This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[PATCH, BFD, LD, AArch64, 0/4] Add support for AArch64 BTI and PAC in the linker
- From: Sudakshina Das <Sudi dot Das at arm dot com>
- To: "binutils at sourceware dot org" <binutils at sourceware dot org>
- Cc: nd <nd at arm dot com>, "nickc at redhat dot com" <nickc at redhat dot com>, Richard Earnshaw <Richard dot Earnshaw at arm dot com>, Ramana Radhakrishnan <Ramana dot Radhakrishnan at arm dot com>
- Date: Wed, 6 Mar 2019 10:26:48 +0000
- Subject: [PATCH, BFD, LD, AArch64, 0/4] Add support for AArch64 BTI and PAC in the linker
Hi
This patch series is aimed at giving support for the new Armv8.3-A
Pointer Authentication and Armv8.5-A Branch Target Identification
feature in the linker.
In order to support these, we propose to make the following changes:
1) We have defined .note.gnu.property for AArch64.
2) We have defined a new Program Property type
GNU_PROPERTY_AARCH64_FEATURE_1_AND and used 2 bits to represent
BTI and PAC respectively.
- GNU_PROPERTY_AARCH64_FEATURE_1_BTI
- GNU_PROPERTY_AARCH64_FEATURE_1_PAC (We have only reserved this bit
for now.)
3) We also need custom PLTs when these features are turned on and thus
we have defined the following processor-specific dynamic array tags:
- DT_AARCH64_BTI_PLT
- DT_AARCH64_PAC_PLT
Details of these can be found in the new AArch64 ELF documentation:
https://developer.arm.com/docs/ihi0056/latest/elf-for-the-arm-64-bit-architecture-aarch64-abi-2018q4
Command line options:
We introduce a new set of command line options for the linker in order
to support the correct PLTs
1) --pac-plt : In the presence of this option, the linker uses a PAC
enabled PLT. It also uses the dynamic tag DT_AARCH64_PAC_PLT to reflect
the same. Other tools like Objdump can use this to determine the size of
the PLTs.
2) --bti: In the presence of this option, the linker enables BTI with
the GNU_PROPERTY_AARCH64_FEATURE_1_BTI feature and also uses a BTI
enabled PLT. It also uses the dynamic tag DT_AARCH64_BTI_PLT to reflect
the choice of the PLTs. Other tools like Objdump can use this to
determine the size of the PLTs. Using this option can give a warning if
not all input objects are marked with GNU_PROPERTY_AARCH64_FEATURE_1_BTI.
3)--bti-nowarn - Same as above but does not emit any warnings.
In terms of the PLTs, in the presence of both --pac-plt and
--bti/--bti-nowarn, the linker chooses the PLTs protected with both BTI
and PAC and uses both DT_AARCH64_PAC_PLT and DT_AARCH64_BTI_PLT.
Interaction between Command line arguments and GNU NOTE section
1) For PAC, in the presence of --pac-plt along with BIND_NOW, the linker
can choose to ignore the pac-plt directive and use smaller PLTs without
compromising on security,
2) For BTI, the linker must also check for the
GNU_PROPERTY_AARCH64_FEATURE_1_BTI in its input. If all inputs have
GNU_PROPERTY_AARCH64_FEATURE_1_BTI, the final output will also be marked
as such. The PLT should also be protected with a BTI PLT in this case.
Thus even if there is no linker option to use BTI PLT, the linker
should be able to use them depending on the NOTE section. The user can
use the linker option --bti, to make sure that their intention of having
all input objects (and hence the output) marked with BTI is not
disrupted by any stray objects as this option will warn about it.
The following patches implement these changes as follows:
[1/4] Add support for GNU PROPERTIES in AArch64 for BTI and PAC:
[2/4] Add --bti-nowarn to enable BTI without warning and to select BTI
enabled PLTs
[3/4] Add --bti to enable BTI and select BTI enabled PLTs but also warn
for missing NOTE sections.
[4/4] Add --pac-plt to enable PLTs protected with PAC.
This is my first time making such intrusive changes to the linker.
Please be kind :P
Thanks
Sudi