Closed smithp35 closed 3 months ago
Shall we use GDAT(S) + A
? But that can be done after https://github.com/ARM-software/abi-aa/issues/217 has a concrete resolution.
I've just noticed that RAARCH64_AUTH_GOT_ADD_LO12_NC
also contains a typo - _
is missed after R
.
BTW, is there a corresponding non-auth reloc? I don't see R_AARCH64_GOT_ADD_LO12_NC
in https://github.com/ARM-software/abi-aa/blob/main/aaelf64/aaelf64.rst
I've just noticed that
RAARCH64_AUTH_GOT_ADD_LO12_NC
also contains a typo -_
is missed afterR
. BTW, is there a corresponding non-auth reloc? I don't seeR_AARCH64_GOT_ADD_LO12_NC
in https://github.com/ARM-software/abi-aa/blob/main/aaelf64/aaelf64.rst
I've updated to remove that relocation. I can't see anything it would be used for apart from calculating the address of a GOT slot, but user-code shouldn't be able to do that anyway and the compiler has other ways to do that if it needs to using the other relocations.
Shall we use
GDAT(S) + A
? But that can be done after #217 has a concrete resolution.
I've got an action to make an internal proposal for what to do about #217 this week.
@smithp35
I can't see anything it would be used for apart from calculating the address of a GOT slot, but user-code shouldn't be able to do that anyway
Is it actually true that we shouldn't be able to do that? According to the spec, address of the GOT entry is used as a modifier when signing the contents of the entry. The example code for accessing signed GOT entry includes this calculation (see https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#default-signing-schema):
adrp x8, :got_auth: symbol
add x8, x8, :got_auth_lo12: symbol
ldr x0, [x8]
// Authenticate to get unsigned pointer
autia x0, x8
If R_AARCH64_AUTH_GOT_ADD_LO12_NC
is removed, I suppose the code snippet should be changed correspondingly (not to include add
with :got_auth_lo12:
immediate). Personally, I feel that adrp
+add
is the most simple way to achieve the desired functionality, so the reloc should probably be left in the spec, just with the typo fixed. Please let me know if I miss smth and there is an easier way to re-implement the code block above.
@smithp35
I can't see anything it would be used for apart from calculating the address of a GOT slot, but user-code shouldn't be able to do that anyway
Is it actually true that we shouldn't be able to do that? According to the spec, address of the GOT entry is used as a modifier when signing the contents of the entry. The example code for accessing signed GOT entry includes this calculation (see https://github.com/ARM-software/abi-aa/blob/main/pauthabielf64/pauthabielf64.rst#default-signing-schema):
adrp x8, :got_auth: symbol add x8, x8, :got_auth_lo12: symbol ldr x0, [x8] // Authenticate to get unsigned pointer autia x0, x8
If
R_AARCH64_AUTH_GOT_ADD_LO12_NC
is removed, I suppose the code snippet should be changed correspondingly (not to includeadd
with:got_auth_lo12:
immediate). Personally, I feel thatadrp
+add
is the most simple way to achieve the desired functionality, so the reloc should probably be left in the spec, just with the typo fixed. Please let me know if I miss smth and there is an easier way to re-implement the code block above.
Thanks for reminding me, a lot of the rationale has fallen out of my memory in the time that it was first wrote. I agree with you and this is how the AArch64 PAC PLTs are implemented in LLD, albeit with just the calculation and not the relocation.
In this particular case there is no need to rename the relocation as the ABI only uses the LD64 and LD32 when there is a material difference in the relocation. The R_AARCH64_AUTH_GOT_ADD_LO12_NC
has no overflow check and would result
in bits [11:0] regardless of whether we were ILP32 and ILP64. The closest equivalent in the existing AAELF64 is R_<CLS>_ ADD_ABS_LO12_NC
.
I'll update to put the relocation back in as was, and add a note below to match the relocation with the operator :got_auth_lo12:
@smithp35 Thanks! Looks like there was some discrepancy in the particular implementation. Now everything fully matches.
Thanks for the confirmation. Merging.
As pointed out in https://github.com/ARM-software/abi-aa/issues/253 the R_AARCH64_AUTH_GOT_LO12_NC is meant to be the AUTH variant of R_AARCH64_LD64_GOT_LO12_NC. As there is also a R_AARCH64_LD32_GOT_LO12_NC relocation rename the relocation to R_AARCH64_LD64_AUTH_GOT_LO12_NC.
These relocations are in the appendix as we are currently expecting the GOT to be RELRO and unsigned in most signing schemas.