Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allocate e_flags for landing pad and shadow stack #395

Closed
wants to merge 1 commit into from
Closed

Allocate e_flags for landing pad and shadow stack #395

wants to merge 1 commit into from

Conversation

kito-cheng
Copy link
Collaborator

We didn't allocate bit for individual extension generally, but landing pad and (hardware) shadow stack will require dynamic linker to check all dependent DSOs, so it worth to allocate e_flags to those two speical extension.

EF_RISCV_CFI_LP means this binary has build with landing pad, but NOT required the platform has support Zicfilp extension, since Zicfilp is using hint instruction, so it can be safely execute without Zicfilp, dynamic linker will check all dependent DSOs has set this flag, and enable the landing pad checking if all DSOs has support.

EF_RISCV_CFI_SS means this binary requires the Zimop or Zicfiss extension, which is different than EF_RISCV_CFI_LP, because it's NOT using hint instruction, dynamic linker will check all dependent DSOs has set this flag, and enable the shadow stack if all DSOs has support, otherwise enable Zimop mode only.

NOTE: Zicfiss and Zicfilp are not frozen yet, this PR created for asking feedback and implement toolchain PoC

@kito-cheng
Allocate e_flags for landing pad and shadow stack
7101772 
We didn't allocate bit for individual extension generally, but landing
pad and (hardware) shadow stack will require dynamic linker to check all
dependent DSOs, so it worth to allocate e_flags to those two speical extension.

`EF_RISCV_CFI_LP` means this binary has build with landing pad, but
*NOT* required the platform has support Zicfilp extension, since
Zicfilp is using hint instruction, so it can be safely execute without
Zicfilp, dynamic linker will check all dependent DSOs has set this flag,
and enable the landing pad checking if all DSOs has support.

`EF_RISCV_CFI_SS` means this binary requires the Zimop or Zicfiss
extension, which is different than `EF_RISCV_CFI_LP`, because it's
*NOT* using hint instruction, dynamic linker will check all dependent DSOs has
set this flag, and enable the shadow stack if all DSOs has support,
otherwise enable Zimop mode only.
jrtc27
jrtc27 requested changes Aug 16, 2023
View reviewed changes
Copy link
Collaborator

@jrtc27 jrtc27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why? Attributes can encode that. They’re not fundamental ABI decisions. X86 and AArch64 don’t use e_flags. e_flags is for core ABI compatibility differences that mean you use a different set of libraries.

@kito-cheng
Copy link
Collaborator Author

Yes, attribute can encoding that, however the parsing overhead are relative high compare to e_flags, and that will check when start every program with dynamic linker, so I think it might be worth to add it into e_flags to speed up this process, maybe it's time to make attribute section SHF_ALLOC. (#386)

Just note, checked with AArch64 / X86, they are using GNU property to mark the binary has using BTI / CET.

@jrtc27
Copy link
Collaborator

jrtc27 commented Aug 17, 2023

Yes, they are using GNU property, which is extensible, not e_flags, which is a tiny consumable resource. So please don't use e_flags.

@jrtc27
Copy link
Collaborator

jrtc27 commented Aug 17, 2023

That is, if you don't want it in .riscv.attributes, put it in another note, but don't put it in e_flags.

@kito-cheng
Copy link
Collaborator Author

kito-cheng commented Aug 17, 2023
edited
Loading

Yeah, I am thinking we might introduce property*, and we can position the two such that the Attribute is for the static linker, while the property carries information for the dynamic linker.

* I try to prevent called it GNU property as possible since I don't want to make psABI seems like GNU-ish.

@MaskRay
Copy link
Collaborator

MaskRay commented Aug 17, 2023
edited
Loading

e_flags bits are a scarce resource and I agree that we should be careful when allocating new bits. I think .note.gnu.property is probably the best choice for landing pad and shadow stack (prior art: GNU_PROPERTY_X86_FEATURE_1_SHSTK for x86).

Link editors that support Arm BTI/PAC and Intel CET already have code decoding .note.gnu.property, and it would be convenient to extend the support for RISC-V. There is very little parsing overhead.

@kito-cheng
Copy link
Collaborator Author

Moving to program property: #417

@kito-cheng kito-cheng closed this Feb 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrtc27 jrtc27 jrtc27 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kito-cheng @jrtc27 @MaskRay