diff --git a/lld/ELF/Config.h b/lld/ELF/Config.h index d14faca31d58f..e07c7dd4ca1b6 100644 --- a/lld/ELF/Config.h +++ b/lld/ELF/Config.h @@ -232,6 +232,7 @@ struct Config { ReportPolicy zCetReport = ReportPolicy::None; ReportPolicy zPauthReport = ReportPolicy::None; ReportPolicy zGcsReport = ReportPolicy::None; + ReportPolicy zGcsReportDynamic = ReportPolicy::None; ReportPolicy zExecuteOnlyReport = ReportPolicy::None; bool ltoBBAddrMap; llvm::StringRef ltoBasicBlockSections; diff --git a/lld/ELF/Driver.cpp b/lld/ELF/Driver.cpp index 18f9fed0d08e2..e66ebaf8c8ff7 100644 --- a/lld/ELF/Driver.cpp +++ b/lld/ELF/Driver.cpp @@ -56,13 +56,13 @@ #include "llvm/Object/IRObjectFile.h" #include "llvm/Remarks/HotnessThresholdParser.h" #include "llvm/Support/CommandLine.h" -#include "llvm/Support/SaveAndRestore.h" #include "llvm/Support/Compression.h" #include "llvm/Support/FileSystem.h" #include "llvm/Support/GlobPattern.h" #include "llvm/Support/LEB128.h" #include "llvm/Support/Parallel.h" #include "llvm/Support/Path.h" +#include "llvm/Support/SaveAndRestore.h" #include "llvm/Support/TarWriter.h" #include "llvm/Support/TargetSelect.h" #include "llvm/Support/TimeProfiler.h" @@ -402,6 +402,8 @@ static void checkOptions(Ctx &ctx) { ErrAlways(ctx) << "-z pauth-report only supported on AArch64"; if (ctx.arg.zGcsReport != ReportPolicy::None) ErrAlways(ctx) << "-z gcs-report only supported on AArch64"; + if (ctx.arg.zGcsReportDynamic != ReportPolicy::None) + ErrAlways(ctx) << "-z gcs-report-dynamic only supported on AArch64"; if (ctx.arg.zGcs != GcsPolicy::Implicit) ErrAlways(ctx) << "-z gcs only supported on AArch64"; } @@ -574,6 +576,41 @@ static GcsPolicy getZGcs(Ctx &ctx, opt::InputArgList &args) { return ret; } +static void getZGcsReport(Ctx &ctx, opt::InputArgList &args) { + bool reportDynamicDefined = false; + for (auto *arg : args.filtered(OPT_z)) { + std::pair kv = StringRef(arg->getValue()).split('='); + if (kv.first != "gcs-report" && kv.first != "gcs-report-dynamic") + continue; + arg->claim(); + ReportPolicy value; + if (kv.second == "none") + value = ReportPolicy::None; + else if (kv.second == "warning") + value = ReportPolicy::Warning; + else if (kv.second == "error") + value = ReportPolicy::Error; + else { + ErrAlways(ctx) << "unknown -z " << kv.first << "= value: " << kv.second; + continue; + } + if (kv.first == "gcs-report") { + ctx.arg.zGcsReport = value; + } else if (kv.first == "gcs-report-dynamic") { + ctx.arg.zGcsReportDynamic = value; + reportDynamicDefined = true; + } + } + + // When -zgcs-report is set to `warning` or `error`, -zgcs-report-dynamic will + // inherit this value if unspecified, matching GNU ld. This detects shared + // libraries without the GCS property but does not the shared-libraries to be + // rebuilt for successful linking + if (!reportDynamicDefined && ctx.arg.zGcsReport != ReportPolicy::None && + ctx.arg.zGcsReportDynamic == ReportPolicy::None) + ctx.arg.zGcsReportDynamic = ReportPolicy::Warning; +} + // Report a warning for an unknown -z option. static void checkZOptions(Ctx &ctx, opt::InputArgList &args) { // This function is called before getTarget(), when certain options are not @@ -1548,6 +1585,7 @@ static void readConfigs(Ctx &ctx, opt::InputArgList &args) { ctx.arg.zForceBti = hasZOption(args, "force-bti"); ctx.arg.zForceIbt = hasZOption(args, "force-ibt"); ctx.arg.zGcs = getZGcs(ctx, args); + getZGcsReport(ctx, args); ctx.arg.zGlobal = hasZOption(args, "global"); ctx.arg.zGnustack = getZGnuStack(args); ctx.arg.zHazardplt = hasZOption(args, "hazardplt"); @@ -1624,7 +1662,6 @@ static void readConfigs(Ctx &ctx, opt::InputArgList &args) { std::make_pair("bti-report", &ctx.arg.zBtiReport), std::make_pair("cet-report", &ctx.arg.zCetReport), std::make_pair("execute-only-report", &ctx.arg.zExecuteOnlyReport), - std::make_pair("gcs-report", &ctx.arg.zGcsReport), std::make_pair("pauth-report", &ctx.arg.zPauthReport)}; for (opt::Arg *arg : args.filtered(OPT_z)) { std::pair option = @@ -2907,6 +2944,22 @@ static void readSecurityNotes(Ctx &ctx) { ctx.arg.andFeatures |= GNU_PROPERTY_AARCH64_FEATURE_1_GCS; else if (ctx.arg.zGcs == GcsPolicy::Never) ctx.arg.andFeatures &= ~GNU_PROPERTY_AARCH64_FEATURE_1_GCS; + + // If we are utilising GCS at any stage, the sharedFiles should be checked to + // ensure they also support this feature. The gcs-report-dynamic option is + // used to indicate if the user wants information relating to this, and will + // be set depending on the user's input, or warning if gcs-report is set to + // either `warning` or `error`. + if (ctx.arg.andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_GCS) + for (SharedFile *f : ctx.sharedFiles) + reportUnless(ctx.arg.zGcsReportDynamic, + f->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_GCS) + << f + << ": GCS is required by -z gcs, but this shared library lacks the " + "necessary property note. The " + << "dynamic loader might not enable GCS or refuse to load the " + "program unless all shared library " + << "dependencies have the GCS marking."; } static void initSectionsAndLocalSyms(ELFFileBase *file, bool ignoreComdats) { diff --git a/lld/ELF/InputFiles.cpp b/lld/ELF/InputFiles.cpp index d43de8ce6dfef..22085fd71d7f2 100644 --- a/lld/ELF/InputFiles.cpp +++ b/lld/ELF/InputFiles.cpp @@ -918,6 +918,56 @@ void ObjFile::initializeSections(bool ignoreComdats, handleSectionGroup(this->sections, entries); } +template +static void parseGnuPropertyNote(Ctx &ctx, ELFFileBase &f, + uint32_t featureAndType, + ArrayRef &desc, const uint8_t *base, + ArrayRef *data = nullptr) { + auto err = [&](const uint8_t *place) -> ELFSyncStream { + auto diag = Err(ctx); + diag << &f << ":(" << ".note.gnu.property+0x" + << Twine::utohexstr(place - base) << "): "; + return diag; + }; + + while (!desc.empty()) { + const uint8_t *place = desc.data(); + if (desc.size() < 8) + return void(err(place) << "program property is too short"); + uint32_t type = read32(desc.data()); + uint32_t size = read32(desc.data() + 4); + desc = desc.slice(8); + if (desc.size() < size) + return void(err(place) << "program property is too short"); + + if (type == featureAndType) { + // We found a FEATURE_1_AND field. There may be more than one of these + // in a .note.gnu.property section, for a relocatable object we + // accumulate the bits set. + if (size < 4) + return void(err(place) << "FEATURE_1_AND entry is too short"); + f.andFeatures |= read32(desc.data()); + } else if (ctx.arg.emachine == EM_AARCH64 && + type == GNU_PROPERTY_AARCH64_FEATURE_PAUTH) { + ArrayRef contents = data ? *data : desc; + if (!f.aarch64PauthAbiCoreInfo.empty()) { + return void( + err(contents.data()) + << "multiple GNU_PROPERTY_AARCH64_FEATURE_PAUTH entries are " + "not supported"); + } else if (size != 16) { + return void(err(contents.data()) + << "GNU_PROPERTY_AARCH64_FEATURE_PAUTH entry " + "is invalid: expected 16 bytes, but got " + << size); + } + f.aarch64PauthAbiCoreInfo = desc; + } + + // Padding is present in the note descriptor, if necessary. + desc = desc.slice(alignTo<(ELFT::Is64Bits ? 8 : 4)>(size)); + } +} // Read the following info from the .note.gnu.property section and write it to // the corresponding fields in `ObjFile`: // - Feature flags (32 bits) representing x86 or AArch64 features for @@ -955,42 +1005,8 @@ static void readGnuProperty(Ctx &ctx, const InputSection &sec, // Read a body of a NOTE record, which consists of type-length-value fields. ArrayRef desc = note.getDesc(sec.addralign); - while (!desc.empty()) { - const uint8_t *place = desc.data(); - if (desc.size() < 8) - return void(err(place) << "program property is too short"); - uint32_t type = read32(desc.data()); - uint32_t size = read32(desc.data() + 4); - desc = desc.slice(8); - if (desc.size() < size) - return void(err(place) << "program property is too short"); - - if (type == featureAndType) { - // We found a FEATURE_1_AND field. There may be more than one of these - // in a .note.gnu.property section, for a relocatable object we - // accumulate the bits set. - if (size < 4) - return void(err(place) << "FEATURE_1_AND entry is too short"); - f.andFeatures |= read32(desc.data()); - } else if (ctx.arg.emachine == EM_AARCH64 && - type == GNU_PROPERTY_AARCH64_FEATURE_PAUTH) { - if (!f.aarch64PauthAbiCoreInfo.empty()) { - return void( - err(data.data()) - << "multiple GNU_PROPERTY_AARCH64_FEATURE_PAUTH entries are " - "not supported"); - } else if (size != 16) { - return void(err(data.data()) - << "GNU_PROPERTY_AARCH64_FEATURE_PAUTH entry " - "is invalid: expected 16 bytes, but got " - << size); - } - f.aarch64PauthAbiCoreInfo = desc; - } - - // Padding is present in the note descriptor, if necessary. - desc = desc.slice(alignTo<(ELFT::Is64Bits ? 8 : 4)>(size)); - } + const uint8_t *base = sec.content().data(); + parseGnuPropertyNote(ctx, f, featureAndType, desc, base, &data); // Go to next NOTE record to look for more FEATURE_1_AND descriptions. data = data.slice(nhdr->getSize(sec.addralign)); @@ -1418,6 +1434,36 @@ std::vector SharedFile::parseVerneed(const ELFFile &obj, return verneeds; } +// To determine if a shared file can support any of the GNU Attributes, +// the .note.gnu.properties section need to be read. The appropriate +// location in memory is located then the GnuPropertyNote can be parsed. +// This is the same process as is used for readGnuProperty, however we +// do not pass the data variable as, without an InputSection, its value +// is unknown in a SharedFile. This is ok as the information that would +// be collected from this is irrelevant for a dynamic object. +template +void SharedFile::parseGnuAndFeatures(const uint8_t *base, + const typename ELFT::PhdrRange headers) { + if (headers.size() == 0 || ctx.arg.emachine != EM_AARCH64) + return; + + for (unsigned i = 0; i < headers.size(); i++) { + if (headers[i].p_type != PT_GNU_PROPERTY) + continue; + const typename ELFT::Note note( + *reinterpret_cast(base + + headers[i].p_offset)); + if (note.getType() != NT_GNU_PROPERTY_TYPE_0 || note.getName() != "GNU") + continue; + + // Read a body of a NOTE record, which consists of type-length-value fields. + ArrayRef desc = note.getDesc(headers[i].p_align); + parseGnuPropertyNote( + ctx, *this, /*featureAndType*/ GNU_PROPERTY_AARCH64_FEATURE_1_AND, desc, + base); + } +} + // We do not usually care about alignments of data in shared object // files because the loader takes care of it. However, if we promote a // DSO symbol to point to .bss due to copy relocation, we need to keep @@ -1454,10 +1500,12 @@ template void SharedFile::parse() { using Elf_Sym = typename ELFT::Sym; using Elf_Verdef = typename ELFT::Verdef; using Elf_Versym = typename ELFT::Versym; + using Elf_Phdr = typename ELFT::Phdr; ArrayRef dynamicTags; const ELFFile obj = this->getObj(); ArrayRef sections = getELFShdrs(); + ArrayRef pHeaders = CHECK2(obj.program_headers(), this); const Elf_Shdr *versymSec = nullptr; const Elf_Shdr *verdefSec = nullptr; @@ -1528,6 +1576,7 @@ template void SharedFile::parse() { verdefs = parseVerdefs(obj.base(), verdefSec); std::vector verneeds = parseVerneed(obj, verneedSec); + parseGnuAndFeatures(obj.base(), pHeaders); // Parse ".gnu.version" section which is a parallel array for the symbol // table. If a given file doesn't have a ".gnu.version" section, we use diff --git a/lld/ELF/InputFiles.h b/lld/ELF/InputFiles.h index 0b186db1ba0d1..579f33ee306e6 100644 --- a/lld/ELF/InputFiles.h +++ b/lld/ELF/InputFiles.h @@ -364,6 +364,9 @@ class SharedFile : public ELFFileBase { template std::vector parseVerneed(const llvm::object::ELFFile &obj, const typename ELFT::Shdr *sec); + template + void parseGnuAndFeatures(const uint8_t *base, + const typename ELFT::PhdrRange headers); }; class BinaryFile : public InputFile { diff --git a/lld/docs/ReleaseNotes.rst b/lld/docs/ReleaseNotes.rst index 6f60efd87c975..133a6fe87402d 100644 --- a/lld/docs/ReleaseNotes.rst +++ b/lld/docs/ReleaseNotes.rst @@ -25,6 +25,10 @@ Non-comprehensive list of changes in this release ELF Improvements ---------------- +* For AArch64, added support for ``-zgcs-report-dynamic``, enabling checks for + GNU GCS Attribute Flags in Dynamic Objects when GCS is enabled. Inherits value + from ``-zgcs-report`` (capped at ``warning`` level) unless user-defined, + ensuring compatibility with GNU ld linker. Breaking changes ---------------- diff --git a/lld/test/ELF/aarch64-feature-gcs.s b/lld/test/ELF/aarch64-feature-gcs.s index b53a653dddaee..a9cbdd93a6433 100644 --- a/lld/test/ELF/aarch64-feature-gcs.s +++ b/lld/test/ELF/aarch64-feature-gcs.s @@ -49,10 +49,26 @@ # REPORT-WARN: warning: func2.o: -z gcs-report: file does not have GNU_PROPERTY_AARCH64_FEATURE_1_GCS property # REPORT-ERROR: error: func3.o: -z gcs-report: file does not have GNU_PROPERTY_AARCH64_FEATURE_1_GCS property +## gcs-report-dynamic should report any dynamic objects that does not have the gcs property. This also ensures the inhertance from gcs-report is working correctly. + +# RUN: ld.lld func1-gcs.o func3-gcs.o no-gcs.so force-gcs.so -z gcs-report=warning -z gcs=always 2>&1 | FileCheck --check-prefix=REPORT-WARN-DYNAMIC %s +# RUN: ld.lld func1-gcs.o func3-gcs.o no-gcs.so force-gcs.so -z gcs-report=error -z gcs=always 2>&1 | FileCheck --check-prefix=REPORT-WARN-DYNAMIC %s +# RUN: ld.lld func1-gcs.o func3-gcs.o no-gcs.so force-gcs.so -z gcs-report-dynamic=warning -z gcs=always 2>&1 | FileCheck --check-prefix=REPORT-WARN-DYNAMIC %s +# RUN: not ld.lld func1-gcs.o func3-gcs.o no-gcs.so force-gcs.so -z gcs-report-dynamic=error -z gcs=always 2>&1 | FileCheck --check-prefix=REPORT-ERROR-DYNAMIC %s +# RUN: ld.lld func1-gcs.o func3-gcs.o force-gcs.so -z gcs-report-dynamic=warning -z gcs=always 2>&1 | count 0 +# RUN: ld.lld func1-gcs.o func3-gcs.o force-gcs.so -z gcs-report-dynamic=error -z gcs=always 2>&1 | count 0 + +# REPORT-WARN-DYNAMIC: warning: no-gcs.so: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all shared library dependencies have the GCS marking. +# REPORT-WARN-DYNAMIC-NOT: warning: force-gcs.so: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all shared library dependencies have the GCS marking. +# REPORT-ERROR-DYNAMIC: error: no-gcs.so: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all shared library dependencies have the GCS marking. +# REPORT-ERROR-DYNAMIC-NOT: error: force-gcs.so: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all shared library dependencies have the GCS marking. + ## An invalid gcs option should give an error -# RUN: not ld.lld func1-gcs.o func2-gcs.o func3-gcs.o -z gcs=nonsense 2>&1 | FileCheck --check-prefix=INVALID %s +# RUN: not ld.lld func1-gcs.o func2-gcs.o func3-gcs.o -z gcs=nonsense -z gcs-report=nonsense -z gcs-report-dynamic=nonsense 2>&1 | FileCheck --check-prefix=INVALID %s # INVALID: error: unknown -z gcs= value: nonsense +# INVALID: error: unknown -z gcs-report= value: nonsense +# INVALID: error: unknown -z gcs-report-dynamic= value: nonsense #--- func1-gcs.s .section ".note.gnu.property", "a"