diff options
| author | Tamas Petz <tamas.petz@arm.com> | 2020-02-24 14:15:25 +0100 |
|---|---|---|
| committer | Ryan Prichard <rprichard@google.com> | 2020-09-23 17:53:28 -0700 |
| commit | 8d55d1872a6c7f850a13c59ddaedc813d0bc7e26 (patch) | |
| tree | 7dc4c724e876d855ce8d1117721566afa4373be8 /linker/linker_main.cpp | |
| parent | 0a12075ca48c9bf6fc1a68c0446ac000c07afb42 (diff) | |
Enable BTI in bionic linker
This patch adds support to load BTI-enabled objects.
According to the ABI, BTI is recorded in the .note.gnu.property section.
The new parser evaluates the property section, if exists.
It searches for .note section with NT_GNU_PROPERTY_TYPE_0.
Once found it tries to find GNU_PROPERTY_AARCH64_FEATURE_1_AND.
The results are cached.
The main change in linker is when protection of loaded ranges gets
applied. When BTI is requested and the platform also supports it
the prot flags have to be amended with PROT_BTI for executable ranges.
Failing to add PROT_BTI flag would disable BTI protection.
Moreover, adding the new PROT flag for shared objects without BTI
compatibility would break applications.
Kernel does not add PROT_BTI to a loaded ELF which has interpreter.
Linker handles this case too.
Test: 1. Flame boots
2. Tested on FVP with BTI enabled
Change-Id: Iafdf223b74c6e75d9f17ca90500e6fe42c4c1218
Diffstat (limited to 'linker/linker_main.cpp')
| -rw-r--r-- | linker/linker_main.cpp | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/linker/linker_main.cpp b/linker/linker_main.cpp index 41bb4baee..aad8f6f6f 100644 --- a/linker/linker_main.cpp +++ b/linker/linker_main.cpp @@ -297,6 +297,13 @@ static ExecutableInfo load_executable(const char* orig_path) { return result; } +static void platform_properties_init() { +#if defined(__aarch64__) + const unsigned long hwcap2 = getauxval(AT_HWCAP2); + g_platform_properties.bti_supported = (hwcap2 & HWCAP2_BTI) != 0; +#endif +} + static ElfW(Addr) linker_main(KernelArgumentBlock& args, const char* exe_to_load) { ProtectedDataGuard guard; @@ -311,6 +318,9 @@ static ElfW(Addr) linker_main(KernelArgumentBlock& args, const char* exe_to_load // Initialize system properties __system_properties_init(); // may use 'environ' + // Initialize platform properties. + platform_properties_init(); + // Register the debuggerd signal handler. linker_debuggerd_init(); @@ -381,6 +391,20 @@ static ElfW(Addr) linker_main(KernelArgumentBlock& args, const char* exe_to_load solinker->set_realpath(interp); init_link_map_head(*solinker); +#if defined(__aarch64__) + if (exe_to_load == nullptr) { + // Kernel does not add PROT_BTI to executable pages of the loaded ELF. + // Apply appropriate protections here if it is needed. + auto note_gnu_property = GnuPropertySection(somain); + if (note_gnu_property.IsBTICompatible() && + (phdr_table_protect_segments(somain->phdr, somain->phnum, somain->load_bias, + ¬e_gnu_property) < 0)) { + __linker_error("error: can't protect segments for \"%s\": %s", exe_info.path.c_str(), + strerror(errno)); + } + } +#endif + // Register the main executable and the linker upfront to have // gdb aware of them before loading the rest of the dependency // tree. |