Skip to content

Commit 1fcc7ff

Browse files
committed
[PAC][CodeGen][ELF][AArch64] Support signed GOT
This re-applies #96164 after revert in #102434. Support the following relocations and assembly operators: - `R_AARCH64_AUTH_ADR_GOT_PAGE` (`:got_auth:` for `adrp`) - `R_AARCH64_AUTH_LD64_GOT_LO12_NC` (`:got_auth_lo12:` for `ldr`) - `R_AARCH64_AUTH_GOT_ADD_LO12_NC` (`:got_auth_lo12:` for `add`) `LOADgotAUTH` pseudo-instruction is introduced which is later expanded to actual instruction sequence like the following. ``` adrp x16, :got_auth:sym add x16, x16, :got_auth_lo12:sym ldr x0, [x16] autia x0, x16 ``` If a resign is requested, like below, `LOADgotPAC` pseudo is used, and GOT load is lowered similarly to `LOADgotAUTH`. ``` @var = global i32 0 define ptr @resign_globalvar() { ret ptr ptrauth (ptr @var, i32 3, i64 43) } ``` If FPAC bit is not set and resign is requested, a check+trap sequence similar to one used for `AUT` pseudo is emitted. Both SelectionDAG and GlobalISel are suppported. For FastISel, we fall back to SelectionDAG. Tests starting with 'ptrauth-' have corresponding variants w/o this prefix. See also specification https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#appendix-signed-got
1 parent e82f083 commit 1fcc7ff

21 files changed

+643
-35
lines changed

llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp

Lines changed: 158 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,11 @@ class AArch64AsmPrinter : public AsmPrinter {
160160
// adrp-add followed by PAC sign)
161161
void LowerMOVaddrPAC(const MachineInstr &MI);
162162

163+
// Emit the sequence for LOADgotAUTH (load signed pointer from signed ELF GOT
164+
// and authenticate it with, if FPAC bit is not set, check+trap sequence after
165+
// authenticating)
166+
void LowerLOADgotAUTH(const MachineInstr &MI);
167+
163168
/// tblgen'erated driver function for lowering simple MI->MC
164169
/// pseudo instructions.
165170
bool lowerPseudoInstExpansion(const MachineInstr *MI, MCInst &Inst);
@@ -923,6 +928,22 @@ void AArch64AsmPrinter::emitEndOfAsmFile(Module &M) {
923928

924929
OutStreamer->addBlankLine();
925930
}
931+
932+
// With signed ELF GOT enabled, the linker looks at the symbol type to
933+
// choose between keys IA (for STT_FUNC) and DA (for other types). Symbols
934+
// for functions not defined in the module have STT_NOTYPE type by default.
935+
// This makes linker to emit signing schema with DA key (instead of IA) for
936+
// corresponding R_AARCH64_AUTH_GLOB_DAT dynamic reloc. To avoid that, force
937+
// all function symbols used in the module to have STT_FUNC type. See
938+
// https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#default-signing-schema
939+
const auto *PtrAuthELFGOTFlag = mdconst::extract_or_null<ConstantInt>(
940+
M.getModuleFlag("ptrauth-elf-got"));
941+
if (PtrAuthELFGOTFlag && PtrAuthELFGOTFlag->getZExtValue() == 1)
942+
for (const GlobalValue &GV : M.global_values())
943+
if (!GV.use_empty() && GV.getValueType()->isFunctionTy() &&
944+
!GV.getName().starts_with("llvm."))
945+
OutStreamer->emitSymbolAttribute(getSymbol(&GV),
946+
MCSA_ELF_TypeFunction);
926947
}
927948

928949
// Emit stack and fault map information.
@@ -2168,6 +2189,10 @@ void AArch64AsmPrinter::LowerMOVaddrPAC(const MachineInstr &MI) {
21682189
};
21692190

21702191
const bool IsGOTLoad = MI.getOpcode() == AArch64::LOADgotPAC;
2192+
const bool IsELFSignedGOT = MI.getParent()
2193+
->getParent()
2194+
->getInfo<AArch64FunctionInfo>()
2195+
->hasELFSignedGOT();
21712196
MachineOperand GAOp = MI.getOperand(0);
21722197
const uint64_t KeyC = MI.getOperand(1).getImm();
21732198
assert(KeyC <= AArch64PACKey::LAST &&
@@ -2184,9 +2209,17 @@ void AArch64AsmPrinter::LowerMOVaddrPAC(const MachineInstr &MI) {
21842209
// Emit:
21852210
// target materialization:
21862211
// - via GOT:
2187-
// adrp x16, :got:target
2188-
// ldr x16, [x16, :got_lo12:target]
2189-
// add offset to x16 if offset != 0
2212+
// - unsigned GOT:
2213+
// adrp x16, :got:target
2214+
// ldr x16, [x16, :got_lo12:target]
2215+
// add offset to x16 if offset != 0
2216+
// - ELF signed GOT:
2217+
// adrp x17, :got:target
2218+
// add x17, x17, :got_auth_lo12:target
2219+
// ldr x16, [x17]
2220+
// aut{i|d}a x16, x17
2221+
// check+trap sequence (if no FPAC)
2222+
// add offset to x16 if offset != 0
21902223
//
21912224
// - direct:
21922225
// adrp x16, target
@@ -2229,13 +2262,79 @@ void AArch64AsmPrinter::LowerMOVaddrPAC(const MachineInstr &MI) {
22292262
MCInstLowering.lowerOperand(GAMOLo, GAMCLo);
22302263

22312264
EmitAndIncrement(
2232-
MCInstBuilder(AArch64::ADRP).addReg(AArch64::X16).addOperand(GAMCHi));
2265+
MCInstBuilder(AArch64::ADRP)
2266+
.addReg(IsGOTLoad && IsELFSignedGOT ? AArch64::X17 : AArch64::X16)
2267+
.addOperand(GAMCHi));
22332268

22342269
if (IsGOTLoad) {
2235-
EmitAndIncrement(MCInstBuilder(AArch64::LDRXui)
2236-
.addReg(AArch64::X16)
2237-
.addReg(AArch64::X16)
2238-
.addOperand(GAMCLo));
2270+
if (IsELFSignedGOT) {
2271+
EmitAndIncrement(MCInstBuilder(AArch64::ADDXri)
2272+
.addReg(AArch64::X17)
2273+
.addReg(AArch64::X17)
2274+
.addOperand(GAMCLo)
2275+
.addImm(0));
2276+
2277+
EmitAndIncrement(MCInstBuilder(AArch64::LDRXui)
2278+
.addReg(AArch64::X16)
2279+
.addReg(AArch64::X17)
2280+
.addImm(0));
2281+
2282+
assert(GAOp.isGlobal());
2283+
assert(GAOp.getGlobal()->getValueType() != nullptr);
2284+
unsigned AuthOpcode = GAOp.getGlobal()->getValueType()->isFunctionTy()
2285+
? AArch64::AUTIA
2286+
: AArch64::AUTDA;
2287+
2288+
EmitAndIncrement(MCInstBuilder(AuthOpcode)
2289+
.addReg(AArch64::X16)
2290+
.addReg(AArch64::X16)
2291+
.addReg(AArch64::X17));
2292+
2293+
if (!STI->hasFPAC()) {
2294+
auto AuthKey = (AuthOpcode == AArch64::AUTIA ? AArch64PACKey::IA
2295+
: AArch64PACKey::DA);
2296+
unsigned XPACOpc = getXPACOpcodeForKey(AuthKey);
2297+
MCSymbol *SuccessSym = createTempSymbol("auth_success_");
2298+
2299+
// XPAC has tied src/dst: use x17 as a temporary copy.
2300+
// mov x17, x16
2301+
EmitAndIncrement(MCInstBuilder(AArch64::ORRXrs)
2302+
.addReg(AArch64::X17)
2303+
.addReg(AArch64::XZR)
2304+
.addReg(AArch64::X16)
2305+
.addImm(0));
2306+
2307+
// xpaci x17
2308+
EmitAndIncrement(
2309+
MCInstBuilder(XPACOpc).addReg(AArch64::X17).addReg(AArch64::X17));
2310+
2311+
// cmp x16, x17
2312+
EmitAndIncrement(MCInstBuilder(AArch64::SUBSXrs)
2313+
.addReg(AArch64::XZR)
2314+
.addReg(AArch64::X16)
2315+
.addReg(AArch64::X17)
2316+
.addImm(0));
2317+
2318+
// b.eq Lsuccess
2319+
EmitAndIncrement(
2320+
MCInstBuilder(AArch64::Bcc)
2321+
.addImm(AArch64CC::EQ)
2322+
.addExpr(MCSymbolRefExpr::create(SuccessSym, OutContext)));
2323+
2324+
// Trapping sequences do a 'brk'.
2325+
// brk #<0xc470 + aut key>
2326+
EmitAndIncrement(MCInstBuilder(AArch64::BRK).addImm(0xc470 | AuthKey));
2327+
2328+
// If the auth check succeeds, we can continue.
2329+
// Lsuccess:
2330+
OutStreamer->emitLabel(SuccessSym);
2331+
}
2332+
} else {
2333+
EmitAndIncrement(MCInstBuilder(AArch64::LDRXui)
2334+
.addReg(AArch64::X16)
2335+
.addReg(AArch64::X16)
2336+
.addOperand(GAMCLo));
2337+
}
22392338
} else {
22402339
EmitAndIncrement(MCInstBuilder(AArch64::ADDXri)
22412340
.addReg(AArch64::X16)
@@ -2320,6 +2419,53 @@ void AArch64AsmPrinter::LowerMOVaddrPAC(const MachineInstr &MI) {
23202419
assert(STI->getInstrInfo()->getInstSizeInBytes(MI) >= InstsEmitted * 4);
23212420
}
23222421

2422+
void AArch64AsmPrinter::LowerLOADgotAUTH(const MachineInstr &MI) {
2423+
unsigned InstsEmitted = 0;
2424+
auto EmitAndIncrement = [this, &InstsEmitted](const MCInst &Inst) {
2425+
EmitToStreamer(*OutStreamer, Inst);
2426+
++InstsEmitted;
2427+
};
2428+
2429+
Register DstReg = MI.getOperand(0).getReg();
2430+
const MachineOperand &GAMO = MI.getOperand(1);
2431+
assert(GAMO.getOffset() == 0);
2432+
2433+
MachineOperand GAHiOp(GAMO);
2434+
MachineOperand GALoOp(GAMO);
2435+
GAHiOp.addTargetFlag(AArch64II::MO_PAGE);
2436+
GALoOp.addTargetFlag(AArch64II::MO_PAGEOFF | AArch64II::MO_NC);
2437+
2438+
MCOperand GAMCHi, GAMCLo;
2439+
MCInstLowering.lowerOperand(GAHiOp, GAMCHi);
2440+
MCInstLowering.lowerOperand(GALoOp, GAMCLo);
2441+
2442+
EmitAndIncrement(
2443+
MCInstBuilder(AArch64::ADRP).addReg(AArch64::X16).addOperand(GAMCHi));
2444+
2445+
EmitAndIncrement(MCInstBuilder(AArch64::ADDXri)
2446+
.addReg(AArch64::X16)
2447+
.addReg(AArch64::X16)
2448+
.addOperand(GAMCLo)
2449+
.addImm(0));
2450+
2451+
EmitAndIncrement(MCInstBuilder(AArch64::LDRXui)
2452+
.addReg(DstReg)
2453+
.addReg(AArch64::X16)
2454+
.addImm(0));
2455+
2456+
assert(GAMO.isGlobal());
2457+
assert(GAMO.getGlobal()->getValueType() != nullptr);
2458+
unsigned AuthOpcode = GAMO.getGlobal()->getValueType()->isFunctionTy()
2459+
? AArch64::AUTIA
2460+
: AArch64::AUTDA;
2461+
EmitAndIncrement(MCInstBuilder(AuthOpcode)
2462+
.addReg(DstReg)
2463+
.addReg(DstReg)
2464+
.addReg(AArch64::X16));
2465+
2466+
assert(STI->getInstrInfo()->getInstSizeInBytes(MI) >= InstsEmitted * 4);
2467+
}
2468+
23232469
const MCExpr *
23242470
AArch64AsmPrinter::lowerBlockAddressConstant(const BlockAddress &BA) {
23252471
const MCExpr *BAE = AsmPrinter::lowerBlockAddressConstant(BA);
@@ -2484,6 +2630,10 @@ void AArch64AsmPrinter::emitInstruction(const MachineInstr *MI) {
24842630
LowerMOVaddrPAC(*MI);
24852631
return;
24862632

2633+
case AArch64::LOADgotAUTH:
2634+
LowerLOADgotAUTH(*MI);
2635+
return;
2636+
24872637
case AArch64::BRA:
24882638
case AArch64::BLRA:
24892639
emitPtrauthBranch(MI);

llvm/lib/Target/AArch64/AArch64FastISel.cpp

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -453,6 +453,9 @@ unsigned AArch64FastISel::materializeGV(const GlobalValue *GV) {
453453
if (!Subtarget->useSmallAddressing() && !Subtarget->isTargetMachO())
454454
return 0;
455455

456+
if (FuncInfo.MF->getInfo<AArch64FunctionInfo>()->hasELFSignedGOT())
457+
return 0;
458+
456459
unsigned OpFlags = Subtarget->ClassifyGlobalReference(GV, TM);
457460

458461
EVT DestEVT = TLI.getValueType(DL, GV->getType(), true);

llvm/lib/Target/AArch64/AArch64ISelLowering.cpp

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9396,6 +9396,11 @@ SDValue AArch64TargetLowering::getGOT(NodeTy *N, SelectionDAG &DAG,
93969396
SDValue GotAddr = getTargetNode(N, Ty, DAG, AArch64II::MO_GOT | Flags);
93979397
// FIXME: Once remat is capable of dealing with instructions with register
93989398
// operands, expand this into two nodes instead of using a wrapper node.
9399+
if (DAG.getMachineFunction()
9400+
.getInfo<AArch64FunctionInfo>()
9401+
->hasELFSignedGOT())
9402+
return SDValue(DAG.getMachineNode(AArch64::LOADgotAUTH, DL, Ty, GotAddr),
9403+
0);
93999404
return DAG.getNode(AArch64ISD::LOADgot, DL, Ty, GotAddr);
94009405
}
94019406

llvm/lib/Target/AArch64/AArch64InstrInfo.td

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1887,8 +1887,9 @@ let Predicates = [HasPAuth] in {
18871887
Sched<[WriteI, ReadI]> {
18881888
let isReMaterializable = 1;
18891889
let isCodeGenOnly = 1;
1890-
let Size = 40; // 12 fixed + 28 variable, for pointer offset, and discriminator
1891-
let Defs = [X16,X17];
1890+
let Size = 68; // 12 fixed + 56 variable, for pointer offset, discriminator and
1891+
// ELF signed GOT signed pointer authentication (if no FPAC)
1892+
let Defs = [X16,X17,NZCV];
18921893
}
18931894

18941895
// Load a signed global address from a special $auth_ptr$ stub slot.
@@ -1926,6 +1927,12 @@ let Predicates = [HasPAuth] in {
19261927
tcGPR64:$AddrDisc),
19271928
(AUTH_TCRETURN_BTI tcGPRx16x17:$dst, imm:$FPDiff, imm:$Key,
19281929
imm:$Disc, tcGPR64:$AddrDisc)>;
1930+
1931+
def LOADgotAUTH : Pseudo<(outs GPR64common:$dst), (ins i64imm:$addr), []>,
1932+
Sched<[WriteI, ReadI]> {
1933+
let Defs = [X16];
1934+
let Size = 16;
1935+
}
19291936
}
19301937

19311938
// v9.5-A pointer authentication extensions

llvm/lib/Target/AArch64/AArch64MCInstLower.cpp

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
//===----------------------------------------------------------------------===//
1313

1414
#include "AArch64MCInstLower.h"
15+
#include "AArch64MachineFunctionInfo.h"
1516
#include "MCTargetDesc/AArch64MCExpr.h"
1617
#include "Utils/AArch64BaseInfo.h"
1718
#include "llvm/CodeGen/AsmPrinter.h"
@@ -185,9 +186,12 @@ MCOperand AArch64MCInstLower::lowerSymbolOperandELF(const MachineOperand &MO,
185186
MCSymbol *Sym) const {
186187
uint32_t RefFlags = 0;
187188

188-
if (MO.getTargetFlags() & AArch64II::MO_GOT)
189-
RefFlags |= AArch64MCExpr::VK_GOT;
190-
else if (MO.getTargetFlags() & AArch64II::MO_TLS) {
189+
if (MO.getTargetFlags() & AArch64II::MO_GOT) {
190+
const MachineFunction *MF = MO.getParent()->getParent()->getParent();
191+
RefFlags |= (MF->getInfo<AArch64FunctionInfo>()->hasELFSignedGOT()
192+
? AArch64MCExpr::VK_GOT_AUTH
193+
: AArch64MCExpr::VK_GOT);
194+
} else if (MO.getTargetFlags() & AArch64II::MO_TLS) {
191195
TLSModel::Model Model;
192196
if (MO.isGlobal()) {
193197
const GlobalValue *GV = MO.getGlobal();

llvm/lib/Target/AArch64/AArch64MachineFunctionInfo.cpp

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,18 @@ static bool ShouldSignWithBKey(const Function &F, const AArch64Subtarget &STI) {
7272
return Key == "b_key";
7373
}
7474

75+
static bool HasELFSignedGOTHelper(const Function &F,
76+
const AArch64Subtarget *STI) {
77+
if (!Triple(STI->getTargetTriple()).isOSBinFormatELF())
78+
return false;
79+
const Module *M = F.getParent();
80+
const auto *Flag = mdconst::extract_or_null<ConstantInt>(
81+
M->getModuleFlag("ptrauth-elf-got"));
82+
if (Flag && Flag->getZExtValue() == 1)
83+
return true;
84+
return false;
85+
}
86+
7587
AArch64FunctionInfo::AArch64FunctionInfo(const Function &F,
7688
const AArch64Subtarget *STI) {
7789
// If we already know that the function doesn't have a redzone, set
@@ -80,6 +92,7 @@ AArch64FunctionInfo::AArch64FunctionInfo(const Function &F,
8092
HasRedZone = false;
8193
std::tie(SignReturnAddress, SignReturnAddressAll) = GetSignReturnAddress(F);
8294
SignWithBKey = ShouldSignWithBKey(F, *STI);
95+
HasELFSignedGOT = HasELFSignedGOTHelper(F, STI);
8396
// TODO: skip functions that have no instrumented allocas for optimization
8497
IsMTETagged = F.hasFnAttribute(Attribute::SanitizeMemTag);
8598

llvm/lib/Target/AArch64/AArch64MachineFunctionInfo.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,11 @@ class AArch64FunctionInfo final : public MachineFunctionInfo {
177177
/// SignWithBKey modifies the default PAC-RET mode to signing with the B key.
178178
bool SignWithBKey = false;
179179

180+
/// HasELFSignedGOT is true if the target binary format is ELF and the IR
181+
/// module containing the corresponding function has "ptrauth-elf-got" flag
182+
/// set to 1.
183+
bool HasELFSignedGOT = false;
184+
180185
/// SigningInstrOffset captures the offset of the PAC-RET signing instruction
181186
/// within the prologue, so it can be re-used for authentication in the
182187
/// epilogue when using PC as a second salt (FEAT_PAuth_LR)
@@ -509,6 +514,8 @@ class AArch64FunctionInfo final : public MachineFunctionInfo {
509514

510515
bool shouldSignWithBKey() const { return SignWithBKey; }
511516

517+
bool hasELFSignedGOT() const { return HasELFSignedGOT; }
518+
512519
MCSymbol *getSigningInstrLabel() const { return SignInstrLabel; }
513520
void setSigningInstrLabel(MCSymbol *Label) { SignInstrLabel = Label; }
514521

0 commit comments

Comments
 (0)