) & ~mask) | immLo | immHi);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Return the bits [Start, End] from Val shifted Start bits.
|
|
|
|
// For instance, getBits(0xF0, 4, 8) returns 0xF.
|
|
|
|
static uint64_t getBits(uint64_t val, int start, int end) {
|
|
|
|
uint64_t mask = ((uint64_t)1 << (end + 1 - start)) - 1;
|
|
|
|
return (val >> start) & mask;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void or32le(uint8_t *p, int32_t v) { write32le(p, read32le(p) | v); }
|
|
|
|
|
|
|
|
// Update the immediate field in a AARCH64 ldr, str, and add instruction.
|
|
|
|
static void or32AArch64Imm(uint8_t *l, uint64_t imm) {
|
|
|
|
or32le(l, (imm & 0xFFF) << 10);
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:12:50 +08:00
|
|
|
// Update the immediate field in an AArch64 movk, movn or movz instruction
|
|
|
|
// for a signed relocation, and update the opcode of a movn or movz instruction
|
|
|
|
// to match the sign of the operand.
|
|
|
|
static void writeSMovWImm(uint8_t *loc, uint32_t imm) {
|
|
|
|
uint32_t inst = read32le(loc);
|
|
|
|
// Opcode field is bits 30, 29, with 10 = movz, 00 = movn and 11 = movk.
|
|
|
|
if (!(inst & (1 << 29))) {
|
|
|
|
// movn or movz.
|
|
|
|
if (imm & 0x10000) {
|
|
|
|
// Change opcode to movn, which takes an inverted operand.
|
|
|
|
imm ^= 0xFFFF;
|
|
|
|
inst &= ~(1 << 30);
|
|
|
|
} else {
|
|
|
|
// Change opcode to movz.
|
|
|
|
inst |= 1 << 30;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
write32le(loc, inst | ((imm & 0xFFFF) << 5));
|
|
|
|
}
|
|
|
|
|
2020-01-23 13:39:16 +08:00
|
|
|
void AArch64::relocate(uint8_t *loc, const Relocation &rel,
|
|
|
|
uint64_t val) const {
|
|
|
|
switch (rel.type) {
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_ABS16:
|
|
|
|
case R_AARCH64_PREL16:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkIntUInt(loc, val, 16, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
write16le(loc, val);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_ABS32:
|
|
|
|
case R_AARCH64_PREL32:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkIntUInt(loc, val, 32, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
write32le(loc, val);
|
|
|
|
break;
|
2020-06-24 07:10:07 +08:00
|
|
|
case R_AARCH64_PLT32:
|
|
|
|
checkInt(loc, val, 32, rel);
|
|
|
|
write32le(loc, val);
|
|
|
|
break;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_ABS64:
|
|
|
|
case R_AARCH64_PREL64:
|
|
|
|
write64le(loc, val);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_ADD_ABS_LO12_NC:
|
|
|
|
or32AArch64Imm(loc, val);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_ADR_GOT_PAGE:
|
|
|
|
case R_AARCH64_ADR_PREL_PG_HI21:
|
|
|
|
case R_AARCH64_TLSIE_ADR_GOTTPREL_PAGE21:
|
|
|
|
case R_AARCH64_TLSDESC_ADR_PAGE21:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkInt(loc, val, 33, rel);
|
2019-07-11 00:42:20 +08:00
|
|
|
LLVM_FALLTHROUGH;
|
|
|
|
case R_AARCH64_ADR_PREL_PG_HI21_NC:
|
2017-06-17 01:32:43 +08:00
|
|
|
write32AArch64Addr(loc, val >> 12);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_ADR_PREL_LO21:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkInt(loc, val, 21, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
write32AArch64Addr(loc, val);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_JUMP26:
|
2017-09-08 00:29:52 +08:00
|
|
|
// Normally we would just write the bits of the immediate field, however
|
|
|
|
// when patching instructions for the cpu errata fix -fix-cortex-a53-843419
|
|
|
|
// we want to replace a non-branch instruction with a branch immediate
|
|
|
|
// instruction. By writing all the bits of the instruction including the
|
|
|
|
// opcode and the immediate (0 001 | 01 imm26) we can do this
|
|
|
|
// transformation by placing a R_AARCH64_JUMP26 relocation at the offset of
|
|
|
|
// the instruction we want to patch.
|
|
|
|
write32le(loc, 0x14000000);
|
|
|
|
LLVM_FALLTHROUGH;
|
|
|
|
case R_AARCH64_CALL26:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkInt(loc, val, 28, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
or32le(loc, (val & 0x0FFFFFFC) >> 2);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_CONDBR19:
|
2017-09-21 07:49:50 +08:00
|
|
|
case R_AARCH64_LD_PREL_LO19:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkAlignment(loc, val, 4, rel);
|
|
|
|
checkInt(loc, val, 21, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
or32le(loc, (val & 0x1FFFFC) << 3);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_LDST8_ABS_LO12_NC:
|
2018-05-04 16:53:34 +08:00
|
|
|
case R_AARCH64_TLSLE_LDST8_TPREL_LO12_NC:
|
2017-06-17 01:32:43 +08:00
|
|
|
or32AArch64Imm(loc, getBits(val, 0, 11));
|
|
|
|
break;
|
|
|
|
case R_AARCH64_LDST16_ABS_LO12_NC:
|
2018-05-04 16:53:34 +08:00
|
|
|
case R_AARCH64_TLSLE_LDST16_TPREL_LO12_NC:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkAlignment(loc, val, 2, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
or32AArch64Imm(loc, getBits(val, 1, 11));
|
|
|
|
break;
|
|
|
|
case R_AARCH64_LDST32_ABS_LO12_NC:
|
2018-05-04 16:53:34 +08:00
|
|
|
case R_AARCH64_TLSLE_LDST32_TPREL_LO12_NC:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkAlignment(loc, val, 4, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
or32AArch64Imm(loc, getBits(val, 2, 11));
|
|
|
|
break;
|
|
|
|
case R_AARCH64_LDST64_ABS_LO12_NC:
|
2018-05-03 20:59:52 +08:00
|
|
|
case R_AARCH64_LD64_GOT_LO12_NC:
|
|
|
|
case R_AARCH64_TLSIE_LD64_GOTTPREL_LO12_NC:
|
2018-05-04 16:53:34 +08:00
|
|
|
case R_AARCH64_TLSLE_LDST64_TPREL_LO12_NC:
|
2018-05-03 20:59:52 +08:00
|
|
|
case R_AARCH64_TLSDESC_LD64_LO12:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkAlignment(loc, val, 8, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
or32AArch64Imm(loc, getBits(val, 3, 11));
|
|
|
|
break;
|
|
|
|
case R_AARCH64_LDST128_ABS_LO12_NC:
|
2018-05-04 16:53:34 +08:00
|
|
|
case R_AARCH64_TLSLE_LDST128_TPREL_LO12_NC:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkAlignment(loc, val, 16, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
or32AArch64Imm(loc, getBits(val, 4, 11));
|
|
|
|
break;
|
2019-07-19 01:12:50 +08:00
|
|
|
case R_AARCH64_MOVW_UABS_G0:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkUInt(loc, val, 16, rel);
|
2019-07-19 01:12:50 +08:00
|
|
|
LLVM_FALLTHROUGH;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_MOVW_UABS_G0_NC:
|
|
|
|
or32le(loc, (val & 0xFFFF) << 5);
|
|
|
|
break;
|
2019-07-19 01:12:50 +08:00
|
|
|
case R_AARCH64_MOVW_UABS_G1:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkUInt(loc, val, 32, rel);
|
2019-07-19 01:12:50 +08:00
|
|
|
LLVM_FALLTHROUGH;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_MOVW_UABS_G1_NC:
|
|
|
|
or32le(loc, (val & 0xFFFF0000) >> 11);
|
|
|
|
break;
|
2019-07-19 01:12:50 +08:00
|
|
|
case R_AARCH64_MOVW_UABS_G2:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkUInt(loc, val, 48, rel);
|
2019-07-19 01:12:50 +08:00
|
|
|
LLVM_FALLTHROUGH;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_MOVW_UABS_G2_NC:
|
|
|
|
or32le(loc, (val & 0xFFFF00000000) >> 27);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_MOVW_UABS_G3:
|
|
|
|
or32le(loc, (val & 0xFFFF000000000000) >> 43);
|
|
|
|
break;
|
2019-07-19 01:12:50 +08:00
|
|
|
case R_AARCH64_MOVW_PREL_G0:
|
|
|
|
case R_AARCH64_MOVW_SABS_G0:
|
2019-08-08 21:38:09 +08:00
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G0:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkInt(loc, val, 17, rel);
|
2019-07-19 01:12:50 +08:00
|
|
|
LLVM_FALLTHROUGH;
|
|
|
|
case R_AARCH64_MOVW_PREL_G0_NC:
|
2019-08-08 21:38:09 +08:00
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G0_NC:
|
2019-07-19 01:12:50 +08:00
|
|
|
writeSMovWImm(loc, val);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_MOVW_PREL_G1:
|
|
|
|
case R_AARCH64_MOVW_SABS_G1:
|
2019-08-08 21:38:09 +08:00
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G1:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkInt(loc, val, 33, rel);
|
2019-07-19 01:12:50 +08:00
|
|
|
LLVM_FALLTHROUGH;
|
|
|
|
case R_AARCH64_MOVW_PREL_G1_NC:
|
2019-08-08 21:38:09 +08:00
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G1_NC:
|
2019-07-19 01:12:50 +08:00
|
|
|
writeSMovWImm(loc, val >> 16);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_MOVW_PREL_G2:
|
|
|
|
case R_AARCH64_MOVW_SABS_G2:
|
2019-08-08 21:38:09 +08:00
|
|
|
case R_AARCH64_TLSLE_MOVW_TPREL_G2:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkInt(loc, val, 49, rel);
|
2019-07-19 01:12:50 +08:00
|
|
|
LLVM_FALLTHROUGH;
|
|
|
|
case R_AARCH64_MOVW_PREL_G2_NC:
|
|
|
|
writeSMovWImm(loc, val >> 32);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_MOVW_PREL_G3:
|
|
|
|
writeSMovWImm(loc, val >> 48);
|
|
|
|
break;
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_TSTBR14:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkInt(loc, val, 16, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
or32le(loc, (val & 0xFFFC) << 3);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_TLSLE_ADD_TPREL_HI12:
|
2020-01-23 13:39:16 +08:00
|
|
|
checkUInt(loc, val, 24, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
or32AArch64Imm(loc, val >> 12);
|
|
|
|
break;
|
|
|
|
case R_AARCH64_TLSLE_ADD_TPREL_LO12_NC:
|
|
|
|
case R_AARCH64_TLSDESC_ADD_LO12:
|
|
|
|
or32AArch64Imm(loc, val);
|
|
|
|
break;
|
|
|
|
default:
|
2019-08-15 18:02:54 +08:00
|
|
|
llvm_unreachable("unknown relocation");
|
2017-06-17 01:32:43 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-23 11:42:54 +08:00
|
|
|
void AArch64::relaxTlsGdToLe(uint8_t *loc, const Relocation &rel,
|
|
|
|
uint64_t val) const {
|
2017-06-17 01:32:43 +08:00
|
|
|
// TLSDESC Global-Dynamic relocation are in the form:
|
|
|
|
// adrp x0, :tlsdesc:v [R_AARCH64_TLSDESC_ADR_PAGE21]
|
|
|
|
// ldr x1, [x0, #:tlsdesc_lo12:v [R_AARCH64_TLSDESC_LD64_LO12]
|
|
|
|
// add x0, x0, :tlsdesc_los:v [R_AARCH64_TLSDESC_ADD_LO12]
|
|
|
|
// .tlsdesccall [R_AARCH64_TLSDESC_CALL]
|
|
|
|
// blr x1
|
|
|
|
// And it can optimized to:
|
|
|
|
// movz x0, #0x0, lsl #16
|
|
|
|
// movk x0, #0x10
|
|
|
|
// nop
|
|
|
|
// nop
|
2020-01-23 13:39:16 +08:00
|
|
|
checkUInt(loc, val, 32, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
|
2020-01-23 11:42:54 +08:00
|
|
|
switch (rel.type) {
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_TLSDESC_ADD_LO12:
|
|
|
|
case R_AARCH64_TLSDESC_CALL:
|
|
|
|
write32le(loc, 0xd503201f); // nop
|
|
|
|
return;
|
|
|
|
case R_AARCH64_TLSDESC_ADR_PAGE21:
|
|
|
|
write32le(loc, 0xd2a00000 | (((val >> 16) & 0xffff) << 5)); // movz
|
|
|
|
return;
|
|
|
|
case R_AARCH64_TLSDESC_LD64_LO12:
|
|
|
|
write32le(loc, 0xf2800000 | ((val & 0xffff) << 5)); // movk
|
|
|
|
return;
|
|
|
|
default:
|
|
|
|
llvm_unreachable("unsupported relocation for TLS GD to LE relaxation");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-23 11:42:54 +08:00
|
|
|
void AArch64::relaxTlsGdToIe(uint8_t *loc, const Relocation &rel,
|
|
|
|
uint64_t val) const {
|
2017-06-17 01:32:43 +08:00
|
|
|
// TLSDESC Global-Dynamic relocation are in the form:
|
|
|
|
// adrp x0, :tlsdesc:v [R_AARCH64_TLSDESC_ADR_PAGE21]
|
|
|
|
// ldr x1, [x0, #:tlsdesc_lo12:v [R_AARCH64_TLSDESC_LD64_LO12]
|
|
|
|
// add x0, x0, :tlsdesc_los:v [R_AARCH64_TLSDESC_ADD_LO12]
|
|
|
|
// .tlsdesccall [R_AARCH64_TLSDESC_CALL]
|
|
|
|
// blr x1
|
|
|
|
// And it can optimized to:
|
|
|
|
// adrp x0, :gottprel:v
|
|
|
|
// ldr x0, [x0, :gottprel_lo12:v]
|
|
|
|
// nop
|
|
|
|
// nop
|
|
|
|
|
2020-01-23 11:42:54 +08:00
|
|
|
switch (rel.type) {
|
2017-06-17 01:32:43 +08:00
|
|
|
case R_AARCH64_TLSDESC_ADD_LO12:
|
|
|
|
case R_AARCH64_TLSDESC_CALL:
|
|
|
|
write32le(loc, 0xd503201f); // nop
|
|
|
|
break;
|
|
|
|
case R_AARCH64_TLSDESC_ADR_PAGE21:
|
|
|
|
write32le(loc, 0x90000000); // adrp
|
2020-01-23 13:39:16 +08:00
|
|
|
relocateNoSym(loc, R_AARCH64_TLSIE_ADR_GOTTPREL_PAGE21, val);
|
2017-06-17 01:32:43 +08:00
|
|
|
break;
|
|
|
|
case R_AARCH64_TLSDESC_LD64_LO12:
|
|
|
|
write32le(loc, 0xf9400000); // ldr
|
2020-01-23 13:39:16 +08:00
|
|
|
relocateNoSym(loc, R_AARCH64_TLSIE_LD64_GOTTPREL_LO12_NC, val);
|
2017-06-17 01:32:43 +08:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
llvm_unreachable("unsupported relocation for TLS GD to LE relaxation");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-23 11:42:54 +08:00
|
|
|
void AArch64::relaxTlsIeToLe(uint8_t *loc, const Relocation &rel,
|
|
|
|
uint64_t val) const {
|
2020-01-23 13:39:16 +08:00
|
|
|
checkUInt(loc, val, 32, rel);
|
2017-06-17 01:32:43 +08:00
|
|
|
|
2020-01-23 11:42:54 +08:00
|
|
|
if (rel.type == R_AARCH64_TLSIE_ADR_GOTTPREL_PAGE21) {
|
2017-06-17 01:32:43 +08:00
|
|
|
// Generate MOVZ.
|
|
|
|
uint32_t regNo = read32le(loc) & 0x1f;
|
|
|
|
write32le(loc, (0xd2a00000 | regNo) | (((val >> 16) & 0xffff) << 5));
|
|
|
|
return;
|
|
|
|
}
|
2020-01-23 11:42:54 +08:00
|
|
|
if (rel.type == R_AARCH64_TLSIE_LD64_GOTTPREL_LO12_NC) {
|
2017-06-17 01:32:43 +08:00
|
|
|
// Generate MOVK.
|
|
|
|
uint32_t regNo = read32le(loc) & 0x1f;
|
|
|
|
write32le(loc, (0xf2800000 | regNo) | ((val & 0xffff) << 5));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
llvm_unreachable("invalid relocation for TLS IE to LE relaxation");
|
|
|
|
}
|
|
|
|
|
2019-06-07 21:00:17 +08:00
|
|
|
// AArch64 may use security features in variant PLT sequences. These are:
|
|
|
|
// Pointer Authentication (PAC), introduced in armv8.3-a and Branch Target
|
|
|
|
// Indicator (BTI) introduced in armv8.5-a. The additional instructions used
|
|
|
|
// in the variant Plt sequences are encoded in the Hint space so they can be
|
|
|
|
// deployed on older architectures, which treat the instructions as a nop.
|
|
|
|
// PAC and BTI can be combined leading to the following combinations:
|
|
|
|
// writePltHeader
|
|
|
|
// writePltHeaderBti (no PAC Header needed)
|
|
|
|
// writePlt
|
|
|
|
// writePltBti (BTI only)
|
|
|
|
// writePltPac (PAC only)
|
|
|
|
// writePltBtiPac (BTI and PAC)
|
|
|
|
//
|
|
|
|
// When PAC is enabled the dynamic loader encrypts the address that it places
|
|
|
|
// in the .got.plt using the pacia1716 instruction which encrypts the value in
|
|
|
|
// x17 using the modifier in x16. The static linker places autia1716 before the
|
|
|
|
// indirect branch to x17 to authenticate the address in x17 with the modifier
|
|
|
|
// in x16. This makes it more difficult for an attacker to modify the value in
|
|
|
|
// the .got.plt.
|
|
|
|
//
|
|
|
|
// When BTI is enabled all indirect branches must land on a bti instruction.
|
|
|
|
// The static linker must place a bti instruction at the start of any PLT entry
|
|
|
|
// that may be the target of an indirect branch. As the PLT entries call the
|
|
|
|
// lazy resolver indirectly this must have a bti instruction at start. In
|
|
|
|
// general a bti instruction is not needed for a PLT entry as indirect calls
|
|
|
|
// are resolved to the function address and not the PLT entry for the function.
|
|
|
|
// There are a small number of cases where the PLT address can escape, such as
|
|
|
|
// taking the address of a function or ifunc via a non got-generating
|
|
|
|
// relocation, and a shared library refers to that symbol.
|
|
|
|
//
|
|
|
|
// We use the bti c variant of the instruction which permits indirect branches
|
|
|
|
// (br) via x16/x17 and indirect function calls (blr) via any register. The ABI
|
|
|
|
// guarantees that all indirect branches from code requiring BTI protection
|
|
|
|
// will go via x16/x17
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
class AArch64BtiPac final : public AArch64 {
|
|
|
|
public:
|
|
|
|
AArch64BtiPac();
|
|
|
|
void writePltHeader(uint8_t *buf) const override;
|
2019-12-18 05:43:04 +08:00
|
|
|
void writePlt(uint8_t *buf, const Symbol &sym,
|
|
|
|
uint64_t pltEntryAddr) const override;
|
2019-06-07 21:00:17 +08:00
|
|
|
|
|
|
|
private:
|
|
|
|
bool btiHeader; // bti instruction needed in PLT Header
|
|
|
|
bool btiEntry; // bti instruction needed in PLT Entry
|
|
|
|
bool pacEntry; // autia1716 instruction needed in PLT Entry
|
|
|
|
};
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
AArch64BtiPac::AArch64BtiPac() {
|
|
|
|
btiHeader = (config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI);
|
|
|
|
// A BTI (Branch Target Indicator) Plt Entry is only required if the
|
|
|
|
// address of the PLT entry can be taken by the program, which permits an
|
|
|
|
// indirect jump to the PLT entry. This can happen when the address
|
|
|
|
// of the PLT entry for a function is canonicalised due to the address of
|
|
|
|
// the function in an executable being taken by a shared library.
|
|
|
|
// FIXME: There is a potential optimization to omit the BTI if we detect
|
|
|
|
// that the address of the PLT entry isn't taken.
|
2020-02-18 16:53:39 +08:00
|
|
|
// The PAC PLT entries require dynamic loader support and this isn't known
|
|
|
|
// from properties in the objects, so we use the command line flag.
|
2019-06-07 21:00:17 +08:00
|
|
|
btiEntry = btiHeader && !config->shared;
|
2020-02-18 16:53:39 +08:00
|
|
|
pacEntry = config->zPacPlt;
|
2019-06-07 21:00:17 +08:00
|
|
|
|
2019-12-15 06:17:35 +08:00
|
|
|
if (btiEntry || pacEntry) {
|
2019-06-07 21:00:17 +08:00
|
|
|
pltEntrySize = 24;
|
2019-12-15 06:17:35 +08:00
|
|
|
ipltEntrySize = 24;
|
|
|
|
}
|
2017-06-17 04:15:03 +08:00
|
|
|
}
|
2019-06-07 21:00:17 +08:00
|
|
|
|
|
|
|
void AArch64BtiPac::writePltHeader(uint8_t *buf) const {
|
|
|
|
const uint8_t btiData[] = { 0x5f, 0x24, 0x03, 0xd5 }; // bti c
|
|
|
|
const uint8_t pltData[] = {
|
|
|
|
0xf0, 0x7b, 0xbf, 0xa9, // stp x16, x30, [sp,#-16]!
|
|
|
|
0x10, 0x00, 0x00, 0x90, // adrp x16, Page(&(.plt.got[2]))
|
|
|
|
0x11, 0x02, 0x40, 0xf9, // ldr x17, [x16, Offset(&(.plt.got[2]))]
|
|
|
|
0x10, 0x02, 0x00, 0x91, // add x16, x16, Offset(&(.plt.got[2]))
|
|
|
|
0x20, 0x02, 0x1f, 0xd6, // br x17
|
|
|
|
0x1f, 0x20, 0x03, 0xd5, // nop
|
|
|
|
0x1f, 0x20, 0x03, 0xd5 // nop
|
|
|
|
};
|
|
|
|
const uint8_t nopData[] = { 0x1f, 0x20, 0x03, 0xd5 }; // nop
|
|
|
|
|
|
|
|
uint64_t got = in.gotPlt->getVA();
|
|
|
|
uint64_t plt = in.plt->getVA();
|
|
|
|
|
|
|
|
if (btiHeader) {
|
2019-07-16 13:50:45 +08:00
|
|
|
// PltHeader is called indirectly by plt[N]. Prefix pltData with a BTI C
|
2019-06-07 21:00:17 +08:00
|
|
|
// instruction.
|
|
|
|
memcpy(buf, btiData, sizeof(btiData));
|
|
|
|
buf += sizeof(btiData);
|
|
|
|
plt += sizeof(btiData);
|
|
|
|
}
|
|
|
|
memcpy(buf, pltData, sizeof(pltData));
|
|
|
|
|
2020-01-23 13:39:16 +08:00
|
|
|
relocateNoSym(buf + 4, R_AARCH64_ADR_PREL_PG_HI21,
|
|
|
|
getAArch64Page(got + 16) - getAArch64Page(plt + 8));
|
|
|
|
relocateNoSym(buf + 8, R_AARCH64_LDST64_ABS_LO12_NC, got + 16);
|
|
|
|
relocateNoSym(buf + 12, R_AARCH64_ADD_ABS_LO12_NC, got + 16);
|
2019-06-07 21:00:17 +08:00
|
|
|
if (!btiHeader)
|
|
|
|
// We didn't add the BTI c instruction so round out size with NOP.
|
|
|
|
memcpy(buf + sizeof(pltData), nopData, sizeof(nopData));
|
|
|
|
}
|
|
|
|
|
2019-12-18 05:43:04 +08:00
|
|
|
void AArch64BtiPac::writePlt(uint8_t *buf, const Symbol &sym,
|
|
|
|
uint64_t pltEntryAddr) const {
|
2019-06-07 21:00:17 +08:00
|
|
|
// The PLT entry is of the form:
|
2019-07-16 13:50:45 +08:00
|
|
|
// [btiData] addrInst (pacBr | stdBr) [nopData]
|
2019-06-07 21:00:17 +08:00
|
|
|
const uint8_t btiData[] = { 0x5f, 0x24, 0x03, 0xd5 }; // bti c
|
|
|
|
const uint8_t addrInst[] = {
|
|
|
|
0x10, 0x00, 0x00, 0x90, // adrp x16, Page(&(.plt.got[n]))
|
|
|
|
0x11, 0x02, 0x40, 0xf9, // ldr x17, [x16, Offset(&(.plt.got[n]))]
|
|
|
|
0x10, 0x02, 0x00, 0x91 // add x16, x16, Offset(&(.plt.got[n]))
|
|
|
|
};
|
|
|
|
const uint8_t pacBr[] = {
|
|
|
|
0x9f, 0x21, 0x03, 0xd5, // autia1716
|
|
|
|
0x20, 0x02, 0x1f, 0xd6 // br x17
|
|
|
|
};
|
|
|
|
const uint8_t stdBr[] = {
|
|
|
|
0x20, 0x02, 0x1f, 0xd6, // br x17
|
|
|
|
0x1f, 0x20, 0x03, 0xd5 // nop
|
|
|
|
};
|
|
|
|
const uint8_t nopData[] = { 0x1f, 0x20, 0x03, 0xd5 }; // nop
|
|
|
|
|
|
|
|
if (btiEntry) {
|
|
|
|
memcpy(buf, btiData, sizeof(btiData));
|
|
|
|
buf += sizeof(btiData);
|
|
|
|
pltEntryAddr += sizeof(btiData);
|
|
|
|
}
|
|
|
|
|
2019-12-18 05:43:04 +08:00
|
|
|
uint64_t gotPltEntryAddr = sym.getGotPltVA();
|
2019-06-07 21:00:17 +08:00
|
|
|
memcpy(buf, addrInst, sizeof(addrInst));
|
2020-01-23 13:39:16 +08:00
|
|
|
relocateNoSym(buf, R_AARCH64_ADR_PREL_PG_HI21,
|
|
|
|
getAArch64Page(gotPltEntryAddr) - getAArch64Page(pltEntryAddr));
|
|
|
|
relocateNoSym(buf + 4, R_AARCH64_LDST64_ABS_LO12_NC, gotPltEntryAddr);
|
|
|
|
relocateNoSym(buf + 8, R_AARCH64_ADD_ABS_LO12_NC, gotPltEntryAddr);
|
2019-06-07 21:00:17 +08:00
|
|
|
|
|
|
|
if (pacEntry)
|
|
|
|
memcpy(buf + sizeof(addrInst), pacBr, sizeof(pacBr));
|
|
|
|
else
|
|
|
|
memcpy(buf + sizeof(addrInst), stdBr, sizeof(stdBr));
|
|
|
|
if (!btiEntry)
|
|
|
|
// We didn't add the BTI c instruction so round out size with NOP.
|
|
|
|
memcpy(buf + sizeof(addrInst) + sizeof(stdBr), nopData, sizeof(nopData));
|
|
|
|
}
|
|
|
|
|
|
|
|
static TargetInfo *getTargetInfo() {
|
|
|
|
if (config->andFeatures & (GNU_PROPERTY_AARCH64_FEATURE_1_BTI |
|
|
|
|
GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) {
|
|
|
|
static AArch64BtiPac t;
|
|
|
|
return &t;
|
|
|
|
}
|
|
|
|
static AArch64 t;
|
|
|
|
return &t;
|
|
|
|
}
|
|
|
|
|
2020-05-15 13:18:58 +08:00
|
|
|
TargetInfo *elf::getAArch64TargetInfo() { return getTargetInfo(); }
|